Edit tour
Windows
Analysis Report
CY SEC AUDIT PLAN 2025.docx.doc
Overview
General Information
| Sample name: | CY SEC AUDIT PLAN 2025.docx.doc |
| Analysis ID: | 1587391 |
| MD5: | 0ffd99b46024863228e14efea8265ff2 |
| SHA1: | 274b3cdab333bce3309d7444b2cb82fd7c0b1926 |
| SHA256: | 896ddb35cde29b51ec5cf0da0197605d5fd754c1f9f45e97d40cd287fb5a2d25 |
| Tags: | aptdocSidewinderuser-smica83 |
| Infos: |   |
 | |
Detection
| Score: | 64 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Contains an external reference to another file
Office viewer loads remote template
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Yara signature match
Classification
- System is w11x64_office
WINWORD.EXE (PID: 7628 cmdline: "C:\Progra m Files\Mi crosoft Of fice\Root\ Office16\W INWORD.EXE " /Automat ion -Embed ding MD5: A9F0EC89897AC6C878D217DFB64CA752) 
FLTLDR.EXE (PID: 7852 cmdline: "C:\Progra m Files\Mi crosoft Of fice\root\ vfs\Progra mFilesComm onX64\Micr osoft Shar ed\Office1 6\FLTLDR.E XE" C:\Pro gram Files \Common Fi les\Micros oft Shared \GRPHFLT\J PEGIM32.FL T MD5: 036423B15211CC7D2E83A271709049F6) - FLTLDR.EXE (PID: 8184 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\root\ vfs\Progra mFilesComm onX64\Micr osoft Shar ed\Office1 6\FLTLDR.E XE" C:\Pro gram Files \Common Fi les\Micros oft Shared \GRPHFLT\J PEGIM32.FL T MD5: 036423B15211CC7D2E83A271709049F6) - FLTLDR.EXE (PID: 4456 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\root\ vfs\Progra mFilesComm onX64\Micr osoft Shar ed\Office1 6\FLTLDR.E XE" C:\Pro gram Files \Common Fi les\Micros oft Shared \GRPHFLT\J PEGIM32.FL T MD5: 036423B15211CC7D2E83A271709049F6)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| INDICATOR_OLE_RemoteTemplate | Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents | ditekSHen |
|
System Summary |   |
|---|
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T10:30:25.385343+0100 | 2055129 | 1 | A Network Trojan was detected | 151.236.12.150 | 443 | 192.168.2.24 | 49746 | TCP |
| 2025-01-10T10:30:29.309410+0100 | 2055129 | 1 | A Network Trojan was detected | 151.236.12.150 | 443 | 192.168.2.24 | 49752 | TCP |
| 2025-01-10T10:30:35.065073+0100 | 2055129 | 1 | A Network Trojan was detected | 151.236.12.150 | 443 | 192.168.2.24 | 49763 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T10:30:25.384196+0100 | 2033858 | 1 | Malware Command and Control Activity Detected | 192.168.2.24 | 49746 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:29.308344+0100 | 2033858 | 1 | Malware Command and Control Activity Detected | 192.168.2.24 | 49752 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:35.064526+0100 | 2033858 | 1 | Malware Command and Control Activity Detected | 192.168.2.24 | 49763 | 151.236.12.150 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T10:30:24.195859+0100 | 2055080 | 1 | Malware Command and Control Activity Detected | 192.168.2.24 | 49745 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:28.193838+0100 | 2055080 | 1 | Malware Command and Control Activity Detected | 192.168.2.24 | 49751 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:33.933417+0100 | 2055080 | 1 | Malware Command and Control Activity Detected | 192.168.2.24 | 49759 | 151.236.12.150 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T10:30:25.384196+0100 | 1810004 | 1 | Potentially Bad Traffic | 192.168.2.24 | 49746 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:29.308344+0100 | 1810004 | 1 | Potentially Bad Traffic | 192.168.2.24 | 49752 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:35.064526+0100 | 1810004 | 1 | Potentially Bad Traffic | 192.168.2.24 | 49763 | 151.236.12.150 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T10:30:31.732689+0100 | 1810005 | 1 | Potentially Bad Traffic | 192.168.2.24 | 49755 | 151.236.12.150 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Initial sample: | ||
Persistence and Installation Behavior | |
|---|
| Source: | Extracted files from sample: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 3 Exploitation for Client Execution | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 5% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| paknavy.modpak.live | 151.236.12.150 | true | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 151.236.12.150 | paknavy.modpak.live | European Union | 57169 | EDIS-AS-EUAT | true |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1587391 |
| Start date and time: | 2025-01-10 10:29:15 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 9s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09 |
| Run name: | Potential for more IOCs and behavior |
| Number of analysed new started processes analysed: | 21 |
| Number of new started drivers analysed: | 1 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | CY SEC AUDIT PLAN 2025.docx.doc |
| Detection: | MAL |
| Classification: | mal64.evad.winDOC@8/7@1/1 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, sppsvc.exe, RuntimeBroker.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.109.89.119, 52.113.194.132, 52.109.89.19, 20.189.173.28, 95.100.110.68, 95.100.110.78, 2.23.240.50, 95.100.110.74, 95.100.110.77, 52.111.236.34, 52.111.236.35, 52.111.236.33, 52.111.236.32, 20.190.159.75, 52.149.20.212
- Excluded domains from analysis (whitelisted): e1324.dscd.akamaiedge.net, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, templatesmetadata.office.net.edgekey.net, weu-azsc-000.roaming.officeapps.live.com, weu-azsc-config.officeapps.live.com, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, osiprod-weu-bronze-azsc-000.westeurope.cloudapp.azure.com, onedscolprdwus18.westus.cloudapp.azure.com, login.live.com, officeclient.microsoft.com, templatesmetadata.office.net, c.pki.goog, res-1-tls.cdn.office.net, ecs.office.com, e40491.dscg.akamaiedge.net, client.wns.windows.com, prod.configsvc1.live.com.akadns.net, uci.cdn.office.net, ctldl.windowsupdate.com, weu-azsc-000.odc.officeapps.live.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, x1.c.lencr.org, e26769.d
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetValueKey calls found.
⊘No simulations
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| EDIS-AS-EUAT | Get hash | malicious | FormBook, PureLog Stealer | Browse |
| |
| Get hash | malicious | BumbleBee | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | ORPCBackdoor | Browse |
| ||
| Get hash | malicious | ORPCBackdoor | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, Eternity Stealer, LummaC Stealer, SmokeLoader, Stealc, zgRAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 258a5a1e95b8a911872bae9081526644 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
| Process: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50 |
| Entropy (8bit): | 4.46146788019945 |
| Encrypted: | false |
| SSDEEP: | 3:wcek9LRAlxkAMvtEKb:wJcexJC |
| MD5: | A471D39C02EE8428702B468C843C62E3 |
| SHA1: | 91E6F53C4DCE4D7822F120DA20A75113E5A7DCED |
| SHA-256: | 0C9A8CE9516EDB686FAF2BEE4BD9DC3285207031FE5F2F742ACCF4A525518D8E |
| SHA-512: | 806DD530CE299B765554BB6AE827506D63B9D8A24294DF4E827CA8B808894C2B8845009239F80282F522177DE483D95099E74EF797E6F3B15A2B54F92DFFC03B |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50 |
| Entropy (8bit): | 4.46146788019945 |
| Encrypted: | false |
| SSDEEP: | 3:wcek9LRAlxkAMvtEKb:wJcexJC |
| MD5: | A471D39C02EE8428702B468C843C62E3 |
| SHA1: | 91E6F53C4DCE4D7822F120DA20A75113E5A7DCED |
| SHA-256: | 0C9A8CE9516EDB686FAF2BEE4BD9DC3285207031FE5F2F742ACCF4A525518D8E |
| SHA-512: | 806DD530CE299B765554BB6AE827506D63B9D8A24294DF4E827CA8B808894C2B8845009239F80282F522177DE483D95099E74EF797E6F3B15A2B54F92DFFC03B |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50 |
| Entropy (8bit): | 4.46146788019945 |
| Encrypted: | false |
| SSDEEP: | 3:wcek9LRAlxkAMvtEKb:wJcexJC |
| MD5: | A471D39C02EE8428702B468C843C62E3 |
| SHA1: | 91E6F53C4DCE4D7822F120DA20A75113E5A7DCED |
| SHA-256: | 0C9A8CE9516EDB686FAF2BEE4BD9DC3285207031FE5F2F742ACCF4A525518D8E |
| SHA-512: | 806DD530CE299B765554BB6AE827506D63B9D8A24294DF4E827CA8B808894C2B8845009239F80282F522177DE483D95099E74EF797E6F3B15A2B54F92DFFC03B |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1972021 |
| Entropy (8bit): | 7.997709625401924 |
| Encrypted: | true |
| SSDEEP: | 49152:J6rtadz2C+4yzr0Yd06K/73dIyP1ccVxb+6gFGbnF+JwN0:J6rtasCby3Td0F/znP1ccVxS64hw2 |
| MD5: | 901ABC1F307449EFC6BF2A6CDDF72453 |
| SHA1: | 284074051D885C914CEF0FB69CFEE71C6AC68150 |
| SHA-256: | D708DCBF527F7F78394A77AB8C53A88C0B1A1A2E97C65BDAE9191F21C41D9155 |
| SHA-512: | 7DEA8CCBA547C331C6A9000D48F3FBE2F2247C04017CEA2687547DC0B624C86F65C6110E0514CB9F3E0A7574E36A44B8DC575F89E0A55546B501DB8E4094E764 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 162 |
| Entropy (8bit): | 2.97061493873519 |
| Encrypted: | false |
| SSDEEP: | 3:blRmMdNcYcYAXNlim/D6n/JAbJx0:bzmMdNrcYQe/ec |
| MD5: | 893420D5F1B5EC4C73F722822FB77193 |
| SHA1: | ACC8EF696994DAF70513D8D03C2A2CF93F5A419D |
| SHA-256: | B7DB424C31CEE051925BEFBD6B8260D9F58561077516BC6AEE7C3171EF5A9D22 |
| SHA-512: | 63D83EE9900ADC2D8DDF99D3B8CA2E4EC4F59DEE5C595E90BF4507B8F909EEA77D437973D753D8D21DB55E65273F85B8EA1E70123CF95B7AB22E932EDCAC29E9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | modified |
| Size (bytes): | 1972021 |
| Entropy (8bit): | 7.997709625401924 |
| Encrypted: | true |
| SSDEEP: | 49152:J6rtadz2C+4yzr0Yd06K/73dIyP1ccVxb+6gFGbnF+JwN0:J6rtasCby3Td0F/znP1ccVxS64hw2 |
| MD5: | 901ABC1F307449EFC6BF2A6CDDF72453 |
| SHA1: | 284074051D885C914CEF0FB69CFEE71C6AC68150 |
| SHA-256: | D708DCBF527F7F78394A77AB8C53A88C0B1A1A2E97C65BDAE9191F21C41D9155 |
| SHA-512: | 7DEA8CCBA547C331C6A9000D48F3FBE2F2247C04017CEA2687547DC0B624C86F65C6110E0514CB9F3E0A7574E36A44B8DC575F89E0A55546B501DB8E4094E764 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.999360600967597 |
| TrID: |
|
| File name: | CY SEC AUDIT PLAN 2025.docx.doc |
| File size: | 1'960'592 bytes |
| MD5: | 0ffd99b46024863228e14efea8265ff2 |
| SHA1: | 274b3cdab333bce3309d7444b2cb82fd7c0b1926 |
| SHA256: | 896ddb35cde29b51ec5cf0da0197605d5fd754c1f9f45e97d40cd287fb5a2d25 |
| SHA512: | 819bace97bb8ce37ba1363c41de64cf8ef0a540fb6030e9e4e8ae33d37c4faef1aa259fd4f249db4fde88131f3182d676571a75439ef01ff93da987a3025268d |
| SSDEEP: | 49152:esrY5SuN+iq8yNk7xwyLriiPilI19jCcFcTnSMhqNRZ:9rDiByiwy1cI19jCE2qPZ |
| TLSH: | 7A9533F1890BEF739B5B553810E75758DE3A086B3C0536AA2F7039F25B1499E4B3229C |
| File Content Preview: | PK.........`)Z........N......._rels/.rels...j.0.@......Q....N/c......[IL...j...<...].aG.....zs.Fu..]...U......^.[..x.....1x.p.....f..#I)...Y.............*D....i")..c$...qU...~3..1..jH[{..=E......~.f?..3-.....].T...2.j).,.l0/%..b.......z......,..../.|f\.Z. |
 | |
| Icon Hash: | 35e1cc889a8a8599 |
| Document Type: | OpenXML |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | |
| Encrypted Document: | False |
| Contains Word Document Stream: | True |
| Contains Workbook/Book Stream: | False |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | False |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-10T10:30:24.195859+0100 | 2055080 | ET MALWARE TA399/Sidewinder Activity Payload Request M3, Microsoft Word UA Request for .rtf | 1 | 192.168.2.24 | 49745 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:25.384196+0100 | 1810004 | Joe Security ANOMALY Microsoft Office HTTP activity | 1 | 192.168.2.24 | 49746 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:25.384196+0100 | 2033858 | ET MALWARE TA399/Sidewinder Activity Payload Request M2, Microsoft Office UA Request for .rtf | 1 | 192.168.2.24 | 49746 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:25.385343+0100 | 2055129 | ET MALWARE Possible TA399/SideWinder Related Empty .rtf Inbound | 1 | 151.236.12.150 | 443 | 192.168.2.24 | 49746 | TCP |
| 2025-01-10T10:30:28.193838+0100 | 2055080 | ET MALWARE TA399/Sidewinder Activity Payload Request M3, Microsoft Word UA Request for .rtf | 1 | 192.168.2.24 | 49751 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:29.308344+0100 | 1810004 | Joe Security ANOMALY Microsoft Office HTTP activity | 1 | 192.168.2.24 | 49752 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:29.308344+0100 | 2033858 | ET MALWARE TA399/Sidewinder Activity Payload Request M2, Microsoft Office UA Request for .rtf | 1 | 192.168.2.24 | 49752 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:29.309410+0100 | 2055129 | ET MALWARE Possible TA399/SideWinder Related Empty .rtf Inbound | 1 | 151.236.12.150 | 443 | 192.168.2.24 | 49752 | TCP |
| 2025-01-10T10:30:31.732689+0100 | 1810005 | Joe Security ANOMALY Microsoft Office WebDAV Discovery | 1 | 192.168.2.24 | 49755 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:33.933417+0100 | 2055080 | ET MALWARE TA399/Sidewinder Activity Payload Request M3, Microsoft Word UA Request for .rtf | 1 | 192.168.2.24 | 49759 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:35.064526+0100 | 1810004 | Joe Security ANOMALY Microsoft Office HTTP activity | 1 | 192.168.2.24 | 49763 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:35.064526+0100 | 2033858 | ET MALWARE TA399/Sidewinder Activity Payload Request M2, Microsoft Office UA Request for .rtf | 1 | 192.168.2.24 | 49763 | 151.236.12.150 | 443 | TCP |
| 2025-01-10T10:30:35.065073+0100 | 2055129 | ET MALWARE Possible TA399/SideWinder Related Empty .rtf Inbound | 1 | 151.236.12.150 | 443 | 192.168.2.24 | 49763 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 10:30:21.666868925 CET | 49744 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:21.666909933 CET | 443 | 49744 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:21.666979074 CET | 49744 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:21.667339087 CET | 49744 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:21.667356968 CET | 443 | 49744 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:22.365885019 CET | 443 | 49744 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:22.366158962 CET | 49744 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:22.367985964 CET | 49744 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:22.368010044 CET | 443 | 49744 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:22.368436098 CET | 443 | 49744 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:22.369247913 CET | 49744 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:22.411328077 CET | 443 | 49744 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:22.779932976 CET | 443 | 49744 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:22.780877113 CET | 443 | 49744 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:22.784327030 CET | 49744 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:22.848083973 CET | 49744 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:22.848121881 CET | 443 | 49744 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:23.069072962 CET | 49745 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:23.069148064 CET | 443 | 49745 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:23.069263935 CET | 49745 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:23.082281113 CET | 49745 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:23.082331896 CET | 443 | 49745 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:23.770438910 CET | 443 | 49745 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:23.771200895 CET | 49745 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:23.771262884 CET | 443 | 49745 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:23.771761894 CET | 49745 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:23.771775961 CET | 443 | 49745 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:24.195916891 CET | 443 | 49745 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:24.196166992 CET | 49745 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:24.196167946 CET | 49745 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:24.196239948 CET | 443 | 49745 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:24.196275949 CET | 443 | 49745 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:24.196412086 CET | 443 | 49745 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:24.238593102 CET | 49746 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:24.238627911 CET | 443 | 49746 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:24.238720894 CET | 49746 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:24.240633965 CET | 49746 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:24.240648985 CET | 443 | 49746 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:24.931410074 CET | 443 | 49746 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:24.931540012 CET | 49746 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:24.933450937 CET | 49746 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:24.933460951 CET | 443 | 49746 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:24.934909105 CET | 443 | 49746 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:24.934997082 CET | 49746 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:24.938827991 CET | 49746 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:24.938913107 CET | 443 | 49746 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:24.938973904 CET | 49746 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:24.938980103 CET | 443 | 49746 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:24.939172029 CET | 49746 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:24.941584110 CET | 49746 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:24.983344078 CET | 443 | 49746 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:25.384264946 CET | 443 | 49746 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:25.384924889 CET | 49746 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:25.384943008 CET | 443 | 49746 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:25.385057926 CET | 443 | 49746 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:25.385188103 CET | 49746 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:25.409761906 CET | 49746 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:25.409786940 CET | 443 | 49746 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:25.730799913 CET | 49748 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:25.730844975 CET | 443 | 49748 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:25.730923891 CET | 49748 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:25.735236883 CET | 49748 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:25.735259056 CET | 443 | 49748 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:25.939218998 CET | 49749 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:25.939335108 CET | 443 | 49749 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:25.939429045 CET | 49749 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:25.940104961 CET | 49749 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:25.940140963 CET | 443 | 49749 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:26.423063040 CET | 443 | 49748 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:26.423134089 CET | 49748 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:26.424751997 CET | 49748 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:26.424781084 CET | 443 | 49748 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:26.425318003 CET | 443 | 49748 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:26.425384998 CET | 49748 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:26.426228046 CET | 49748 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:26.426331043 CET | 49748 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:26.426333904 CET | 443 | 49748 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:26.426388979 CET | 49748 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:26.467330933 CET | 443 | 49748 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:26.629945993 CET | 443 | 49749 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:26.630796909 CET | 49749 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:26.630860090 CET | 443 | 49749 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:26.631309986 CET | 49749 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:26.631324053 CET | 443 | 49749 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:26.847172022 CET | 443 | 49748 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:26.847243071 CET | 49748 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:26.847292900 CET | 443 | 49748 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:26.847342968 CET | 443 | 49748 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:26.847352982 CET | 49748 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:26.847387075 CET | 49748 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:26.847387075 CET | 49748 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:26.847404003 CET | 443 | 49748 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:27.048024893 CET | 443 | 49749 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:27.048121929 CET | 443 | 49749 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:27.049232960 CET | 49749 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:27.049371004 CET | 49749 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:27.052697897 CET | 49751 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:27.052731037 CET | 443 | 49751 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:27.053046942 CET | 49751 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:27.053046942 CET | 49751 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:27.053081036 CET | 443 | 49751 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:27.774308920 CET | 443 | 49751 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:27.774924994 CET | 49751 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:27.774960041 CET | 443 | 49751 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:27.777381897 CET | 49751 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:27.777390957 CET | 443 | 49751 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:28.193914890 CET | 443 | 49751 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:28.194103003 CET | 49751 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:28.194132090 CET | 443 | 49751 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:28.194149017 CET | 49751 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:28.194160938 CET | 443 | 49751 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:28.194170952 CET | 443 | 49751 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:28.194281101 CET | 49751 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:28.202296972 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:28.202330112 CET | 443 | 49752 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:28.202399015 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:28.203608036 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:28.203623056 CET | 443 | 49752 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:28.886686087 CET | 443 | 49752 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:28.886790991 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:28.889142036 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:28.889148951 CET | 443 | 49752 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:28.890306950 CET | 443 | 49752 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:28.890357018 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:28.891379118 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:28.891458035 CET | 443 | 49752 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:28.891505957 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:28.891578913 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:28.935322046 CET | 443 | 49752 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:29.308362961 CET | 443 | 49752 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:29.308499098 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:29.308516026 CET | 443 | 49752 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:29.308775902 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:29.309005022 CET | 443 | 49752 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:29.309154034 CET | 443 | 49752 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:29.309180975 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:29.309307098 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:29.309977055 CET | 49752 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:29.309989929 CET | 443 | 49752 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:29.427028894 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:29.427076101 CET | 443 | 49753 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:29.427350998 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:29.429765940 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:29.429780960 CET | 443 | 49753 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:29.461759090 CET | 49754 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:29.461793900 CET | 443 | 49754 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:29.465955019 CET | 49754 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:29.466161966 CET | 49754 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:29.466176033 CET | 443 | 49754 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.101049900 CET | 443 | 49753 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.101126909 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.102910995 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.102930069 CET | 443 | 49753 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.103440046 CET | 443 | 49753 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.103491068 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.104469061 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.104562998 CET | 443 | 49753 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.104574919 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.104600906 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.135483027 CET | 443 | 49754 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.136094093 CET | 49754 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.136111975 CET | 443 | 49754 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.136807919 CET | 49754 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.136812925 CET | 443 | 49754 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.147341967 CET | 443 | 49753 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.520946026 CET | 443 | 49753 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.521014929 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.521047115 CET | 443 | 49753 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.521074057 CET | 443 | 49753 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.521126986 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.521183968 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.521208048 CET | 443 | 49753 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.521228075 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.521255970 CET | 49753 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.547220945 CET | 443 | 49754 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.547486067 CET | 443 | 49754 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.547539949 CET | 49754 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.547874928 CET | 49754 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.547888041 CET | 443 | 49754 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.549909115 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.549951077 CET | 443 | 49755 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:30.550015926 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.551074982 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:30.551091909 CET | 443 | 49755 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:31.316981077 CET | 443 | 49755 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:31.317255020 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.318829060 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.318847895 CET | 443 | 49755 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:31.319355965 CET | 443 | 49755 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:31.319907904 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.320442915 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.320442915 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.320540905 CET | 443 | 49755 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:31.321162939 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.732841015 CET | 443 | 49755 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:31.732942104 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.732959032 CET | 443 | 49755 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:31.733014107 CET | 443 | 49755 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:31.734204054 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.734205008 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.734205008 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.734235048 CET | 443 | 49755 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:31.735975981 CET | 49755 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.738380909 CET | 49757 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.738461971 CET | 443 | 49757 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:31.738718033 CET | 49757 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.738944054 CET | 49757 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.738979101 CET | 443 | 49757 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:31.741358042 CET | 49758 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.741381884 CET | 443 | 49758 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:31.741720915 CET | 49758 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.741720915 CET | 49758 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:31.741753101 CET | 443 | 49758 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:32.424144983 CET | 443 | 49758 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:32.424928904 CET | 49758 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:32.424953938 CET | 443 | 49758 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:32.425673008 CET | 49758 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:32.425678015 CET | 443 | 49758 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:32.500622988 CET | 443 | 49757 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:32.501246929 CET | 49757 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:32.501279116 CET | 443 | 49757 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:32.501768112 CET | 49757 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:32.501780033 CET | 443 | 49757 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:32.839910984 CET | 443 | 49758 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:32.840467930 CET | 49758 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:32.843704939 CET | 49759 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:32.843748093 CET | 443 | 49759 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:32.843811989 CET | 49759 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:32.843986988 CET | 49759 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:32.844000101 CET | 443 | 49759 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:32.911952019 CET | 443 | 49757 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:32.912044048 CET | 443 | 49757 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:32.912091017 CET | 49757 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:32.912203074 CET | 49757 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:32.913419962 CET | 49761 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:32.913455009 CET | 443 | 49761 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:32.913513899 CET | 49761 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:32.913697004 CET | 49761 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:32.913710117 CET | 443 | 49761 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.513047934 CET | 443 | 49759 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.514516115 CET | 49759 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.514516115 CET | 49759 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.514537096 CET | 443 | 49759 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.514549017 CET | 443 | 49759 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.581307888 CET | 443 | 49761 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.582495928 CET | 49761 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.582496881 CET | 49761 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.582557917 CET | 443 | 49761 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.582601070 CET | 443 | 49761 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.933459997 CET | 443 | 49759 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.933554888 CET | 443 | 49759 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.934030056 CET | 49759 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.934091091 CET | 49759 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.934091091 CET | 49759 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.934113026 CET | 443 | 49759 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.934123993 CET | 443 | 49759 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.939358950 CET | 49763 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.939419031 CET | 443 | 49763 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.939799070 CET | 49763 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.941973925 CET | 49763 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.941994905 CET | 443 | 49763 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.991823912 CET | 443 | 49761 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.992018938 CET | 49761 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.992018938 CET | 49761 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.992063046 CET | 443 | 49761 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.992271900 CET | 443 | 49761 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.992316961 CET | 443 | 49761 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.996896029 CET | 49761 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.997796059 CET | 49764 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.997859001 CET | 443 | 49764 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:33.997925997 CET | 49764 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.998326063 CET | 49764 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:33.998339891 CET | 443 | 49764 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:34.632709980 CET | 443 | 49763 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:34.632796049 CET | 49763 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:34.634708881 CET | 49763 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:34.634721041 CET | 443 | 49763 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:34.635955095 CET | 443 | 49763 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:34.636012077 CET | 49763 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:34.637113094 CET | 49763 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:34.637296915 CET | 49763 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:34.637342930 CET | 443 | 49763 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:34.637398958 CET | 49763 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:34.682418108 CET | 443 | 49764 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:34.682486057 CET | 49764 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:34.684576988 CET | 49764 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:34.684597969 CET | 443 | 49764 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:34.685266972 CET | 443 | 49764 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:34.685930967 CET | 49764 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:34.727338076 CET | 443 | 49764 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:35.064626932 CET | 443 | 49763 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:35.064801931 CET | 443 | 49763 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:35.065383911 CET | 49763 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:35.066206932 CET | 49763 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:35.066251040 CET | 443 | 49763 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:35.100295067 CET | 443 | 49764 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:35.100482941 CET | 443 | 49764 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:35.101807117 CET | 49764 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:35.106117010 CET | 49764 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:35.106151104 CET | 443 | 49764 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:35.235655069 CET | 49767 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:35.235713005 CET | 443 | 49767 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:35.236201048 CET | 49767 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:35.237567902 CET | 49767 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:35.237595081 CET | 443 | 49767 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:35.921225071 CET | 443 | 49767 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:35.921382904 CET | 49767 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:35.922854900 CET | 49767 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:35.922882080 CET | 443 | 49767 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:35.924154997 CET | 443 | 49767 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:35.924455881 CET | 49767 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:35.925390005 CET | 49767 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:35.925390005 CET | 49767 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:35.925595999 CET | 443 | 49767 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:35.925719976 CET | 49767 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:36.339179993 CET | 443 | 49767 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:36.339257002 CET | 49767 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:36.339339018 CET | 443 | 49767 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:36.339387894 CET | 49767 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:36.339412928 CET | 443 | 49767 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:36.339416027 CET | 49767 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:36.339442968 CET | 443 | 49767 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:36.339462042 CET | 49767 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:38.122420073 CET | 49769 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:38.122468948 CET | 443 | 49769 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:38.122558117 CET | 49769 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:38.123431921 CET | 49769 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:38.123449087 CET | 443 | 49769 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:38.800837040 CET | 443 | 49769 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:38.800901890 CET | 49769 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:38.802577972 CET | 49769 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:38.802592039 CET | 443 | 49769 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:38.803837061 CET | 443 | 49769 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:38.803880930 CET | 49769 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:38.804969072 CET | 49769 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:38.805052996 CET | 49769 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:38.805167913 CET | 443 | 49769 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:38.805211067 CET | 49769 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:39.230469942 CET | 443 | 49769 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:39.230650902 CET | 443 | 49769 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:39.230772972 CET | 49769 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:39.232016087 CET | 49769 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:39.232016087 CET | 49769 | 443 | 192.168.2.24 | 151.236.12.150 |
| Jan 10, 2025 10:30:39.232031107 CET | 443 | 49769 | 151.236.12.150 | 192.168.2.24 |
| Jan 10, 2025 10:30:39.232083082 CET | 49769 | 443 | 192.168.2.24 | 151.236.12.150 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 10:30:21.655164003 CET | 62431 | 53 | 192.168.2.24 | 1.1.1.1 |
| Jan 10, 2025 10:30:21.666141033 CET | 53 | 62431 | 1.1.1.1 | 192.168.2.24 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 10:30:21.655164003 CET | 192.168.2.24 | 1.1.1.1 | 0x7969 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 10:30:21.666141033 CET | 1.1.1.1 | 192.168.2.24 | 0x7969 | No error (0) | 151.236.12.150 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.24 | 49744 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:22 UTC | 347 | OUT | |
| 2025-01-10 09:30:22 UTC | 232 | IN | |
| 2025-01-10 09:30:22 UTC | 196 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.24 | 49745 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:23 UTC | 337 | OUT | |
| 2025-01-10 09:30:24 UTC | 232 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.24 | 49746 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:24 UTC | 217 | OUT | |
| 2025-01-10 09:30:25 UTC | 205 | IN | |
| 2025-01-10 09:30:25 UTC | 8 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.24 | 49748 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:26 UTC | 240 | OUT | |
| 2025-01-10 09:30:26 UTC | 232 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.24 | 49749 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:26 UTC | 347 | OUT | |
| 2025-01-10 09:30:27 UTC | 232 | IN | |
| 2025-01-10 09:30:27 UTC | 196 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.24 | 49751 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:27 UTC | 337 | OUT | |
| 2025-01-10 09:30:28 UTC | 232 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.24 | 49752 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:28 UTC | 217 | OUT | |
| 2025-01-10 09:30:29 UTC | 205 | IN | |
| 2025-01-10 09:30:29 UTC | 8 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.24 | 49753 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:30 UTC | 240 | OUT | |
| 2025-01-10 09:30:30 UTC | 232 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.24 | 49754 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:30 UTC | 347 | OUT | |
| 2025-01-10 09:30:30 UTC | 232 | IN | |
| 2025-01-10 09:30:30 UTC | 196 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.24 | 49755 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:31 UTC | 250 | OUT | |
| 2025-01-10 09:30:31 UTC | 232 | IN | |
| 2025-01-10 09:30:31 UTC | 196 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.24 | 49758 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:32 UTC | 347 | OUT | |
| 2025-01-10 09:30:32 UTC | 232 | IN | |
| 2025-01-10 09:30:32 UTC | 196 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.24 | 49757 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:32 UTC | 399 | OUT | |
| 2025-01-10 09:30:32 UTC | 232 | IN | |
| 2025-01-10 09:30:32 UTC | 196 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.24 | 49759 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:33 UTC | 337 | OUT | |
| 2025-01-10 09:30:33 UTC | 232 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.24 | 49761 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:33 UTC | 125 | OUT | |
| 2025-01-10 09:30:33 UTC | 232 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.24 | 49763 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:34 UTC | 217 | OUT | |
| 2025-01-10 09:30:35 UTC | 205 | IN | |
| 2025-01-10 09:30:35 UTC | 8 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.24 | 49764 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:34 UTC | 342 | OUT | |
| 2025-01-10 09:30:35 UTC | 232 | IN | |
| 2025-01-10 09:30:35 UTC | 196 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.24 | 49767 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:35 UTC | 240 | OUT | |
| 2025-01-10 09:30:36 UTC | 232 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.24 | 49769 | 151.236.12.150 | 443 | 7628 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-10 09:30:38 UTC | 240 | OUT | |
| 2025-01-10 09:30:39 UTC | 232 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 1 |
| Start time: | 04:30:11 |
| Start date: | 10/01/2025 |
| Path: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff600c80000 |
| File size: | 1'637'952 bytes |
| MD5 hash: | A9F0EC89897AC6C878D217DFB64CA752 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | false |
| Target ID: | 3 |
| Start time: | 04:30:16 |
| Start date: | 10/01/2025 |
| Path: | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\FLTLDR.EXE |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff79baf0000 |
| File size: | 485'544 bytes |
| MD5 hash: | 036423B15211CC7D2E83A271709049F6 |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 04:30:25 |
| Start date: | 10/01/2025 |
| Path: | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\FLTLDR.EXE |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff79baf0000 |
| File size: | 485'544 bytes |
| MD5 hash: | 036423B15211CC7D2E83A271709049F6 |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 11 |
| Start time: | 04:30:34 |
| Start date: | 10/01/2025 |
| Path: | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\FLTLDR.EXE |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff79baf0000 |
| File size: | 485'544 bytes |
| MD5 hash: | 036423B15211CC7D2E83A271709049F6 |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
⊘No disassembly