Windows
Analysis Report
November 14.docx
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 2728 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- chrome.exe (PID: 1552 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" --start- maximized "about:bla nk MD5: 6ACAE527E744C80997B25EF2A0485D5E) - chrome.exe (PID: 972 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=netw ork.mojom. NetworkSer vice --fie ld-trial-h andle=1072 ,150740134 4931818451 3,62466812 9265100158 5,131072 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --lan g=en-US -- service-sa ndbox-type =network - -enable-au dio-servic e-sandbox --mojo-pla tform-chan nel-handle =1468 /pre fetch:8 MD5: 6ACAE527E744C80997B25EF2A0485D5E) - AcroRd32.exe (PID: 3448 cmdline:
C:\Program Files (x8 6)\Adobe\A crobat Rea der DC\Rea der\AcroRd 32.exe" "C :\Users\us er\Downloa ds\BILLS-1 17hres1465 ih.pdf MD5: 2F8D93826B8CBF9290BC57535C7A6817) - RdrCEF.exe (PID: 3720 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroC EF\RdrCEF. exe" --bac kgroundcol or=1651404 3 MD5: 326A645391A97C760B60C558A35BB068)
- chrome.exe (PID: 2088 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" "https:// www.congre ss.gov/117 /bills/hre s1465/BILL S-117hres1 465ih.pdf MD5: 6ACAE527E744C80997B25EF2A0485D5E)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | Jump to behavior |
Source: | IP Address: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | LNK file: |
Source: | File created: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
accounts.google.com | 172.217.23.109 | true | false | high | |
www.congress.gov | 104.16.173.252 | true | false | high | |
clients.l.google.com | 142.250.185.174 | true | false | high | |
clients2.google.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.185.174 | clients.l.google.com | United States | 15169 | GOOGLEUS | false | |
104.16.173.252 | www.congress.gov | United States | 13335 | CLOUDFLARENETUS | false | |
172.217.23.109 | accounts.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.255 |
127.0.0.1 |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 746872 |
Start date and time: | 2022-11-15 20:21:18 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | November 14.docx |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 2 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.winDOCX@42/18@5/6 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, vga.dll
- Excluded IPs from analysis (whitelisted): 142.250.185.99, 34.104.35.123, 184.30.20.134, 80.67.82.80, 80.67.82.97, 142.250.74.195
- Excluded domains from analysis (whitelisted): ssl.adobe.com.edgekey.net, edgedl.me.gvt1.com, armmf.adobe.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, update.googleapis.com, clientservices.googleapis.com, www.gstatic.com, acroipm2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Report size getting too big, too many NtWriteVirtualMemory calls found.
- VT rate limit hit for: November 14.docx
Time | Type | Description |
---|---|---|
20:21:59 | API Interceptor | |
20:22:04 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-221116042206Z-203.bmp
Download File
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 0.9007140805921954 |
Encrypted: | false |
SSDEEP: | 96:ZhPMntPOVMfZ8oZloPMHk7jfPmgvPPD2vQ19IbIdRT1AUinO6zWuLzzfottaaMhL:Zq9Vb8jxiC9kCAU4yjQD |
MD5: | 02D1B6323D8DE5CA029EF574435FC355 |
SHA1: | 923251FC2836436946BDB13CC90D0758D5B4AED6 |
SHA-256: | 191040E472BADDFE1AE48B5E084223D93044C10A229E6D930243B47B20D48166 |
SHA-512: | 5C346610E997BA4F82CCCEC7D8E522C3C39A958E1E97D9CDCEFF8129A386EBC0D017498B431B8F4FF26D6F01BE26FB87145A87EB4B0E3B4B0CF78308EEFA1C80 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61440 |
Entropy (8bit): | 3.5760409882820294 |
Encrypted: | false |
SSDEEP: | 384:neh9dTh0tELJ8DAcLKuZsLRGlKhsvXh+vSc:xAeZsLQhUSc |
MD5: | 981ED7F4EEC7EFDC99C342186CEB5AC3 |
SHA1: | B337F6BC39B96311353933A0ACD0EB8F9391BB22 |
SHA-256: | 25FFB57790034AD3C3A769C369E968156C077695B47CAAEB2235E3118DFBDAB5 |
SHA-512: | 8D45C0D09023AFB4963062B3593486EE2FF9DC9380BF0BCA343059E6BEBC6F435F85204ACEC43CE0DA5D82729CA0A20C1BED3234D066DA170B47EC53A2DDEA17 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.310199132463157 |
Encrypted: | false |
SSDEEP: | 48:7My2iomVmBsmom1CIiomCBszom1Nom1Aiom1RROiom1Com1pom17iomVKiommOq3:78Cm6rIf6uhnCK6d49IVXEBodRBkt |
MD5: | E5DAAFC0F423A0B946FA63F2318F903C |
SHA1: | 2C937A2C54C764DE55A24501B15BC89368E99CBE |
SHA-256: | 2294558F31DA7651C8F3AA6E325CC19E2EE59D8412AE0362BD49AEA40520A4D0 |
SHA-512: | 698D5723EE0C10FE3FDD2CDDF424F57648FBEAA14191006D7E6D41F975DC70C469C21538487E2AC072A5E1CD9C12B81572B2D32596A183C60E80586B4E9B5791 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3072 |
Entropy (8bit): | 2.8551502604787418 |
Encrypted: | false |
SSDEEP: | 24:r5Mx/XYKQvGJF7ursj/vv8dyITGFMLjo7j:1Ml2GL7msjHvBITGFMLjsj |
MD5: | B7B90A2777DC8523B1F31147A95F9410 |
SHA1: | C758DA594E25360FF5634676ADB46F341BE41DCC |
SHA-256: | F577E3086403E3A77E5B2DFC30C9B7F4059B062DA1C95E32E6C925C3EB9CE55C |
SHA-512: | 0789635B052EC81B32C0E2D16363FD4EFC225F936D3C37E5F2CFDC276D6A9CA3F871FDFA96A596B14093FAB99B2878082F093DBCEC0BEE41A86C3F32F0AA8787 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2576 |
Entropy (8bit): | 3.3397412153619084 |
Encrypted: | false |
SSDEEP: | 24:7+tHcvv8dyITGFMEwkq7i8+Px/XYKQvGJF7ursg:7MwvBITGFMEoi7l2GL7msg |
MD5: | EBA736ABA8855A155BC4FE84DE254A34 |
SHA1: | 1421CB9D91E30F41A4354D0AE6BEBE60AAD6EA87 |
SHA-256: | D81C5F782CF6CF5C18E65F955F5B1A3ECF416E0B178F25F6C21F7D0D17E68EE6 |
SHA-512: | B0565E4D186042E9255B6EA5006040AC0056401FAD2933AADF8AD1F79E255AE814B4C000DF04BB2350856CADFAC58948C6A3334070289E73CE185FE72F5217CC |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{650A542E-C164-4C97-8328-4F5358A18406}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2560 |
Entropy (8bit): | 1.4182412957141795 |
Encrypted: | false |
SSDEEP: | 12:rl3lTpFQ3Ifv4fv4CIfv4fv4CICICb77:rn |
MD5: | 4FCAA58D39931BEA065A67DB20F191E4 |
SHA1: | 750A652D984CBE027261CF8E841384B229A6AAD3 |
SHA-256: | 6D0A10022957A4B9D3F4A24CF255060CF8C558192E6603F69F2F1FBA1E43ECCA |
SHA-512: | C94A6B85BB94D3E1CAB8E8E507A8235B76BE013CBBBC0A64F0D21A5EEF7FE0AE338DCFBC1F7DC1A4B0AE28DD7B0C2A5DE526B30B0F4ACC82428CDF631ECE0AC6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{03EE5AE9-23C0-4D13-954B-42A460848B21}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 19456 |
Entropy (8bit): | 4.343414412993246 |
Encrypted: | false |
SSDEEP: | 384:bksqynESOHeIRZQdmtZVOpd+Law7IIVaFYafnqi/iJsOsgzJTt7w+WoVDOo4h6v8:bksqmESOHeIRZQdmtCpd+Law7I8aFYaj |
MD5: | 0F1A139DAE03A9EF6F6DF325A24EF9E4 |
SHA1: | 3CA558C332D1858C82AA5D9B7A53A257B680AD30 |
SHA-256: | 5347B5BB7582140525B165F39C951E436D5F7FE11BF975B649DCEBE568152B51 |
SHA-512: | D1DA54155088C23EF32245316E91BD49368C4F863F0897B40A4B2C1DA2D541D35ECBBAA919F27651F95FD7A83FAA9B2EEFD4F37698632A5209871F7C19BD3E71 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{196E1EB9-5A31-4C9D-B584-2ED880BFB777}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.018229594818722 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOHR0zCSyAAO:IngVMre9T0HQIDmy9g06JX3R0zlX |
MD5: | FEB4B19F2B9329BEE8081155DF114282 |
SHA1: | 6146D5F49C509AB47D6DF3C3EE8793043147DD6D |
SHA-256: | 52212ED0AE707608808D5BAE0A0AAFC6004395F9C94962F663DCED8AE4457FFD |
SHA-512: | AB346C845DCBD1CA8A835DF3B14933D7CD968EBA749069995E25B105542888C4FBF24C788F18D0315BAEBBAA565B83A71692000727EFF9782B16FE5C5B231121 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 663 |
Entropy (8bit): | 5.949125862393289 |
Encrypted: | false |
SSDEEP: | 12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF |
MD5: | ED3C1C40B68BA4F40DB15529D5443DEC |
SHA1: | 831AF99BB64A04617E0A42EA898756F9E0E0BCCA |
SHA-256: | 039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A |
SHA-512: | C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 4.5459544247882935 |
Encrypted: | false |
SSDEEP: | 12:8p5eQGvfC0gXg/XAlCPCHaXNBQtB/nPyX+WlDchY5i39icvbHLQzNDtZ3YilMMEH:8KQO/XT9SdqIhZ3kerERDv3qm1u7D |
MD5: | 0F80318CB8BB27E305144DFC6116077C |
SHA1: | 1F8032E628FE4F7666ABA203D5816CD847F82578 |
SHA-256: | F46195C0D0AEA4BC87BA1E0BE5F7D653DA933A9E1495111BFD7A4F576B1F002A |
SHA-512: | CA5CC9B3C242E6656B48CE24F1284EB133CBBE26FF00BD29FA2DD03C10D7EAED4B8526C5EE5D267C3D9C2EE885E18C53B81911B3B345D6D2A04D0728867D1730 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 74 |
Entropy (8bit): | 4.63486544812866 |
Encrypted: | false |
SSDEEP: | 3:bDuMJlz96yuW4omxWgKT1yuW4ov:bC48T9GJT9y |
MD5: | 4238C8B0CD44593E49F063BA97D4E5BF |
SHA1: | 4AE8B5943C66FDD122337527CC65A3DCEEEED6B2 |
SHA-256: | 89D2D173B8FCB5585AAEAC4234B611A4CC7066CAB1EA8550A34BBC48D37967BE |
SHA-512: | 2F06A17BE7E2019B7376AA96231267E1AE0637DF8FE85947E35B157D370A932BA301C25690774FB774C23B7EBC23CFF4C63E6D4A9926584370EF7545AA16EE78 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2 |
Entropy (8bit): | 1.0 |
Encrypted: | false |
SSDEEP: | 3:Qn:Qn |
MD5: | F3B25701FE362EC84616A93A45CE9998 |
SHA1: | D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB |
SHA-256: | B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
SHA-512: | 98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 230349 |
Entropy (8bit): | 7.774939809289016 |
Encrypted: | false |
SSDEEP: | 3072:96UI4mM0SPr/rL+nyyh1twyBmhMg7UAldre0oIuybVYWWhIw/BHQIZsrm90IagIe:UUICPrDinu/egghlIyWWv9Qy30vHGP |
MD5: | C67A3B5454155C757BD059C72C12C2F0 |
SHA1: | 92E1900EED13130A26F79ED65DDCEC28F954EFE4 |
SHA-256: | F92ECFF0909C188CB5060DFB5AC97A718F3E85169EE3D25EF286EFAF5848A31A |
SHA-512: | FAF231D4B81F01DE15DC1C2A5638672A5DB9EF8CF7438D91C15C6088F7BCADA614A1EA66A9B487783AEBD3BE828C5CB6A46C9C628212903D488F52D6FB277EC7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 230349 |
Entropy (8bit): | 7.774939809289016 |
Encrypted: | false |
SSDEEP: | 3072:96UI4mM0SPr/rL+nyyh1twyBmhMg7UAldre0oIuybVYWWhIw/BHQIZsrm90IagIe:UUICPrDinu/egghlIyWWv9Qy30vHGP |
MD5: | C67A3B5454155C757BD059C72C12C2F0 |
SHA1: | 92E1900EED13130A26F79ED65DDCEC28F954EFE4 |
SHA-256: | F92ECFF0909C188CB5060DFB5AC97A718F3E85169EE3D25EF286EFAF5848A31A |
SHA-512: | FAF231D4B81F01DE15DC1C2A5638672A5DB9EF8CF7438D91C15C6088F7BCADA614A1EA66A9B487783AEBD3BE828C5CB6A46C9C628212903D488F52D6FB277EC7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 230349 |
Entropy (8bit): | 7.774939809289016 |
Encrypted: | false |
SSDEEP: | 3072:96UI4mM0SPr/rL+nyyh1twyBmhMg7UAldre0oIuybVYWWhIw/BHQIZsrm90IagIe:UUICPrDinu/egghlIyWWv9Qy30vHGP |
MD5: | C67A3B5454155C757BD059C72C12C2F0 |
SHA1: | 92E1900EED13130A26F79ED65DDCEC28F954EFE4 |
SHA-256: | F92ECFF0909C188CB5060DFB5AC97A718F3E85169EE3D25EF286EFAF5848A31A |
SHA-512: | FAF231D4B81F01DE15DC1C2A5638672A5DB9EF8CF7438D91C15C6088F7BCADA614A1EA66A9B487783AEBD3BE828C5CB6A46C9C628212903D488F52D6FB277EC7 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.61410531291154 |
TrID: |
|
File name: | November 14.docx |
File size: | 23248 |
MD5: | 7210f674a1630d302d9475b0140c1456 |
SHA1: | 1503ef7acb67d092f08b582ef6f02b353c5f666d |
SHA256: | 92cb6c458b180b338265041f6bfe1fd0b132052e3623362d2d3908e7566b2982 |
SHA512: | 3ff0643228dbe29a2cdf62425897bfb27108bb83d870fc36d08694863daa07216a6342036e2aa0d5b0f0a4264fba670ffe0ebc6dc81178575f6f51ad76f7fe0a |
SSDEEP: | 384:SYWlRRugtWqnTc6ywravGltN5s+ORfNxt/ZtNNhgdi/30rba8mzgQcvF1B8j5uP7:ARugDTlyBEjORVxllNhgqGb7MgQcC5uj |
TLSH: | 57A2D138E086FC18D6B6497E896400FAF7400492FA52169F2E69F7DFCB605D3DB81A49 |
File Content Preview: | PK..........!.z!0:....-.......[Content_Types].xml ...(......................................................................................................................................................................................................... |
Icon Hash: | e4e6a2a2a4b4b4a4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 15, 2022 20:22:51.024214983 CET | 49181 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:51.024295092 CET | 443 | 49181 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:51.024385929 CET | 49181 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:51.026262999 CET | 49181 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:51.026308060 CET | 443 | 49181 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:51.027152061 CET | 49182 | 443 | 192.168.2.22 | 172.217.23.109 |
Nov 15, 2022 20:22:51.027226925 CET | 443 | 49182 | 172.217.23.109 | 192.168.2.22 |
Nov 15, 2022 20:22:51.027312994 CET | 49182 | 443 | 192.168.2.22 | 172.217.23.109 |
Nov 15, 2022 20:22:51.027594090 CET | 49182 | 443 | 192.168.2.22 | 172.217.23.109 |
Nov 15, 2022 20:22:51.027633905 CET | 443 | 49182 | 172.217.23.109 | 192.168.2.22 |
Nov 15, 2022 20:22:51.102607965 CET | 443 | 49181 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:51.127449036 CET | 443 | 49182 | 172.217.23.109 | 192.168.2.22 |
Nov 15, 2022 20:22:51.132657051 CET | 49181 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:51.132711887 CET | 443 | 49181 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:51.133083105 CET | 49182 | 443 | 192.168.2.22 | 172.217.23.109 |
Nov 15, 2022 20:22:51.133119106 CET | 443 | 49182 | 172.217.23.109 | 192.168.2.22 |
Nov 15, 2022 20:22:51.133985996 CET | 443 | 49181 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:51.134078026 CET | 49181 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:51.136482954 CET | 443 | 49182 | 172.217.23.109 | 192.168.2.22 |
Nov 15, 2022 20:22:51.136584997 CET | 49182 | 443 | 192.168.2.22 | 172.217.23.109 |
Nov 15, 2022 20:22:51.137528896 CET | 443 | 49181 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:51.137639999 CET | 49181 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:51.499723911 CET | 49181 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:51.499793053 CET | 443 | 49181 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:51.499806881 CET | 49182 | 443 | 192.168.2.22 | 172.217.23.109 |
Nov 15, 2022 20:22:51.499854088 CET | 443 | 49182 | 172.217.23.109 | 192.168.2.22 |
Nov 15, 2022 20:22:51.500073910 CET | 443 | 49182 | 172.217.23.109 | 192.168.2.22 |
Nov 15, 2022 20:22:51.500134945 CET | 443 | 49181 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:51.500224113 CET | 49181 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:51.500257015 CET | 443 | 49181 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:51.500377893 CET | 49182 | 443 | 192.168.2.22 | 172.217.23.109 |
Nov 15, 2022 20:22:51.500430107 CET | 443 | 49182 | 172.217.23.109 | 192.168.2.22 |
Nov 15, 2022 20:22:51.530160904 CET | 443 | 49181 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:51.530277967 CET | 49181 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:51.530303001 CET | 443 | 49181 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:51.530482054 CET | 443 | 49181 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:51.530550957 CET | 49181 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:51.548888922 CET | 443 | 49182 | 172.217.23.109 | 192.168.2.22 |
Nov 15, 2022 20:22:51.548969030 CET | 49182 | 443 | 192.168.2.22 | 172.217.23.109 |
Nov 15, 2022 20:22:51.549002886 CET | 443 | 49182 | 172.217.23.109 | 192.168.2.22 |
Nov 15, 2022 20:22:51.549098015 CET | 443 | 49182 | 172.217.23.109 | 192.168.2.22 |
Nov 15, 2022 20:22:51.549144983 CET | 49182 | 443 | 192.168.2.22 | 172.217.23.109 |
Nov 15, 2022 20:22:51.592458963 CET | 49181 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:51.592505932 CET | 443 | 49181 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:51.593513966 CET | 49182 | 443 | 192.168.2.22 | 172.217.23.109 |
Nov 15, 2022 20:22:51.593575001 CET | 443 | 49182 | 172.217.23.109 | 192.168.2.22 |
Nov 15, 2022 20:22:51.866309881 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:51.866394043 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:51.866481066 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:51.877630949 CET | 49185 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:51.877722025 CET | 443 | 49185 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:51.877868891 CET | 49185 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:51.902851105 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:51.902937889 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:51.931704998 CET | 49185 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:51.931780100 CET | 443 | 49185 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:51.999274969 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:51.999845028 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:51.999897957 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.002042055 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.002115965 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.015072107 CET | 443 | 49185 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.034068108 CET | 49185 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.034133911 CET | 443 | 49185 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.034215927 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.034266949 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.034547091 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.034677029 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.034697056 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.037904024 CET | 443 | 49185 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.038057089 CET | 49185 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.041621923 CET | 49185 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.041660070 CET | 443 | 49185 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.041991949 CET | 443 | 49185 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.215576887 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.215677977 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.215682983 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.215707064 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.215750933 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.215764999 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.215801954 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.215837002 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.215843916 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.216093063 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.216130972 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.216140032 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.216149092 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.216181040 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.216763020 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.216850042 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.216895103 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.216912031 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.217575073 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.217623949 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.217633009 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.217649937 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.217683077 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.217694044 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.218396902 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.218442917 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.218447924 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.218468904 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.218506098 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.218513966 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.219176054 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.219238043 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.219245911 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.219264030 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.219300032 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.219959021 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.220032930 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.220082998 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.220086098 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.220102072 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.220134020 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.229125977 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.232882023 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.232995033 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.233043909 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.233048916 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.233066082 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.233099937 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.233114004 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.233644962 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.233701944 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.233709097 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.233724117 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.233769894 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.233797073 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.234527111 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.234611034 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.234636068 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.234956980 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.235013008 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.235019922 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.235043049 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.235093117 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.235692978 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.235793114 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.236534119 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.236682892 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.236702919 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.237343073 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.237417936 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.237437010 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.238162994 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.238226891 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.238265038 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.238280058 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.238298893 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.239015102 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.239100933 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.239119053 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.239732981 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.239881039 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.239948988 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.240705013 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.240804911 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.241518021 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.241667032 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.241667032 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.246905088 CET | 443 | 49185 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.246989012 CET | 49185 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.250611067 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.250674963 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.250711918 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.250766039 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.250770092 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.250781059 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.250811100 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.250854969 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.251595020 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.251663923 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.252743959 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.252810001 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.252815962 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.252831936 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.252861023 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.253599882 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.253665924 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.253685951 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.253905058 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.253958941 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.253977060 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.253994942 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.254040003 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.254051924 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.254825115 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.254899025 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.254911900 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.254929066 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.254973888 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.255652905 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.255712986 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.256469011 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.256524086 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.257134914 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.257199049 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.257217884 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.257244110 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.257261992 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.258013010 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.258069992 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.258076906 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.258093119 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.258117914 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.258857012 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.258923054 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.258943081 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.259639025 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.259697914 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.259721994 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.260307074 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.260377884 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.260382891 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.260430098 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.260469913 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.261181116 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.261236906 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.262017012 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.262077093 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.262085915 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.262101889 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.262131929 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.263026953 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.263093948 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.263094902 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.263120890 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.263145924 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.263803005 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.263854027 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.263875008 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.264132023 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.264190912 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.264194965 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.264210939 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.264233112 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.265055895 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.265121937 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.265141010 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.266086102 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.266124010 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.266143084 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.266164064 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.266177893 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.266254902 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.266952991 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.267005920 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.267052889 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.267199039 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.267270088 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.267288923 CET | 443 | 49184 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:22:52.267302990 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.267324924 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:52.267339945 CET | 49184 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:22:55.924849033 CET | 49191 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:55.924916983 CET | 443 | 49191 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:55.924977064 CET | 49191 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:55.927823067 CET | 49191 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:55.927861929 CET | 443 | 49191 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:55.976044893 CET | 443 | 49191 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:55.977037907 CET | 49191 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:55.977075100 CET | 443 | 49191 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:55.977735043 CET | 443 | 49191 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:55.978549004 CET | 49191 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:55.978575945 CET | 443 | 49191 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:55.978691101 CET | 443 | 49191 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:55.978741884 CET | 49191 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:55.978756905 CET | 443 | 49191 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:56.029373884 CET | 443 | 49191 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:56.029485941 CET | 49191 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:56.029512882 CET | 443 | 49191 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:56.029531002 CET | 443 | 49191 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:22:56.029596090 CET | 49191 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:56.031321049 CET | 49191 | 443 | 192.168.2.22 | 142.250.185.174 |
Nov 15, 2022 20:22:56.031353951 CET | 443 | 49191 | 142.250.185.174 | 192.168.2.22 |
Nov 15, 2022 20:23:02.115602016 CET | 49185 | 443 | 192.168.2.22 | 104.16.173.252 |
Nov 15, 2022 20:23:02.115784883 CET | 443 | 49185 | 104.16.173.252 | 192.168.2.22 |
Nov 15, 2022 20:23:02.115881920 CET | 49185 | 443 | 192.168.2.22 | 104.16.173.252 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 15, 2022 20:22:44.558088064 CET | 138 | 138 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:44.685923100 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:45.435740948 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:46.198641062 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:47.457537889 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:47.457704067 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:47.463406086 CET | 59241 | 53 | 192.168.2.22 | 8.8.8.8 |
Nov 15, 2022 20:22:47.468103886 CET | 55244 | 53 | 192.168.2.22 | 8.8.8.8 |
Nov 15, 2022 20:22:47.491434097 CET | 53 | 59241 | 8.8.8.8 | 192.168.2.22 |
Nov 15, 2022 20:22:47.496133089 CET | 53 | 55244 | 8.8.8.8 | 192.168.2.22 |
Nov 15, 2022 20:22:48.203649044 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:48.204260111 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:48.953814030 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:48.954333067 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:50.848573923 CET | 59241 | 53 | 192.168.2.22 | 8.8.8.8 |
Nov 15, 2022 20:22:50.868441105 CET | 53 | 59241 | 8.8.8.8 | 192.168.2.22 |
Nov 15, 2022 20:22:50.997791052 CET | 55244 | 53 | 192.168.2.22 | 8.8.8.8 |
Nov 15, 2022 20:22:51.025991917 CET | 53 | 55244 | 8.8.8.8 | 192.168.2.22 |
Nov 15, 2022 20:22:51.803005934 CET | 64281 | 53 | 192.168.2.22 | 8.8.8.8 |
Nov 15, 2022 20:22:51.824985027 CET | 53 | 64281 | 8.8.8.8 | 192.168.2.22 |
Nov 15, 2022 20:22:52.064944983 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:52.066129923 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:52.067042112 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:52.814908028 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:52.815871954 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:52.816860914 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:53.565293074 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:53.566227913 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:53.567189932 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:53.579982042 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:54.340958118 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:55.105830908 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:55.809870958 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:56.561728954 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:57.314008951 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:59.249188900 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:22:59.999067068 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:23:00.749182940 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:23:08.435359955 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:23:09.185389042 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:23:09.935503006 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:23:17.382940054 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:23:18.132755995 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:23:18.882762909 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:23:20.107180119 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:23:20.857120991 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:23:21.607152939 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:23:44.592463970 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:23:45.341595888 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:23:46.091758966 CET | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
Nov 15, 2022 20:24:14.107564926 CET | 138 | 138 | 192.168.2.22 | 192.168.2.255 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 15, 2022 20:22:47.463406086 CET | 192.168.2.22 | 8.8.8.8 | 0xd7e5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 15, 2022 20:22:47.468103886 CET | 192.168.2.22 | 8.8.8.8 | 0xb550 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 15, 2022 20:22:50.848573923 CET | 192.168.2.22 | 8.8.8.8 | 0xd7e5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 15, 2022 20:22:50.997791052 CET | 192.168.2.22 | 8.8.8.8 | 0xb550 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 15, 2022 20:22:51.803005934 CET | 192.168.2.22 | 8.8.8.8 | 0xea6c | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 15, 2022 20:22:47.491434097 CET | 8.8.8.8 | 192.168.2.22 | 0xd7e5 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 15, 2022 20:22:47.491434097 CET | 8.8.8.8 | 192.168.2.22 | 0xd7e5 | No error (0) | 142.250.185.174 | A (IP address) | IN (0x0001) | false | ||
Nov 15, 2022 20:22:47.496133089 CET | 8.8.8.8 | 192.168.2.22 | 0xb550 | No error (0) | 172.217.23.109 | A (IP address) | IN (0x0001) | false | ||
Nov 15, 2022 20:22:50.868441105 CET | 8.8.8.8 | 192.168.2.22 | 0xd7e5 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 15, 2022 20:22:50.868441105 CET | 8.8.8.8 | 192.168.2.22 | 0xd7e5 | No error (0) | 142.250.185.174 | A (IP address) | IN (0x0001) | false | ||
Nov 15, 2022 20:22:51.025991917 CET | 8.8.8.8 | 192.168.2.22 | 0xb550 | No error (0) | 172.217.23.109 | A (IP address) | IN (0x0001) | false | ||
Nov 15, 2022 20:22:51.824985027 CET | 8.8.8.8 | 192.168.2.22 | 0xea6c | No error (0) | 104.16.173.252 | A (IP address) | IN (0x0001) | false | ||
Nov 15, 2022 20:22:51.824985027 CET | 8.8.8.8 | 192.168.2.22 | 0xea6c | No error (0) | 104.16.172.252 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49181 | 142.250.185.174 | 443 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-11-15 19:22:51 UTC | 0 | OUT | |
2022-11-15 19:22:51 UTC | 1 | IN | |
2022-11-15 19:22:51 UTC | 2 | IN | |
2022-11-15 19:22:51 UTC | 2 | IN | |
2022-11-15 19:22:51 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49182 | 172.217.23.109 | 443 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-11-15 19:22:51 UTC | 0 | OUT | |
2022-11-15 19:22:51 UTC | 1 | OUT | |
2022-11-15 19:22:51 UTC | 2 | IN | |
2022-11-15 19:22:51 UTC | 4 | IN | |
2022-11-15 19:22:51 UTC | 4 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49184 | 104.16.173.252 | 443 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-11-15 19:22:52 UTC | 4 | OUT | |
2022-11-15 19:22:52 UTC | 5 | IN | |
2022-11-15 19:22:52 UTC | 6 | IN | |
2022-11-15 19:22:52 UTC | 6 | IN | |
2022-11-15 19:22:52 UTC | 8 | IN | |
2022-11-15 19:22:52 UTC | 9 | IN | |
2022-11-15 19:22:52 UTC | 10 | IN | |
2022-11-15 19:22:52 UTC | 12 | IN | |
2022-11-15 19:22:52 UTC | 13 | IN | |
2022-11-15 19:22:52 UTC | 14 | IN | |
2022-11-15 19:22:52 UTC | 16 | IN | |
2022-11-15 19:22:52 UTC | 17 | IN | |
2022-11-15 19:22:52 UTC | 18 | IN | |
2022-11-15 19:22:52 UTC | 20 | IN | |
2022-11-15 19:22:52 UTC | 21 | IN | |
2022-11-15 19:22:52 UTC | 22 | IN | |
2022-11-15 19:22:52 UTC | 24 | IN | |
2022-11-15 19:22:52 UTC | 25 | IN | |
2022-11-15 19:22:52 UTC | 26 | IN | |
2022-11-15 19:22:52 UTC | 28 | IN | |
2022-11-15 19:22:52 UTC | 29 | IN | |
2022-11-15 19:22:52 UTC | 30 | IN | |
2022-11-15 19:22:52 UTC | 32 | IN | |
2022-11-15 19:22:52 UTC | 33 | IN | |
2022-11-15 19:22:52 UTC | 34 | IN | |
2022-11-15 19:22:52 UTC | 36 | IN | |
2022-11-15 19:22:52 UTC | 37 | IN | |
2022-11-15 19:22:52 UTC | 38 | IN | |
2022-11-15 19:22:52 UTC | 39 | IN | |
2022-11-15 19:22:52 UTC | 41 | IN | |
2022-11-15 19:22:52 UTC | 42 | IN | |
2022-11-15 19:22:52 UTC | 44 | IN | |
2022-11-15 19:22:52 UTC | 45 | IN | |
2022-11-15 19:22:52 UTC | 46 | IN | |
2022-11-15 19:22:52 UTC | 48 | IN | |
2022-11-15 19:22:52 UTC | 49 | IN | |
2022-11-15 19:22:52 UTC | 50 | IN | |
2022-11-15 19:22:52 UTC | 52 | IN | |
2022-11-15 19:22:52 UTC | 53 | IN | |
2022-11-15 19:22:52 UTC | 54 | IN | |
2022-11-15 19:22:52 UTC | 56 | IN | |
2022-11-15 19:22:52 UTC | 57 | IN | |
2022-11-15 19:22:52 UTC | 58 | IN | |
2022-11-15 19:22:52 UTC | 60 | IN | |
2022-11-15 19:22:52 UTC | 64 | IN | |
2022-11-15 19:22:52 UTC | 68 | IN | |
2022-11-15 19:22:52 UTC | 69 | IN | |
2022-11-15 19:22:52 UTC | 73 | IN | |
2022-11-15 19:22:52 UTC | 77 | IN | |
2022-11-15 19:22:52 UTC | 81 | IN | |
2022-11-15 19:22:52 UTC | 85 | IN | |
2022-11-15 19:22:52 UTC | 89 | IN | |
2022-11-15 19:22:52 UTC | 94 | IN | |
2022-11-15 19:22:52 UTC | 98 | IN | |
2022-11-15 19:22:52 UTC | 101 | IN | |
2022-11-15 19:22:52 UTC | 105 | IN | |
2022-11-15 19:22:52 UTC | 109 | IN | |
2022-11-15 19:22:52 UTC | 113 | IN | |
2022-11-15 19:22:52 UTC | 117 | IN | |
2022-11-15 19:22:52 UTC | 121 | IN | |
2022-11-15 19:22:52 UTC | 126 | IN | |
2022-11-15 19:22:52 UTC | 130 | IN | |
2022-11-15 19:22:52 UTC | 133 | IN | |
2022-11-15 19:22:52 UTC | 137 | IN | |
2022-11-15 19:22:52 UTC | 141 | IN | |
2022-11-15 19:22:52 UTC | 145 | IN | |
2022-11-15 19:22:52 UTC | 149 | IN | |
2022-11-15 19:22:52 UTC | 153 | IN | |
2022-11-15 19:22:52 UTC | 158 | IN | |
2022-11-15 19:22:52 UTC | 162 | IN | |
2022-11-15 19:22:52 UTC | 165 | IN | |
2022-11-15 19:22:52 UTC | 169 | IN | |
2022-11-15 19:22:52 UTC | 173 | IN | |
2022-11-15 19:22:52 UTC | 177 | IN | |
2022-11-15 19:22:52 UTC | 181 | IN | |
2022-11-15 19:22:52 UTC | 185 | IN | |
2022-11-15 19:22:52 UTC | 190 | IN | |
2022-11-15 19:22:52 UTC | 194 | IN | |
2022-11-15 19:22:52 UTC | 197 | IN | |
2022-11-15 19:22:52 UTC | 201 | IN | |
2022-11-15 19:22:52 UTC | 205 | IN | |
2022-11-15 19:22:52 UTC | 209 | IN | |
2022-11-15 19:22:52 UTC | 213 | IN | |
2022-11-15 19:22:52 UTC | 217 | IN | |
2022-11-15 19:22:52 UTC | 229 | IN | |
2022-11-15 19:22:52 UTC | 231 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49191 | 142.250.185.174 | 443 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-11-15 19:22:55 UTC | 231 | OUT | |
2022-11-15 19:22:56 UTC | 232 | IN | |
2022-11-15 19:22:56 UTC | 233 | IN | |
2022-11-15 19:22:56 UTC | 233 | IN | |
2022-11-15 19:22:56 UTC | 233 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 20:21:18 |
Start date: | 15/11/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f090000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 3 |
Start time: | 20:21:48 |
Start date: | 15/11/2022 |
Path: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f7d0000 |
File size: | 1820656 bytes |
MD5 hash: | 6ACAE527E744C80997B25EF2A0485D5E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 4 |
Start time: | 20:21:49 |
Start date: | 15/11/2022 |
Path: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f7d0000 |
File size: | 1820656 bytes |
MD5 hash: | 6ACAE527E744C80997B25EF2A0485D5E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 7 |
Start time: | 20:21:50 |
Start date: | 15/11/2022 |
Path: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f7d0000 |
File size: | 1820656 bytes |
MD5 hash: | 6ACAE527E744C80997B25EF2A0485D5E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 8 |
Start time: | 20:21:59 |
Start date: | 15/11/2022 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x220000 |
File size: | 2525680 bytes |
MD5 hash: | 2F8D93826B8CBF9290BC57535C7A6817 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 9 |
Start time: | 20:22:04 |
Start date: | 15/11/2022 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x50000 |
File size: | 9805808 bytes |
MD5 hash: | 326A645391A97C760B60C558A35BB068 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |