Windows
Analysis Report
IMP 7527518303 2507294.docx.doc
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w11x64_office
WINWORD.EXE (PID: 7312 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Root\ Office16\W INWORD.EXE " /Automat ion -Embed ding MD5: A9F0EC89897AC6C878D217DFB64CA752)
- cleanup
Source: | Author: X__Junior (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-04-02T12:00:42.919911+0200 | 1810004 | 1 | Potentially Bad Traffic | 192.168.2.24 | 60838 | 172.67.144.140 | 443 | TCP |
2025-04-02T12:00:43.414685+0200 | 1810004 | 1 | Potentially Bad Traffic | 192.168.2.24 | 60840 | 216.9.224.185 | 80 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-04-02T12:00:40.599604+0200 | 1810005 | 1 | Potentially Bad Traffic | 192.168.2.24 | 60833 | 172.67.144.140 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | Extracted files from sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 3 Exploitation for Client Execution | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
14% | Virustotal | Browse | ||
17% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
a726.dscd.akamai.net | 23.219.161.152 | true | false | high | |
s-0005.dual-s-msedge.net | 52.123.129.14 | true | false | high | |
kuhlinks.de | 172.67.144.140 | true | false | high | |
185.224.9.216.in-addr.arpa | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.144.140 | kuhlinks.de | United States | 13335 | CLOUDFLARENETUS | false | |
216.9.224.185 | unknown | Reserved | 7018 | ATT-INTERNET4US | true |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1654507 |
Start date and time: | 2025-04-02 11:59:31 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | IMP 7527518303 2507294.docx.doc |
Detection: | MAL |
Classification: | mal60.evad.winDOC@2/4@2/2 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): dllhost.exe, sp psvc.exe, SystemSettingsBroker .exe, SIHClient.exe, appidcert storecheck.exe, conhost.exe, s vchost.exe - Excluded IPs from analysis (wh
itelisted): 52.109.20.38, 52.1 09.4.7, 52.182.143.211, 52.109 .8.36, 52.111.251.16, 52.111.2 51.18, 52.111.251.19, 52.111.2 51.17, 23.33.42.72, 23.33.42.7 6, 52.123.129.14, 40.126.24.14 6, 23.219.161.152, 20.109.210. 53 - Excluded domains from analysis
(whitelisted): us1.odcsm1.liv e.com.akadns.net, odc.officeap ps.live.com, slscr.update.micr osoft.com, scus-azsc-config.of ficeapps.live.com, templatesme tadata.office.net.edgekey.net, res-1.cdn.office.net, mobile. events.data.microsoft.com, pro d-canc-resolver.naturallanguag eeditorservice.osi.office.net. akadns.net, roaming.officeapps .live.com, dual-s-0005-office. config.skype.com, osiprod-cus- buff-azsc-000.centralus.clouda pp.azure.com, login.live.com, officeclient.microsoft.com, os iprod-eus2-bronze-azsc-000.eas tus2.cloudapp.azure.com, templ atesmetadata.office.net, c.pki .goog, ecs.office.com, prod.co nfigsvc1.live.com.akadns.net, ctldl.windowsupdate.com, prod- na.naturallanguageeditorservic e.osi.office.net.akadns.net, p rod.roaming1.live.com.akadns.n et, res-stls-prod.edgesuite.ne t, cus-azsc-000.roaming.office apps.live.com, fe3cr.delivery. mp.microsoft.com, us1.roaming1 .live.com.akadns.net, eus2-azs c-000.odc.officeapps.live.com, prod1.naturallanguageeditorse rvice.osi.office.net.akadns.ne t, n - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Report size getting too big, t
oo many NtSetValueKey calls fo und. - Some HTTP raw data packets hav
e been limited to 10 per sessi on. Please view the PCAPs for the complete data.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
172.67.144.140 | Get hash | malicious | Remcos, DBatLoader | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a726.dscd.akamai.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
kuhlinks.de | Get hash | malicious | Remcos, DBatLoader | Browse |
| |
s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Braodo | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer, PureLog Stealer | Browse |
| ||
Get hash | malicious | Amadey, LummaC Stealer | Browse |
| ||
Get hash | malicious | Amadey, LummaC Stealer | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
ATT-INTERNET4US | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
258a5a1e95b8a911872bae9081526644 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 213027 |
Entropy (8bit): | 7.948399481754145 |
Encrypted: | false |
SSDEEP: | 6144:WBRGkODAZzMhFeWcgtl9h7AZIDRNX3WpYT5+vq/3+:WBRGtIYhcHgtlT7AZgzX3WpYd+Cf+ |
MD5: | B2CFE4E497E5425F37473132A266CAEE |
SHA1: | EB82E689BC8BA6A7F9E3EFC41E7285EB55FE2932 |
SHA-256: | 41EEE7653732F460B1B8EAF06CE15171993B4161B748690462B7B5F7C2D74E92 |
SHA-512: | 6D214462ED92A12C28B26C2D41B4439252089AAF7ECA4C855EF6795214EBA0BCA322FEA4E050414814D59C191948C07AED53E60236BB98740A6CE3DA664A973F |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.995306296759881 |
Encrypted: | false |
SSDEEP: | 3:blRmMF/PZH/bji/fl0/+KBJliE9DxV:bzmMW/6/+Slf9P |
MD5: | 9E120176582E3EA25644F0FB8DB76AB8 |
SHA1: | 1E8EF22465F0C2389DA68098DDAEC62F0503D45E |
SHA-256: | FA1D701EE83AFB14841553BB5715B3057A0B6B664CC3912534B3F17AC0C965C7 |
SHA-512: | F426D8613414550ECD3251D9E50FC4F1F703BB15BC9D96E4A74A7E969E039769985ECDC0617756FE85DEA07B793D05070AA9F7B3EC7C04280F2F54A9DE123FDD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 213027 |
Entropy (8bit): | 7.948399481754145 |
Encrypted: | false |
SSDEEP: | 6144:WBRGkODAZzMhFeWcgtl9h7AZIDRNX3WpYT5+vq/3+:WBRGtIYhcHgtlT7AZgzX3WpYd+Cf+ |
MD5: | B2CFE4E497E5425F37473132A266CAEE |
SHA1: | EB82E689BC8BA6A7F9E3EFC41E7285EB55FE2932 |
SHA-256: | 41EEE7653732F460B1B8EAF06CE15171993B4161B748690462B7B5F7C2D74E92 |
SHA-512: | 6D214462ED92A12C28B26C2D41B4439252089AAF7ECA4C855EF6795214EBA0BCA322FEA4E050414814D59C191948C07AED53E60236BB98740A6CE3DA664A973F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.99456518308567 |
TrID: |
|
File name: | IMP 7527518303 2507294.docx.doc |
File size: | 198'372 bytes |
MD5: | c8675988aa2bc47338861b4d62aa517d |
SHA1: | 67366589c5fbfa1153aa10a3d06b88d12719cdca |
SHA256: | 315b8754f30097fb04f76e09719a8415c53103a8c8abd6c7e988a918a2791476 |
SHA512: | 9ba648f7362f74b44c0a752af1d8ff96859bf6da820e3e5503a51548e1864b17c3783aec66017ad29d9e632793a6613c386f84b03fc6fa14b00001ca74d775b2 |
SSDEEP: | 3072:s3+eKSeRCX3Wp5STIrGvy3KJorM/+nKiTXcN7H4siQvIOKDS5QZV:s3peoX3WpYTvHqrM/jiTXgxvYeIV |
TLSH: | 6814227A523161D6CF6A05B11585CFAC5649402E28053AEBEF3067CFCCFBA7D5E79880 |
File Content Preview: | PK........BX.Z................[Content_Types].xmlUT...Y..gY..gY..g.VKk.@......^..v....9..1.4.....Z./v&...;k9..Tr.._$..{.c.]\..-^ .....j&..M...j.....".$....C-6..jy.i......=..#._........<G...".L+.U..V /f......SI.C,.wl ....Jt.......lC ...b:Q\..,]...5."6._.~' |
Icon Hash: | 35e1cc889a8a8599 |
Document Type: | OpenXML |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-04-02T12:00:40.599604+0200 | 1810005 | Joe Security ANOMALY Microsoft Office WebDAV Discovery | 1 | 192.168.2.24 | 60833 | 172.67.144.140 | 443 | TCP |
2025-04-02T12:00:42.919911+0200 | 1810004 | Joe Security ANOMALY Microsoft Office HTTP activity | 1 | 192.168.2.24 | 60838 | 172.67.144.140 | 443 | TCP |
2025-04-02T12:00:43.414685+0200 | 1810004 | Joe Security ANOMALY Microsoft Office HTTP activity | 1 | 192.168.2.24 | 60840 | 216.9.224.185 | 80 | TCP |
- Total Packets: 131
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 12:00:38.853153944 CEST | 60832 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:38.853197098 CEST | 443 | 60832 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:38.853286028 CEST | 60832 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:38.853828907 CEST | 60832 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:38.853838921 CEST | 443 | 60832 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.084008932 CEST | 443 | 60832 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.084631920 CEST | 60832 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.086549997 CEST | 60832 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.086561918 CEST | 443 | 60832 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.086813927 CEST | 443 | 60832 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.087825060 CEST | 60832 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.128278971 CEST | 443 | 60832 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.661459923 CEST | 443 | 60832 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.661554098 CEST | 443 | 60832 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.661628962 CEST | 60832 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.662909985 CEST | 60832 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.662931919 CEST | 443 | 60832 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.690762997 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.690800905 CEST | 443 | 60833 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.690880060 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.692805052 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.692812920 CEST | 443 | 60833 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.961561918 CEST | 443 | 60833 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.961777925 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.963179111 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.963185072 CEST | 443 | 60833 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.964215040 CEST | 443 | 60833 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.964334965 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.965614080 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.965671062 CEST | 443 | 60833 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.965732098 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.965735912 CEST | 443 | 60833 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:39.965779066 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:39.968780994 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:40.016274929 CEST | 443 | 60833 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:40.599621058 CEST | 443 | 60833 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:40.599719048 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:40.599731922 CEST | 443 | 60833 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:40.599772930 CEST | 443 | 60833 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:40.599783897 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:40.599814892 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:40.604208946 CEST | 60833 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:40.604227066 CEST | 443 | 60833 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:40.624747992 CEST | 60834 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:40.624802113 CEST | 443 | 60834 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:40.624939919 CEST | 60834 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:40.625432014 CEST | 60834 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:40.625442028 CEST | 443 | 60834 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:40.898474932 CEST | 443 | 60834 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:40.900243998 CEST | 60834 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:40.900306940 CEST | 443 | 60834 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:40.900712013 CEST | 60834 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:40.900727034 CEST | 443 | 60834 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:41.553364992 CEST | 443 | 60834 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:41.553443909 CEST | 443 | 60834 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:41.553508997 CEST | 60834 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:41.554408073 CEST | 60834 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:41.554408073 CEST | 60834 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:41.554454088 CEST | 443 | 60834 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:41.554486036 CEST | 443 | 60834 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:41.560941935 CEST | 60836 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:41.830055952 CEST | 80 | 60836 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:41.830141068 CEST | 60836 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:41.830538034 CEST | 60836 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:42.086951971 CEST | 80 | 60836 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:42.136091948 CEST | 60836 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:42.155586004 CEST | 60838 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:42.155602932 CEST | 443 | 60838 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:42.155658007 CEST | 60838 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:42.157167912 CEST | 60838 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:42.157177925 CEST | 443 | 60838 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:42.356759071 CEST | 443 | 60838 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:42.356863976 CEST | 60838 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:42.358457088 CEST | 60838 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:42.358469009 CEST | 443 | 60838 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:42.358800888 CEST | 443 | 60838 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:42.358853102 CEST | 60838 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:42.359623909 CEST | 60838 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:42.359687090 CEST | 443 | 60838 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:42.359736919 CEST | 60838 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:42.359854937 CEST | 60838 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:42.400274992 CEST | 443 | 60838 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:42.919908047 CEST | 443 | 60838 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:42.920037985 CEST | 443 | 60838 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:42.920106888 CEST | 60838 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:42.921897888 CEST | 60838 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:42.921916962 CEST | 443 | 60838 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:42.923511028 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.166501045 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.166635036 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.166783094 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.414607048 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.414628983 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.414644003 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.414659023 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.414673090 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.414685011 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.414689064 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.414704084 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.414717913 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.414721012 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.414735079 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.414736986 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.414753914 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.414767981 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.414792061 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.664691925 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.664756060 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.665791988 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.665808916 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.665827990 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.665834904 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.665844917 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.665859938 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.665859938 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.665868044 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.665889025 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.665909052 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.665936947 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.665951967 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.665960073 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.665982962 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.665988922 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.666012049 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.666017056 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.666044950 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.666050911 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.666085005 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.666100979 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.666115046 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.666125059 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.666141033 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.666151047 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.666158915 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.666182995 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.666182995 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.666202068 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.666208029 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.666218042 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.666243076 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.666255951 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.666260004 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.666273117 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.666296959 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.666313887 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.904383898 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.904405117 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.904510021 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.908724070 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.908740997 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.908757925 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.908766985 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.908835888 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.908881903 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.908896923 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.908910990 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.908922911 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.908934116 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.908940077 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.908946991 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.908955097 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.908967972 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.908974886 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.908982038 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.908997059 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909003019 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.909013033 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909020901 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.909043074 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.909046888 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909061909 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909075975 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909080029 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.909091949 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909105062 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909107924 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.909118891 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909132957 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.909132957 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909149885 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909152031 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.909176111 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.909199953 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909214020 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909245014 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.909293890 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909306049 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909318924 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909322977 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.909332991 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909348965 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909363985 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.909389973 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.909905910 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909985065 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.909998894 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.910012007 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.910021067 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.910037041 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.910121918 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.910135031 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.910154104 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.910176992 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:43.910192966 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.910206079 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.910213947 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:43.910249949 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:44.154470921 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.154526949 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.154527903 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:44.154542923 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.154562950 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:44.154597998 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:44.179574013 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.179590940 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.179604053 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.179619074 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.179629087 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:44.179666042 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:44.179743052 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.179755926 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.179769993 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.179779053 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:44.179811001 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:44.179925919 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.179943085 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.179958105 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.179960966 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:44.179975986 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:44.179996014 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:44.410861015 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:44.410932064 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:44.505847931 CEST | 60843 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:44.505896091 CEST | 443 | 60843 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:44.506872892 CEST | 60843 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:44.508217096 CEST | 60843 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:44.508246899 CEST | 443 | 60843 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:44.712158918 CEST | 443 | 60843 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:44.712248087 CEST | 60843 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:44.778906107 CEST | 60843 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:44.778927088 CEST | 443 | 60843 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:44.779588938 CEST | 443 | 60843 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:44.779673100 CEST | 60843 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:44.785413980 CEST | 60843 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:44.785413980 CEST | 60843 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:44.785531044 CEST | 443 | 60843 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:44.785634995 CEST | 60843 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:45.303451061 CEST | 443 | 60843 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:45.303525925 CEST | 443 | 60843 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:45.303694963 CEST | 60843 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:45.303694963 CEST | 60843 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:45.303694963 CEST | 60843 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:45.305079937 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:45.576210976 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:45.576308012 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:45.605353117 CEST | 60843 | 443 | 192.168.2.24 | 172.67.144.140 |
Apr 2, 2025 12:00:45.605386972 CEST | 443 | 60843 | 172.67.144.140 | 192.168.2.24 |
Apr 2, 2025 12:00:47.109486103 CEST | 80 | 60836 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:47.109601021 CEST | 60836 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:47.111859083 CEST | 60836 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:00:47.377196074 CEST | 80 | 60836 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:50.606215954 CEST | 80 | 60840 | 216.9.224.185 | 192.168.2.24 |
Apr 2, 2025 12:00:50.606306076 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:02:26.088608027 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:02:26.708411932 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:02:27.817789078 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:02:30.036571980 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:02:34.458452940 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Apr 2, 2025 12:02:43.286643028 CEST | 60840 | 80 | 192.168.2.24 | 216.9.224.185 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 12:00:38.312674999 CEST | 52688 | 53 | 192.168.2.24 | 1.1.1.1 |
Apr 2, 2025 12:00:38.558067083 CEST | 53 | 52688 | 1.1.1.1 | 192.168.2.24 |
Apr 2, 2025 12:00:44.617645979 CEST | 52688 | 53 | 192.168.2.24 | 1.1.1.1 |
Apr 2, 2025 12:00:45.011636972 CEST | 53 | 52688 | 1.1.1.1 | 192.168.2.24 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 2, 2025 12:00:38.312674999 CEST | 192.168.2.24 | 1.1.1.1 | 0x9350 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 2, 2025 12:00:44.617645979 CEST | 192.168.2.24 | 1.1.1.1 | 0x86fb | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 2, 2025 12:00:37.672543049 CEST | 1.1.1.1 | 192.168.2.24 | 0xc9f9 | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 2, 2025 12:00:37.672543049 CEST | 1.1.1.1 | 192.168.2.24 | 0xc9f9 | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 12:00:37.672543049 CEST | 1.1.1.1 | 192.168.2.24 | 0xc9f9 | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 12:00:38.558067083 CEST | 1.1.1.1 | 192.168.2.24 | 0x9350 | No error (0) | 172.67.144.140 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 12:00:38.558067083 CEST | 1.1.1.1 | 192.168.2.24 | 0x9350 | No error (0) | 104.21.47.51 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 12:00:45.011636972 CEST | 1.1.1.1 | 192.168.2.24 | 0x86fb | No error (0) | PTR (Pointer record) | IN (0x0001) | false | |||
Apr 2, 2025 12:00:47.287020922 CEST | 1.1.1.1 | 192.168.2.24 | 0x6a7b | No error (0) | a726.dscd.akamai.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 2, 2025 12:00:47.287020922 CEST | 1.1.1.1 | 192.168.2.24 | 0x6a7b | No error (0) | 23.219.161.152 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.24 | 60836 | 216.9.224.185 | 80 | 7312 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 2, 2025 12:00:41.830538034 CEST | 454 | OUT | |
Apr 2, 2025 12:00:42.086951971 CEST | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.24 | 60840 | 216.9.224.185 | 80 | 7312 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 2, 2025 12:00:43.166783094 CEST | 334 | OUT | |
Apr 2, 2025 12:00:43.414607048 CEST | 1254 | IN | |
Apr 2, 2025 12:00:43.414628983 CEST | 1254 | IN | |
Apr 2, 2025 12:00:43.414644003 CEST | 1254 | IN | |
Apr 2, 2025 12:00:43.414659023 CEST | 1254 | IN | |
Apr 2, 2025 12:00:43.414673090 CEST | 1254 | IN | |
Apr 2, 2025 12:00:43.414689064 CEST | 1254 | IN | |
Apr 2, 2025 12:00:43.414704084 CEST | 1254 | IN | |
Apr 2, 2025 12:00:43.414721012 CEST | 1254 | IN | |
Apr 2, 2025 12:00:43.414736986 CEST | 1254 | IN | |
Apr 2, 2025 12:00:43.414753914 CEST | 1254 | IN | |
Apr 2, 2025 12:00:43.664691925 CEST | 1254 | IN | |
Apr 2, 2025 12:00:45.305079937 CEST | 334 | OUT | |
Apr 2, 2025 12:00:45.576210976 CEST | 322 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.24 | 60832 | 172.67.144.140 | 443 | 7312 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 10:00:39 UTC | 324 | OUT | |
2025-04-02 10:00:39 UTC | 1021 | IN | |
2025-04-02 10:00:39 UTC | 13 | IN | |
2025-04-02 10:00:39 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.24 | 60833 | 172.67.144.140 | 443 | 7312 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 10:00:39 UTC | 227 | OUT | |
2025-04-02 10:00:40 UTC | 1020 | IN | |
2025-04-02 10:00:40 UTC | 13 | IN | |
2025-04-02 10:00:40 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.24 | 60834 | 172.67.144.140 | 443 | 7312 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 10:00:40 UTC | 310 | OUT | |
2025-04-02 10:00:41 UTC | 1204 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.24 | 60838 | 172.67.144.140 | 443 | 7312 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 10:00:42 UTC | 190 | OUT | |
2025-04-02 10:00:42 UTC | 1194 | IN | |
2025-04-02 10:00:42 UTC | 175 | IN | |
2025-04-02 10:00:42 UTC | 17 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.24 | 60843 | 172.67.144.140 | 443 | 7312 | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 10:00:44 UTC | 213 | OUT | |
2025-04-02 10:00:45 UTC | 1196 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 1 |
Start time: | 06:00:33 |
Start date: | 02/04/2025 |
Path: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f51c0000 |
File size: | 1'637'952 bytes |
MD5 hash: | A9F0EC89897AC6C878D217DFB64CA752 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |