Analysis Report
Overview
General Information |
---|
Joe Sandbox Version: | 17.0.0 |
Analysis ID: | 204166 |
Start time: | 14:53:38 |
Joe Sandbox Product: | Cloud |
Start date: | 11.01.2017 |
Overall analysis duration: | 0h 18m 20s |
Report type: | full |
Sample file name: | ad89a7ca5869cb6ea153be32740e6fe4c2fae06383c4680560cc3dd861c2a77a (renamed file extension from none to doc) |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 (Office 2003 SP1, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 44, Firefox 36) |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 27 |
Technologies |
|
Detection: | MAL |
Classification: | mal100.evad.expl.rans.phis.spyw.bank.troj.winDOC@9/17@21/5 |
HCA Information: |
|
EGA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 100 | 0 - 100 | Report FP / FN |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 5 | 0 - 5 | false |
Classification |
---|
Analysis Advice |
---|
Sample HTTP request are all non existing, likely the sample is no longer working |
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely requires more UI automation |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--" |
Sample monitors Window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook |
Sample sleeps for a long time, analyze it with the 'Bypass long sleeps' cookbook |
Signature Overview |
---|
Click to jump to signature section
Cryptography: |
---|
Uses Microsoft's Enhanced Cryptographic Provider | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_0315BA85 | |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_03154086 | |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_0315BA60 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_003EBA60 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_003EBA85 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_003E4086 | |
Source: C:\Windows\System32\cmd.exe | Code function: | 3_2_0124BA60 | |
Source: C:\Windows\System32\cmd.exe | Code function: | 3_2_0124BA85 | |
Source: C:\Windows\System32\cmd.exe | Code function: | 3_2_01244086 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_01274086 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_0127BA60 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_0127BA85 | |
Source: C:\Windows\System32\dwm.exe | Code function: | 10_2_00384086 | |
Source: C:\Windows\System32\dwm.exe | Code function: | 10_2_0038BA85 | |
Source: C:\Windows\System32\dwm.exe | Code function: | 10_2_0038BA60 | |
Source: C:\Windows\explorer.exe | Code function: | 11_2_00D44086 | |
Source: C:\Windows\explorer.exe | Code function: | 11_2_00D4BA85 | |
Source: C:\Windows\explorer.exe | Code function: | 11_2_00D4BA60 | |
Source: C:\Windows\System32\conhost.exe | Code function: | 13_2_0010BA85 | |
Source: C:\Windows\System32\conhost.exe | Code function: | 13_2_00104086 | |
Source: C:\Windows\System32\conhost.exe | Code function: | 13_2_0010BA60 |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Contains functionality to import cryptographic keys (often used in ransomware) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_0315BA85 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_003EBA85 | |
Source: C:\Windows\System32\cmd.exe | Code function: | 3_2_0124BA85 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_0127BA85 | |
Source: C:\Windows\System32\dwm.exe | Code function: | 10_2_0038BA85 | |
Source: C:\Windows\explorer.exe | Code function: | 11_2_00D4BA85 | |
Source: C:\Windows\System32\conhost.exe | Code function: | 13_2_0010BA85 |
E-Banking Fraud: |
---|
Registers a new ROOT certificate | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_0315289B |
Software Vulnerabilities: |
---|
Potential document exploit detected (performs DNS queries) | Show sources |
Source: global traffic | DNS query: |
Potential document exploit detected (performs HTTP gets) | Show sources |
Source: global traffic | TCP traffic: |
Potential document exploit detected (unknown TCP traffic) | Show sources |
Source: global traffic | TCP traffic: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process created: |
Networking: |
---|
Urls found in memory or binary data | Show sources |
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: spoolsv.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe, conhost.exe | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE, explorer.exe | String found in binary or memory: | ||
Source: WINWORD.EXE, explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: WINWORD.EXE, explorer.exe | String found in binary or memory: | ||
Source: WINWORD.EXE, explorer.exe | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: explorer.exe, conhost.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: |
Contains functionality to download additional files from the internet | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_03154256 |
Downloads files from webservers via HTTP | Show sources |
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: |
Found strings which match to known social media urls | Show sources |
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: explorer.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: | ||
Source: lsass.exe | String found in binary or memory: |
Performs DNS lookups | Show sources |
Source: unknown | DNS traffic detected: |
Posts data to webserver | Show sources |
Source: unknown | HTTP traffic detected: |
Tries to download non-existing http data (HTTP/1.1 404 Not Found) | Show sources |
Source: global traffic | HTTP traffic detected: |
Downloads executable code via HTTP | Show sources |
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: |
Uses a known web browser user agent for HTTP communication | Show sources |
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: |
Found C&C like URL pattern | Show sources |
Source: global traffic | HTTP traffic detected: |
May check the online IP address of the machine | Show sources |
Source: unknown | DNS query: |
Tries to resolve many domain names, but no domain seems valid | Show sources |
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: |
Boot Survival: |
---|
Creates an autostart registry key | Show sources |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Registry value created or modified: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Registry value created or modified: |
Creates or modifies windows services | Show sources |
Source: C:\Windows\System32\svchost.exe | Registry key created: |
Modifies existing windows services | Show sources |
Source: C:\Windows\System32\svchost.exe | Registry key value modified: |
Creates autostart registry keys with suspicious names | Show sources |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Registry value created or modified: |
Stealing of Sensitive Information: |
---|
Searches for user specific document files | Show sources |
Source: C:\Windows\explorer.exe | Key value created or modified: | ||
Source: C:\Windows\explorer.exe | Key value created or modified: |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: |
Tries to harvest and steal ftp login credentials | Show sources |
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: |
Tries to steal Mail credentials | Show sources |
Source: C:\Windows\explorer.exe | Key opened: | ||
Source: C:\Windows\explorer.exe | Key opened: | ||
Source: C:\Windows\explorer.exe | Key opened: | ||
Source: C:\Windows\explorer.exe | Key opened: |
Persistence and Installation Behavior: |
---|
Drops PE files | Show sources |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | File created: | ||
Source: C:\Windows\explorer.exe | File created: |
Data Obfuscation: |
---|
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_0315B416 |
Generates new code (likely due to unpacking of malware or shellcode) | Show sources |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code execution: |
PE file contains an invalid checksum | Show sources |
Source: RebRonr.exe.3172.dr | Static PE information: | ||
Source: BN3918.tmp.2492.dr | Static PE information: |
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: C:\Windows\explorer.exe | Code function: | 1_2_003EB4B4 | |
Source: C:\Windows\System32\cmd.exe | Code function: | 3_2_0124B4B4 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_0127B4B4 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_005915BC | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_00594502 | |
Source: C:\Windows\System32\dwm.exe | Code function: | 10_2_0038B4B4 | |
Source: C:\Windows\explorer.exe | Code function: | 11_2_00D4B4B4 | |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Code function: | 12_2_0033028D | |
Source: C:\Windows\System32\conhost.exe | Code function: | 13_2_0010B4B4 |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_031596C8 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_003E96C8 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_100068C0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_10004DF4 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_10007241 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_10004A84 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_1000419E | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_1000673C | |
Source: C:\Windows\System32\cmd.exe | Code function: | 3_2_012496C8 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_012796C8 | |
Source: C:\Windows\System32\dwm.exe | Code function: | 10_2_003896C8 | |
Source: C:\Windows\explorer.exe | Code function: | 11_2_00D496C8 | |
Source: C:\Windows\System32\conhost.exe | Code function: | 13_2_001096C8 |
Enumerates the file system | Show sources |
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: |
System Summary: |
---|
Executable creates window controls seldom found in malware | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Window found: |
Found graphical window changes (likely an installer) | Show sources |
Source: Window Recorder | Window detected: |
Checks if Microsoft Office is installed | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Key opened: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Document has a 'bytes' value indicative for goodware | Show sources |
Source: ad89a7ca5869cb6ea153be32740e6fe4c2fae06383c4680560cc3dd861c2a77a.doc | Initial sample: |
Binary contains device paths (device paths are often used for kernel mode <-> user mode communication) | Show sources |
Source: System.evtx.648.dr | Binary string: | ||
Source: System.evtx.648.dr | Binary string: |
Binary contains paths to development resources | Show sources |
Source: WINWORD.EXE | Binary or memory string: |
Classification label | Show sources |
Source: classification engine | Classification label: |
Contains functionality to adjust token privileges (e.g. debug / backup) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_0315A564 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_003EA564 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_10002941 | |
Source: C:\Windows\System32\cmd.exe | Code function: | 3_2_0124A564 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_0127A564 | |
Source: C:\Windows\System32\dwm.exe | Code function: | 10_2_0038A564 | |
Source: C:\Windows\explorer.exe | Code function: | 11_2_00D4A564 | |
Source: C:\Windows\System32\conhost.exe | Code function: | 13_2_0010A564 |
Contains functionality to enum processes or threads | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_03159B04 |
Contains functionality to instantiate COM classes | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_03156647 |
Contains functionality to load and extract PE file embedded resources | Show sources |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_004011E8 |
Creates files inside the user directory | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File created: |
Creates temporary files | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File created: |
Document contains an OLE Word Document stream indicating a Microsoft Word file | Show sources |
Source: ad89a7ca5869cb6ea153be32740e6fe4c2fae06383c4680560cc3dd861c2a77a.doc | OLE indicator, Word Document stream: |
Document contains summary information with irregular field values | Show sources |
Source: ad89a7ca5869cb6ea153be32740e6fe4c2fae06383c4680560cc3dd861c2a77a.doc | OLE document summary: | ||
Source: ad89a7ca5869cb6ea153be32740e6fe4c2fae06383c4680560cc3dd861c2a77a.doc | OLE document summary: |
Found command line output | Show sources |
Source: C:\Windows\System32\cmd.exe | Console Write: |
Might use command line arguments | Show sources |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Command line argument: | 5_1_004013D0 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Command line argument: | 5_1_004013D0 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Command line argument: | 5_1_004013D0 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Command line argument: | 5_1_004013D0 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Command line argument: | 5_1_004013D0 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Command line argument: | 5_1_004013D0 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Command line argument: | 5_1_004013D0 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Command line argument: | 5_1_004013D0 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Command line argument: | 5_1_004013D0 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Command line argument: | 5_1_004013D0 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Command line argument: | 5_1_004013D0 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Command line argument: | 5_1_004013D0 |
Queries process information (via WMI, Win32_Process) | Show sources |
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: | ||
Source: C:\Windows\System32\svchost.exe | WMI Queries: |
Reads ini files | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File read: |
Reads software policies | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Key opened: |
Sample is known by Antivirus (Virustotal or Metascan) | Show sources |
Source: ad89a7ca5869cb6ea153be32740e6fe4c2fae06383c4680560cc3dd861c2a77a.doc | Virustotal: |
Spawns processes | Show sources |
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process created: | ||
Source: C:\Windows\explorer.exe | Process created: | ||
Source: C:\Windows\explorer.exe | Process created: | ||
Source: C:\Windows\System32\services.exe | Process created: |
Uses an in-process (OLE) Automation server | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Key value queried: |
Contains functionality to communicate with device drivers | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_0315B29A |
Creates mutexes | Show sources |
Source: C:\Windows\System32\dwm.exe | Mutant created: | ||
Source: C:\Windows\explorer.exe | Mutant created: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Mutant created: |
Document contains embedded VBA macros | Show sources |
Source: ad89a7ca5869cb6ea153be32740e6fe4c2fae06383c4680560cc3dd861c2a77a.doc | OLE indicator, VBA macros: |
Found potential string decryption / allocating functions | Show sources |
Source: C:\Windows\explorer.exe | Code function: |
Reads the hosts file | Show sources |
Source: C:\Windows\explorer.exe | File read: |
Antivirus detection for domain | Show sources |
Source: api.ipify.org | AutoShun: | ||
Source: tinhorecrin.com | BitDefender: | ||
Source: tinhorecrin.com | Malwarebytes hpHosts: | ||
Source: tinhorecrin.com | BitDefender: | ||
Source: tinhorecrin.com | Malwarebytes hpHosts: | ||
Source: tinhorecrin.com | BitDefender: | ||
Source: tinhorecrin.com | Malwarebytes hpHosts: | ||
Source: www.mi4nd.com | BitDefender: | ||
Source: www.mi4nd.com | Emsisoft: | ||
Source: www.mi4nd.com | Quick Heal: | ||
Source: www.mi4nd.com | Malwarebytes hpHosts: | ||
Source: www.mi4nd.com | Quttera: | ||
Source: www.worstofbreed.net | BitDefender: | ||
Source: www.worstofbreed.net | Emsisoft: | ||
Source: www.worstofbreed.net | Fortinet: | ||
Source: www.worstofbreed.net | Quick Heal: | ||
Source: www.worstofbreed.net | Malwarebytes hpHosts: | ||
Source: tinhorecrin.com | BitDefender: | ||
Source: tinhorecrin.com | Malwarebytes hpHosts: | ||
Source: tinhorecrin.com | BitDefender: | ||
Source: tinhorecrin.com | Malwarebytes hpHosts: |
Document contains an embedded VBA macro which executes code when the document is opened / closed | Show sources |
Source: ad89a7ca5869cb6ea153be32740e6fe4c2fae06383c4680560cc3dd861c2a77a.doc | OLE, VBA macro line: | |||
Source: VBA code instrumentation | OLE, VBA macro: | Name: Document_Open |
Document contains an embedded VBA macro which may execute processes | Show sources |
Document contains an embedded VBA macro with suspicious strings | Show sources |
Document contains an embedded VBA with base64 encoded strings | Show sources |
Source: VBA code instrumentation | OLE, VBA macro: |
Launches a second explorer.exe instance | Show sources |
Source: unknown | Process created: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process created: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Contains functionality to create a new security descriptor | Show sources |
Source: C:\Windows\explorer.exe | Code function: | 1_2_10002EF5 |
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: explorer.exe | Binary or memory string: | ||
Source: explorer.exe | Binary or memory string: | ||
Source: explorer.exe | Binary or memory string: | ||
Source: explorer.exe | Binary or memory string: |
Contains functionality to execute programs as a different user | Show sources |
Source: C:\Windows\explorer.exe | Code function: | 1_2_1000B56A |
Allocates memory in foreign processes | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory allocated: |
Changes memory attributes in foreign processes to executable or writable | Show sources |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory protected: |
Contains functionality to inject code into remote processes | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_053D0E86 |
Creates a thread in another existing process (thread injection) | Show sources |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Thread created: |
Injects a PE file into a foreign processes | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: |
Injects code into the Windows Explorer (explorer.exe) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: |
Maps a DLL or memory area into another process | Show sources |
Source: C:\Windows\System32\csrss.exe | Section loaded: |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Thread register set: |
Writes to foreign memory regions | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Memory written: | ||
Source: C:\Windows\System32\csrss.exe | Memory written: | ||
Source: C:\Windows\System32\csrss.exe | Memory written: | ||
Source: C:\Windows\System32\csrss.exe | Memory written: | ||
Source: C:\Windows\System32\csrss.exe | Memory written: | ||
Source: C:\Windows\System32\csrss.exe | Memory written: | ||
Source: C:\Windows\System32\csrss.exe | Memory written: |
Benign windows process drops PE files | Show sources |
Source: C:\Windows\explorer.exe | File created: |
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: C:\Windows\explorer.exe | Network Connect: | ||
Source: C:\Windows\explorer.exe | Network Connect: | ||
Source: C:\Windows\explorer.exe | Network Connect: | ||
Source: C:\Windows\explorer.exe | Network Connect: |
Anti Debugging: |
---|
Contains functionality to register its own exception handler | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_0315AEA1 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_003EAEA1 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_004030E1 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_1000B836 | |
Source: C:\Windows\System32\cmd.exe | Code function: | 3_2_0124AEA1 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_0127AEA1 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_1_0040D08F | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_1_004071DB | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_1_0041368B | |
Source: C:\Windows\System32\dwm.exe | Code function: | 10_2_0038AEA1 | |
Source: C:\Windows\explorer.exe | Code function: | 11_2_00D4AEA1 | |
Source: C:\Windows\System32\conhost.exe | Code function: | 13_2_0010AEA1 |
Creates guard pages, often used to prevent reverse engineering and debugging | Show sources |
Source: C:\Windows\System32\svchost.exe | Memory protected: |
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) | Show sources |
Source: C:\Windows\explorer.exe | System information queried: |
Contains functionality to check if a debugger is running (IsDebuggerPresent) | Show sources |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00402C78 |
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_03159B04 |
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_0315B416 |
Contains functionality to read the PEB | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_0312061B | |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_03120618 | |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_053D0E86 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_10009F63 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_0062061B | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_00620618 | |
Source: C:\Windows\System32\cmd.exe | Code function: | 3_2_0040061B | |
Source: C:\Windows\System32\cmd.exe | Code function: | 3_2_00400618 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_00590AAF | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_00590000 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_00590000 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_005906A7 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_005906A7 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_01210000 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_01210000 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_01210408 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_0124061B | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_01240618 | |
Source: C:\Windows\System32\dwm.exe | Code function: | 10_2_0035061B | |
Source: C:\Windows\System32\dwm.exe | Code function: | 10_2_00350618 | |
Source: C:\Windows\explorer.exe | Code function: | 11_2_00BC061B | |
Source: C:\Windows\explorer.exe | Code function: | 11_2_00BC0618 | |
Source: C:\Windows\System32\conhost.exe | Code function: | 13_2_0006061B | |
Source: C:\Windows\System32\conhost.exe | Code function: | 13_2_00060618 |
Contains functionality which may be used to detect a debugger (GetProcessHeap) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_03159882 |
Enables debug privileges | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process token adjusted: | ||
Source: C:\Windows\explorer.exe | Process token adjusted: | ||
Source: C:\Windows\System32\cmd.exe | Process token adjusted: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Process token adjusted: | ||
Source: C:\Windows\System32\dwm.exe | Process token adjusted: | ||
Source: C:\Windows\explorer.exe | Process token adjusted: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Process token adjusted: | ||
Source: C:\Windows\System32\conhost.exe | Process token adjusted: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Process token adjusted: |
Malware Analysis System Evasion: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_031596C8 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_003E96C8 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_100068C0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_10004DF4 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_10007241 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_10004A84 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_1000419E | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_1000673C | |
Source: C:\Windows\System32\cmd.exe | Code function: | 3_2_012496C8 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_2_012796C8 | |
Source: C:\Windows\System32\dwm.exe | Code function: | 10_2_003896C8 | |
Source: C:\Windows\explorer.exe | Code function: | 11_2_00D496C8 | |
Source: C:\Windows\System32\conhost.exe | Code function: | 13_2_001096C8 |
Contains functionality to query system information | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_03158E7D |
Queries a list of all running processes | Show sources |
Source: C:\Windows\explorer.exe | Process information queried: |
Checks the free space of harddrives | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File Volume queried: |
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_03159B04 |
Contains long sleeps (>= 3 min) | Show sources |
Source: C:\Windows\explorer.exe | Thread delayed: |
Enumerates the file system | Show sources |
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: |
Found a high number of Window / User specific system calls (may be a loop to detect user behavior) | Show sources |
Source: C:\Windows\explorer.exe | Window / User API: |
Found dropped PE file which has not been started or loaded | Show sources |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Dropped PE file which has not been started: | ||
Source: C:\Windows\explorer.exe | Dropped PE file which has not been started: |
Found evasive API chain (may stop execution after accessing registry keys) | Show sources |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Evasive API call chain: | graph_5-19080 |
Found large amount of non-executed APIs | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | API coverage: | ||
Source: C:\Windows\System32\cmd.exe | API coverage: | ||
Source: C:\Windows\System32\dwm.exe | API coverage: | ||
Source: C:\Windows\explorer.exe | API coverage: | ||
Source: C:\Windows\System32\conhost.exe | API coverage: |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: C:\Windows\explorer.exe TID: 2376 | Thread sleep time: | ||
Source: C:\Windows\explorer.exe TID: 1600 | Thread sleep time: | ||
Source: C:\Windows\explorer.exe TID: 1948 | Thread sleep count: | ||
Source: C:\Windows\explorer.exe TID: 1948 | Thread sleep time: | ||
Source: C:\Windows\explorer.exe TID: 1948 | Thread sleep time: | ||
Source: C:\Windows\explorer.exe TID: 2376 | Thread sleep time: | ||
Source: C:\Windows\explorer.exe TID: 320 | Thread sleep count: | ||
Source: C:\Windows\explorer.exe TID: 3000 | Thread sleep count: | ||
Source: C:\Windows\explorer.exe TID: 3000 | Thread sleep time: | ||
Source: C:\Windows\explorer.exe TID: 3784 | Thread sleep time: | ||
Source: C:\Windows\explorer.exe TID: 3000 | Thread sleep time: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 2916 | Thread sleep time: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 2336 | Thread sleep time: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 3444 | Thread sleep time: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 3444 | Thread sleep time: | ||
Source: C:\Windows\System32\wbem\WmiApSrv.exe TID: 2860 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 1028 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 1028 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 640 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 1028 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 640 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 1028 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 1028 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 1028 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 1028 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 1028 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 1028 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 1028 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 1028 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 2644 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 640 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 640 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 2644 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 2644 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 2644 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 2644 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 2644 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 2644 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 2644 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 640 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 640 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 1028 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 2644 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 3192 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 2356 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 1540 | Thread sleep time: | ||
Source: C:\Windows\System32\wbem\WmiApSrv.exe TID: 3240 | Thread sleep time: | ||
Source: C:\Windows\System32\wbem\WmiApSrv.exe TID: 1288 | Thread sleep time: |
Hooking and other Techniques for Hiding and Protection: |
---|
Disables application error messsages (SetErrorMode) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Windows\explorer.exe | Process information set: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Process information set: | ||
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Process information set: | ||
Source: C:\Windows\System32\services.exe | Process information set: |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Modifies Internet Explorer zone settings | Show sources |
Source: C:\Windows\explorer.exe | Registry key created or modified: |
Language, Device and Operating System Detection: |
---|
Contains functionality to query local / system time | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_03158B19 |
Contains functionality to query the account / user name | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_03158E08 |
Contains functionality to query windows version | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Code function: | 0_2_03158C11 |
Queries the cryptographic machine GUID | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Key value queried: |
Contains functionality locales information (e.g. system language) | Show sources |
Source: C:\Windows\explorer.exe | Code function: | 1_2_100044F3 | |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_1_00411050 |
Contains functionality to detect query CPU information (cpuid) | Show sources |
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Code function: | 5_1_0040B9A8 |
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: C:\Windows\explorer.exe | Queries volume information: | ||
Source: C:\Windows\explorer.exe | Queries volume information: | ||
Source: C:\Windows\System32\cmd.exe | Queries volume information: | ||
Source: C:\Users\MATTBR~1\AppData\Local\Temp\BN3918.tmp | Queries volume information: | ||
Source: C:\Windows\System32\dwm.exe | Queries volume information: | ||
Source: C:\Windows\explorer.exe | Queries volume information: | ||
Source: C:\Windows\System32\conhost.exe | Queries volume information: |
Behavior Graph |
---|
Yara Overview |
---|
No Yara matches |
---|
Screenshot |
---|
Startup |
---|
|
Created / dropped Files |
---|
File Path | Type and Hashes |
---|---|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
Contacted Domains/Contacted IPs |
---|
Contacted Domains |
---|
Name | IP | Active |
---|---|---|
www.mi4nd.com | 206.196.99.49 | true |
solohaly.ru | 80.78.251.134 | true |
api.ipify.org | 54.243.89.142 | true |
www.worstofbreed.net | 178.77.97.61 | true |
tinhorecrin.com | unknown | unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Country | Flag | ASN | ASN Name |
---|---|---|---|---|
178.77.97.61 | Germany | 20773 | HostEuropeGmbH | |
54.243.89.142 | United States | 14618 | AmazoncomInc | |
206.196.99.49 | United States | 6428 | CDM | |
8.8.8.8 | United States | 15169 | GoogleInc | |
80.78.251.134 | Russian Federation | 43146 | AgavaLtd |
Static File Info |
---|
General | |
---|---|
File type: | 0 |
TrID: |
|
File name: | ad89a7ca5869cb6ea153be32740e6fe4c2fae06383c4680560cc3dd861c2a77a.doc |
File size: | 188416 |
MD5: | 85965f7ce5e44f1836ebcaff4a8aef31 |
SHA1: | 3e9257ae34ef65b346effddba8607e3853073489 |
SHA256: | ad89a7ca5869cb6ea153be32740e6fe4c2fae06383c4680560cc3dd861c2a77a |
SHA512: | fdbd5fe4ef801b49a7dd5d4452f9fbf2d31eb77074886dc4fd0ebb0ff03e92e14839ef8248681727c254585a883d7fcee56bf0125796a9cd8bb2962cb5bea7b8 |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
File Icon |
---|
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "ad89a7ca5869cb6ea153be32740e6fe4c2fae06383c4680560cc3dd861c2a77a.doc" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Office Word |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Title: | |
Subject: | |
Author: | Emily |
Keywords: | |
Comments: | |
Template: | Normal.dot |
Last Saved By: | Windows |
Revion Number: | 1 |
Total Edit Time: | 0 |
Create Time: | 2017-01-09 12:42:00 |
Last Saved Time: | 2017-01-09 12:42:00 |
Number of Pages: | 1 |
Number of Words: | 0 |
Number of Characters: | 2 |
Creating Application: | Microsoft Office Word |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Number of Bytes: | 11000 |
Number of Lines: | 1 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | False |
Company: | |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 726502 |
Streams with VBA |
---|
VBA File Name: ThisDocument.cls, Stream Size: 10665 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/ThisDocument |
VBA File Name: | ThisDocument.cls |
Stream Size: | 10665 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I . 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . [ E . . . { S . . . . H . + . 3 . F . . . N . . & . . . . . . . . . . . . . . . . . . . . E . . . . . H @ . . . . . 0 I { . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 00 00 01 00 00 16 0b 00 00 e4 00 00 00 12 02 00 00 ff ff ff ff 1f 0b 00 00 f7 1d 00 00 05 00 00 00 01 00 00 00 49 1d 36 b3 00 00 ff ff a3 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 e7 9f cb da 78 83 5b 45 96 03 eb 7b 53 e4 1d ee be 48 c2 2b 0c 33 c5 46 a1 d0 ce 20 4e 16 b9 26 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code with Deobfuscations |
---|
|
VBA Code |
---|
|
VBA File Name: nanosecond.frm, Stream Size: 1161 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/nanosecond |
VBA File Name: | nanosecond.frm |
Stream Size: | 1161 |
Data ASCII: | . . . . . . . . . @ . . . . . . . L . . . . . . . G . . . . . . . . . . . . . . . I . . s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 40 03 00 00 d4 00 00 00 4c 02 00 00 ff ff ff ff 47 03 00 00 9b 03 00 00 00 00 00 00 01 00 00 00 49 1d 9a 73 00 00 ff ff 01 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code with Deobfuscations |
---|
|
VBA Code |
---|
|
VBA File Name: stannary.bas, Stream Size: 19456 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/stannary |
VBA File Name: | stannary.bas |
Stream Size: | 19456 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 . . . . . . . . . . I . . . . . . . . . . . . . . . . . . . . . , . . . . . , . . . . . . . . . . . . . . . . . S H C r e a t e T h r e a d . . . . 2 . 8 . . . . . . . . . . . . . . . S e t S y s t e m T i m e . . . . . < . \\ . . . $ . . . . . . . . . . . S H V a l i d a t e U N C . . . . . 2 . . . . . H . . . . . . . . . . . L o c a l F r e e . . . . . P . . . . . l . . . . . . . . . . . N t A l l o c a t e V i r t u a l M e m o r y . . . 2 . . |
Data Raw: | 01 16 01 00 00 1c 02 00 00 98 0d 00 00 00 02 00 00 b4 02 00 00 ff ff ff ff 9f 0d 00 00 c7 37 00 00 00 00 00 00 01 00 00 00 49 1d dc c7 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 2c 01 00 00 00 00 2c 02 14 00 00 00 ff ff c1 03 00 00 00 00 00 00 00 00 53 48 43 72 65 61 74 65 54 68 72 65 61 64 00 00 00 00 32 02 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53 65 74 53 79 |
VBA Code with Deobfuscations |
---|
|
VBA Code |
---|
|
Streams |
---|
Stream Path: \x1CompObj, File Type: data, Stream Size: 113 |
---|
General | |
---|---|
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 113 |
Entropy: | 4.34494072836 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . . . . . . . . . M i c r o s o f t O f f i c e W o r d . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 1f 00 00 00 c4 ee ea f3 ec e5 ed f2 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 57 6f 72 64 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: \x5DocumentSummaryInformation, File Type: FoxPro FPT, blocks size 512, next free block index 4278124544, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | FoxPro FPT, blocks size 512, next free block index 4278124544 |
Stream Size: | 4096 |
Entropy: | 0.280504203193 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 fc 00 00 00 0d 00 00 00 01 00 00 00 70 00 00 00 0f 00 00 00 78 00 00 00 04 00 00 00 84 00 00 00 05 00 00 00 8c 00 00 00 06 00 00 00 94 00 00 00 11 00 00 00 9c 00 00 00 17 00 00 00 a4 00 00 00 0b 00 00 00 ac 00 00 00 10 00 00 00 b4 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: FoxPro FPT, blocks size 512, next free block index 4278124544, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | FoxPro FPT, blocks size 512, next free block index 4278124544 |
Stream Size: | 4096 |
Entropy: | 0.455611905059 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 4 . . . . . . . @ . . . . . . . L . . . . . . . T . . . . . . . \\ . . . . . . . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E m i l y . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 6c 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 ec 00 00 00 09 00 00 00 fc 00 00 00 |
Stream Path: 1Table, File Type: FoxPro FPT, blocks size 256, next free block index 2248281856, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | 1Table |
File Type: | FoxPro FPT, blocks size 256, next free block index 2248281856 |
Stream Size: | 4096 |
Entropy: | 2.09527455105 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 86 02 0f 00 12 00 01 00 9c 00 0f 00 04 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: Data, File Type: dBase IV DBT, blocks size 6553668, next free block index 30694, Stream Size: 30694 |
---|
General | |
---|---|
Stream Path: | Data |
File Type: | dBase IV DBT, blocks size 6553668, next free block index 30694 |
Stream Size: | 30694 |
Entropy: | 5.32591532547 |
Base64 Encoded: | True |
Data ASCII: | . w . . D . d . . . . . . . . . . . . . . . . . . . . . P . P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . . . . . . . . . . . . . . . . C . . . . . . . A . . . . . . . . . . . . . . . . . . . . . . p . i . c . . . . . . . . . . . . . . . R . . . N w . . . . v E . . . . . . . . . W . & | S . . * w . . . . . . D . . . . . . . . F . . " w . . v E . . . . . . . . . W . & | S . . . . . . M E x i f . . M M . * . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | e6 77 00 00 44 00 64 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 50 00 fa 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 f0 44 00 00 00 b2 04 0a f0 08 00 00 00 06 04 00 00 00 0a 00 00 43 00 0b f0 20 00 00 00 04 41 02 00 00 00 05 c1 08 00 00 00 06 01 02 00 00 00 ff 01 00 00 08 00 70 00 69 00 |
Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 535 |
---|
General | |
---|---|
Stream Path: | Macros/PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 535 |
Entropy: | 5.37243790997 |
Base64 Encoded: | True |
Data ASCII: | I D = " { E 1 5 8 1 E 7 C - 8 E E 5 - 4 0 3 4 - A 8 6 8 - 2 2 9 2 6 6 E E A 3 2 A } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . M o d u l e = s t a n n a r y . . P a c k a g e = { A C 9 F 2 F 9 0 - E 8 7 7 - 1 1 C E - 9 F 6 8 - 0 0 A A 0 0 5 7 4 A 4 F } . . B a s e C l a s s = n a n o s e c o n d . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " C D C F 1 9 6 E 2 B 3 F 2 F 3 F 2 |
Data Raw: | 49 44 3d 22 7b 45 31 35 38 31 45 37 43 2d 38 45 45 35 2d 34 30 33 34 2d 41 38 36 38 2d 32 32 39 32 36 36 45 45 41 33 32 41 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 73 74 61 6e 6e 61 72 79 0d 0a 50 61 63 6b 61 67 65 3d 7b 41 43 39 46 32 46 39 30 2d 45 38 37 37 2d 31 31 43 45 2d 39 46 36 38 |
Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 101 |
---|
General | |
---|---|
Stream Path: | Macros/PROJECTwm |
File Type: | data |
Stream Size: | 101 |
Entropy: | 3.18089953017 |
Base64 Encoded: | False |
Data ASCII: | T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . s t a n n a r y . s . t . a . n . n . a . r . y . . . n a n o s e c o n d . n . a . n . o . s . e . c . o . n . d . . . . . |
Data Raw: | 54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 73 74 61 6e 6e 61 72 79 00 73 00 74 00 61 00 6e 00 6e 00 61 00 72 00 79 00 00 00 6e 61 6e 6f 73 65 63 6f 6e 64 00 6e 00 61 00 6e 00 6f 00 73 00 65 00 63 00 6f 00 6e 00 64 00 00 00 00 00 |
Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 8279 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 8279 |
Entropy: | 5.06379562399 |
Base64 Encoded: | False |
Data ASCII: | . a y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 1 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . |
Data Raw: | cc 61 79 00 00 01 00 ff 19 04 00 00 09 04 00 00 e3 04 01 00 00 00 00 00 00 00 00 00 01 00 06 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
Stream Path: Macros/VBA/dir, File Type: data, Stream Size: 850 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/dir |
File Type: | data |
Stream Size: | 850 |
Entropy: | 6.48591996589 |
Base64 Encoded: | True |
Data ASCII: | . N . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . . l . . . . . . . . . . . ? Z . . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 . 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ s y s t e m 3 . 2 \\ . e 2 . t l b . # O L E A u t . o m a t i o n . ` . . . . E N o r m a l . . E N . C r . m . a Q . F . . . . . . . * . \\ C . . . . . < . Y . |
Data Raw: | 01 4e b3 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e3 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 fb d8 3f 5a 1a 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30 |
Stream Path: Macros/nanosecond/\x1CompObj, File Type: data, Stream Size: 97 |
---|
General | |
---|---|
Stream Path: | Macros/nanosecond/\x1CompObj |
File Type: | data |
Stream Size: | 97 |
Entropy: | 3.61064918306 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: Macros/nanosecond/\x3VBFrame, File Type: ASCII text, with CRLF line terminators, Stream Size: 296 |
---|
General | |
---|---|
Stream Path: | Macros/nanosecond/\x3VBFrame |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 296 |
Entropy: | 4.61625260717 |
Base64 Encoded: | True |
Data ASCII: | V E R S I O N 5 . 0 0 . . B e g i n { C 6 2 A 6 9 F 0 - 1 6 D C - 1 1 C E - 9 E 9 8 - 0 0 A A 0 0 5 7 4 A 4 F } n a n o s e c o n d . . C a p t i o n = " c o u n t i n g h o u s e " . . C l i e n t H e i g h t = 2 7 0 0 . . C l i e n t L e f t = 4 5 . . C l i e n t T o p = 3 7 5 . . C l i e n t W i d t h = 3 7 9 5 . . S t a r t U p P o s i t i o n = 1 ' C e n t |
Data Raw: | 56 45 52 53 49 4f 4e 20 35 2e 30 30 0d 0a 42 65 67 69 6e 20 7b 43 36 32 41 36 39 46 30 2d 31 36 44 43 2d 31 31 43 45 2d 39 45 39 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 20 6e 61 6e 6f 73 65 63 6f 6e 64 20 0d 0a 20 20 20 43 61 70 74 69 6f 6e 20 20 20 20 20 20 20 20 20 3d 20 20 20 22 63 6f 75 6e 74 69 6e 67 68 6f 75 73 65 22 0d 0a 20 20 20 43 6c 69 65 6e 74 48 65 69 67 68 74 20 |
Stream Path: Macros/nanosecond/f, File Type: data, Stream Size: 98 |
---|
General | |
---|---|
Stream Path: | Macros/nanosecond/f |
File Type: | data |
Stream Size: | 98 |
Entropy: | 3.20375372043 |
Base64 Encoded: | False |
Data ASCII: | . . ( . . . . . . % . . . . . . . . . . . . . . . } . . & . . . . . . . . . . . . . . . . . . . . . , . . . . . h o . . $ . . . . . . . . . . . . . . < . . . . . . u n s h a d e d 8 . . . . . . . |
Data Raw: | 00 04 28 00 8a 0e 80 0c c0 25 c7 00 01 00 00 00 01 07 00 00 02 00 00 00 00 7d 00 00 26 1a 00 00 9a 12 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 2c 00 00 00 00 01 68 6f 00 00 24 00 e5 01 00 00 08 00 00 80 01 00 00 00 a8 3c 00 00 00 00 12 00 75 6e 73 68 61 64 65 64 38 19 00 00 95 03 00 00 |
Stream Path: Macros/nanosecond/o, File Type: data, Stream Size: 15528 |
---|
General | |
---|---|
Stream Path: | Macros/nanosecond/o |
File Type: | data |
Stream Size: | 15528 |
Entropy: | 5.73609999585 |
Base64 Encoded: | True |
Data ASCII: | . . L < 3 . . . . . . . . % . . . . . . < . . . . . . . . . . . d . . . . . . . < . . . . " . . < . . . . . . . T a b 1 . . . . T a b 2 . . . . T a b 3 . . . . T a b 4 . . . . T a b 5 . . . . T a b 6 . . . . T a b 7 . . . . T a b 8 . . . . T a b 9 . . . . T a b 1 0 . i . . . . . T a b 1 1 . i . . . . . T a b 1 2 . i . . . . . T a b 1 3 . i . . . . . T a b 1 4 . i . . . . . T a b 1 5 . i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 00 02 4c 3c 33 80 fa 00 01 00 00 00 c0 25 c7 00 90 00 00 00 3c 00 00 00 b0 1d 00 00 0f 00 00 00 64 1d 00 00 0f 00 00 00 3c 00 00 00 dd 22 00 00 3c 09 00 00 04 00 00 80 54 61 62 31 04 00 00 80 54 61 62 32 04 00 00 80 54 61 62 33 04 00 00 80 54 61 62 34 04 00 00 80 54 61 62 35 04 00 00 80 54 61 62 36 04 00 00 80 54 61 62 37 04 00 00 80 54 61 62 38 04 00 00 80 54 61 62 39 05 00 00 80 |
Stream Path: WordDocument, File Type: data, Stream Size: 81011 |
---|
General | |
---|---|
Stream Path: | WordDocument |
File Type: | data |
Stream Size: | 81011 |
Entropy: | 7.48442789585 |
Base64 Encoded: | True |
Data ASCII: | . . . . q ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . b j b j q P q P . . . . . . . . . . . . . . . . . . . . . . s < . . . : . . . : . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . . . . . . . " . . . . . . . " . . . . . . . " . . . . . |
Data Raw: | ec a5 c1 00 71 60 19 04 00 00 f8 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 06 00 00 03 08 00 00 0e 00 62 6a 62 6a 71 50 71 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 04 16 00 73 3c 01 00 13 3a 01 00 13 3a 01 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 11, 2017 14:54:25.957855940 CET | 64305 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:26.306329966 CET | 53 | 64305 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:26.330780029 CET | 49310 | 80 | 192.168.1.80 | 54.243.89.142 |
Jan 11, 2017 14:54:26.330832958 CET | 80 | 49310 | 54.243.89.142 | 192.168.1.80 |
Jan 11, 2017 14:54:26.330909967 CET | 49310 | 80 | 192.168.1.80 | 54.243.89.142 |
Jan 11, 2017 14:54:26.331377983 CET | 49310 | 80 | 192.168.1.80 | 54.243.89.142 |
Jan 11, 2017 14:54:26.331403971 CET | 80 | 49310 | 54.243.89.142 | 192.168.1.80 |
Jan 11, 2017 14:54:26.787544966 CET | 80 | 49310 | 54.243.89.142 | 192.168.1.80 |
Jan 11, 2017 14:54:26.787676096 CET | 49310 | 80 | 192.168.1.80 | 54.243.89.142 |
Jan 11, 2017 14:54:26.879842043 CET | 60414 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:27.869821072 CET | 60414 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:28.868186951 CET | 60414 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:29.281256914 CET | 53 | 60414 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:29.281316042 CET | 53 | 60414 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:29.281347036 CET | 53 | 60414 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:31.536072969 CET | 51491 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:31.706415892 CET | 53 | 51491 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:31.708823919 CET | 49311 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:54:31.708873987 CET | 80 | 49311 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:54:31.708988905 CET | 49311 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:54:31.709688902 CET | 49311 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:54:31.709724903 CET | 80 | 49311 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:54:31.938780069 CET | 80 | 49311 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:54:31.938919067 CET | 49311 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:54:31.949189901 CET | 62302 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:32.127063990 CET | 53 | 62302 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:32.129426956 CET | 49312 | 80 | 192.168.1.80 | 206.196.99.49 |
Jan 11, 2017 14:54:32.129475117 CET | 80 | 49312 | 206.196.99.49 | 192.168.1.80 |
Jan 11, 2017 14:54:32.129611015 CET | 49312 | 80 | 192.168.1.80 | 206.196.99.49 |
Jan 11, 2017 14:54:32.130311012 CET | 49312 | 80 | 192.168.1.80 | 206.196.99.49 |
Jan 11, 2017 14:54:32.130340099 CET | 80 | 49312 | 206.196.99.49 | 192.168.1.80 |
Jan 11, 2017 14:54:33.226013899 CET | 80 | 49312 | 206.196.99.49 | 192.168.1.80 |
Jan 11, 2017 14:54:33.226036072 CET | 80 | 49312 | 206.196.99.49 | 192.168.1.80 |
Jan 11, 2017 14:54:33.226149082 CET | 49312 | 80 | 192.168.1.80 | 206.196.99.49 |
Jan 11, 2017 14:54:33.226829052 CET | 49312 | 80 | 192.168.1.80 | 206.196.99.49 |
Jan 11, 2017 14:54:33.226905107 CET | 49312 | 80 | 192.168.1.80 | 206.196.99.49 |
Jan 11, 2017 14:54:33.226907969 CET | 80 | 49312 | 206.196.99.49 | 192.168.1.80 |
Jan 11, 2017 14:54:33.226989985 CET | 49312 | 80 | 192.168.1.80 | 206.196.99.49 |
Jan 11, 2017 14:54:33.233813047 CET | 49901 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:33.410739899 CET | 53 | 49901 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:33.413144112 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.413197041 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.413311005 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.414022923 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.414055109 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.596590042 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.596612930 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.596636057 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.596781969 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.597492933 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.597518921 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.597527981 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.597785950 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.613915920 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.613939047 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.613948107 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.614176989 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.630456924 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.630481958 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.630490065 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.630621910 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.630647898 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.630664110 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.630675077 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.630726099 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.631342888 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.631366014 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.631375074 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.631494045 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.631520033 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.631536961 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.631546974 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.631618977 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.631685019 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.631757975 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.631839991 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.631855965 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.631866932 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.631964922 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.649228096 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.649391890 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.662298918 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.662338018 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.662348032 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.662506104 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.665591002 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.665728092 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.665929079 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.665963888 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.665980101 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.666068077 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.666481972 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.666495085 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.666506052 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.666632891 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.666647911 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.667016029 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.667773962 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.667793036 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.667805910 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.667910099 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.668276072 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.668288946 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.668297052 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.668435097 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.669243097 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.669394970 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.669967890 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.669986963 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.670005083 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.670147896 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.671021938 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.671039104 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.671056986 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.671176910 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.684077978 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.684098959 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.684111118 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.684252977 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.686105013 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.686146021 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.686157942 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.686306000 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.686338902 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.686734915 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.695338964 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.695363998 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.695528984 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:33.701539040 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.701567888 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:33.701813936 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:34.945146084 CET | 65148 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:35.078702927 CET | 53 | 65148 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:38.645190954 CET | 80 | 49313 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:54:38.645431042 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:54:42.345592976 CET | 52357 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:42.477113962 CET | 53 | 52357 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:49.733997107 CET | 51063 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:49.873848915 CET | 53 | 51063 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:57.143470049 CET | 53635 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:57.304995060 CET | 53 | 53635 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:04.559442997 CET | 54931 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:04.723993063 CET | 53 | 54931 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:11.983508110 CET | 52967 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:12.132433891 CET | 53 | 52967 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:19.386703014 CET | 52878 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:19.586070061 CET | 53 | 52878 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:25.887559891 CET | 80 | 49310 | 54.243.89.142 | 192.168.1.80 |
Jan 11, 2017 14:55:25.887779951 CET | 49310 | 80 | 192.168.1.80 | 54.243.89.142 |
Jan 11, 2017 14:55:26.842533112 CET | 49206 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:27.010989904 CET | 53 | 49206 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:34.281660080 CET | 49705 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:35.275310040 CET | 49705 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:36.274554968 CET | 49705 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:36.472373009 CET | 53 | 49705 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:36.472469091 CET | 53 | 49705 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:36.472495079 CET | 53 | 49705 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:43.716273069 CET | 60040 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:43.871156931 CET | 53 | 60040 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:46.977377892 CET | 80 | 49311 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:55:46.977673054 CET | 49311 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:55:51.141689062 CET | 65174 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:51.287399054 CET | 53 | 65174 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:53.528695107 CET | 49707 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:53.809457064 CET | 53 | 49707 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:53.810125113 CET | 49314 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:55:53.810153008 CET | 80 | 49314 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:55:53.810229063 CET | 49314 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:55:53.810427904 CET | 49314 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:55:53.810441971 CET | 80 | 49314 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:55:53.810535908 CET | 49314 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:55:53.810549021 CET | 80 | 49314 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:55:54.192636013 CET | 80 | 49314 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:55:54.192703009 CET | 80 | 49314 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:55:54.192836046 CET | 49314 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:55:54.208250046 CET | 49314 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:55:54.208280087 CET | 80 | 49314 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:55:54.613734007 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.614481926 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.614522934 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.614609957 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.615046978 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.615073919 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.752580881 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.752589941 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.752593994 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.752686977 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.770047903 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.770091057 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.770111084 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.770236969 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.787354946 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.787406921 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.787415981 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.787590027 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.787616968 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.787683010 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.787720919 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.788244009 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.790338039 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.790363073 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.790380001 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.790510893 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.802757025 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.802792072 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.802802086 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.802975893 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.802995920 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.803087950 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.803123951 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.803575993 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.804760933 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.804780960 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.804799080 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.804852962 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.804862022 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.805027008 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.805064917 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.805565119 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.821147919 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.821429968 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.822505951 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.822542906 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.822576046 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.822626114 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.823400974 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.823501110 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.823534012 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.823551893 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.823648930 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.825310946 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.825530052 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.827038050 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.827069044 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.827085972 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.827322006 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.828949928 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.829190969 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.830760002 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.830786943 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.830800056 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.831036091 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.833189011 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.833395004 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.834685087 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.834724903 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.834738016 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.834940910 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.842848063 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.842884064 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.842900038 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.843120098 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.846330881 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.846364975 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.846375942 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.846575022 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.847889900 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.847915888 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.848083019 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.849986076 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.850224018 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.852441072 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.852474928 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.852503061 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.852710009 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.857753992 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.857796907 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.857801914 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.858032942 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.860560894 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.860585928 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.860595942 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.860775948 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.861138105 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.861159086 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.861169100 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.861344099 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.863974094 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.864182949 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.864713907 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.864744902 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.864756107 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.864950895 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.865547895 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.865581989 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.865598917 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.865792990 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.866125107 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.866295099 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.866861105 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.866890907 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.866900921 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.867053986 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.867367983 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.867557049 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.868953943 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.868985891 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.868997097 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.869210958 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.870049953 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.870268106 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.871200085 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.871223927 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.871237993 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.871392965 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.872585058 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.872618914 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.872634888 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.872797012 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.935002089 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.935045004 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.935060024 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.935273886 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.935314894 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.935340881 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.935357094 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.935461998 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.935518980 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.935539961 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.935551882 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:54.935607910 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:54.977838039 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.034872055 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.034924984 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.034934998 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.035094023 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.035111904 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.035257101 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.035293102 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.035784006 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.135399103 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.135421038 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.135428905 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.135529995 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.135540962 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.135555983 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.135564089 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.135571003 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.135607004 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.135629892 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.136003017 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.234858990 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.234890938 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.234899044 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.234981060 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.234992981 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.235202074 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.235250950 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.235714912 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.335186958 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.335325956 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.335338116 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.335345984 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.335352898 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.335380077 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.335419893 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.335445881 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.336643934 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.435684919 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.435699940 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.435707092 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.435767889 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.435777903 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.435851097 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.435861111 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.435867071 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.435904026 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.435920000 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.436499119 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.535248995 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.535290003 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.535309076 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.535468102 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.535496950 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.535511017 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.535545111 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.536011934 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.571382999 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.634885073 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.634915113 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.634928942 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.635164022 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.635166883 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.635189056 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.635200024 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.635215998 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.635231018 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.635243893 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.635333061 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.635361910 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.635582924 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.635663033 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.735548019 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.735574961 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.735584021 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.735682964 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.735699892 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.735925913 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.735964060 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.736434937 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.834950924 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.835129976 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.835141897 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.835146904 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.835167885 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.835232019 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.835275888 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.835721016 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.935506105 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.935537100 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.935549974 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.935656071 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.935674906 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.935728073 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.935808897 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.935843945 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.935868025 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.935894012 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.935992956 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.936017990 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:55.936240911 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:55.936321020 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.035231113 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.035255909 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.035274982 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.035370111 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.035382032 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.035386086 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.035403013 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.035991907 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.135632992 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.135647058 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.135654926 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.135787010 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.135811090 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.135828972 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.135838985 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.135862112 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.135874987 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.135947943 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.135967016 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.136363029 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.235162973 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.235189915 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.235205889 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.235306025 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.235322952 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.235491037 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.235529900 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.235969067 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.334609985 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.334779978 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.334799051 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.334811926 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.334822893 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.334846973 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.334899902 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.335335970 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.435200930 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.435223103 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.435230970 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.435331106 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.435344934 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.435374022 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.435391903 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.435415983 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.435472965 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.435486078 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.435556889 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.435575008 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.435693979 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.435738087 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.534760952 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.534782887 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.534796000 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.534878016 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.534899950 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.534940004 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.534960032 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.535415888 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.635222912 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.635441065 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.635459900 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.635461092 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.635474920 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.635497093 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.635513067 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.635602951 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.735842943 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.735868931 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.735878944 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.735965014 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.735979080 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.736001015 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.736017942 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.736028910 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.736135006 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.736145020 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.736157894 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.736227989 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.736247063 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.736478090 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.736530066 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.774581909 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.835427046 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.835438967 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.835444927 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.835503101 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.835510969 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.835861921 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.835879087 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.835956097 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.934778929 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.934813976 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.935010910 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.935030937 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.935030937 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.935065985 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.935091972 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.935101032 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.935190916 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.935208082 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.935323954 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.935352087 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:56.935497999 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:56.935574055 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.035537004 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.035571098 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.035589933 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.035737991 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.035756111 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.035801888 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.035841942 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.036309958 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.135040998 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.135158062 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.135188103 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.135200024 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.135221958 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.135257959 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.135345936 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.135390043 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.135418892 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.135437012 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.135472059 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.135819912 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.234709978 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.234730005 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.234741926 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.234823942 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.234833956 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.234841108 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.234847069 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.234931946 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.234972954 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.235541105 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.335217953 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.335246086 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.335256100 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.335362911 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.335388899 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.335515022 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.335566044 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.335990906 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.435734034 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.435765028 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.435779095 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.435965061 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.435978889 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.435983896 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.435996056 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.436012983 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.436110020 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.436113119 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.436125994 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.436141014 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.436194897 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.436347961 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.535407066 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.535428047 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.535434961 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.535536051 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.535548925 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.535557985 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.535578012 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.535917044 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.634854078 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.635026932 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.635046005 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.635061026 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.635068893 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.635076046 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.635104895 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.635485888 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.735446930 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.735470057 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.735482931 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.735589981 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.735610008 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.735716105 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.735733986 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.735744953 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.735742092 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.735780954 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.736269951 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.835056067 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.835081100 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.835089922 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.835278988 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:57.835315943 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:57.835731983 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:59.243334055 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:55:59.864314079 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:55:59.864497900 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:56:04.102113962 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:56:13.711441040 CET | 49313 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:56:26.044014931 CET | 49315 | 80 | 192.168.1.80 | 178.77.97.61 |
Jan 11, 2017 14:56:26.044053078 CET | 80 | 49315 | 178.77.97.61 | 192.168.1.80 |
Jan 11, 2017 14:56:26.044272900 CET | 49311 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:56:26.044289112 CET | 80 | 49311 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:56:26.044523954 CET | 49310 | 80 | 192.168.1.80 | 54.243.89.142 |
Jan 11, 2017 14:56:26.352097988 CET | 49310 | 80 | 192.168.1.80 | 54.243.89.142 |
Jan 11, 2017 14:56:26.961800098 CET | 49310 | 80 | 192.168.1.80 | 54.243.89.142 |
Jan 11, 2017 14:56:28.164618015 CET | 49310 | 80 | 192.168.1.80 | 54.243.89.142 |
Jan 11, 2017 14:56:30.571602106 CET | 49310 | 80 | 192.168.1.80 | 54.243.89.142 |
Jan 11, 2017 14:56:35.383809090 CET | 49310 | 80 | 192.168.1.80 | 54.243.89.142 |
Jan 11, 2017 14:56:44.992774010 CET | 49310 | 80 | 192.168.1.80 | 54.243.89.142 |
Jan 11, 2017 14:57:57.952689886 CET | 49316 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:57:57.952744007 CET | 80 | 49316 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:57:57.952841997 CET | 49316 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:57:57.953501940 CET | 49316 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:57:57.953531027 CET | 80 | 49316 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:57:58.173532963 CET | 80 | 49316 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:57:58.173777103 CET | 49316 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:59:13.208085060 CET | 80 | 49316 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:59:13.208250999 CET | 49316 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:59:58.199678898 CET | 49316 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:59:58.199702978 CET | 80 | 49316 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:59:58.202083111 CET | 49317 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:59:58.202111959 CET | 80 | 49317 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:59:58.202215910 CET | 49317 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:59:58.202635050 CET | 49317 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 14:59:58.202651024 CET | 80 | 49317 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:59:58.431724072 CET | 80 | 49317 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 14:59:58.431879044 CET | 49317 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 15:01:13.439070940 CET | 80 | 49317 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 15:01:13.439172983 CET | 49317 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 15:01:55.760088921 CET | 49317 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 15:01:55.760122061 CET | 80 | 49317 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 15:01:58.467842102 CET | 49318 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 15:01:58.467875004 CET | 80 | 49318 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 15:01:58.467952013 CET | 49318 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 15:01:58.468327045 CET | 49318 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 15:01:58.468358040 CET | 80 | 49318 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 15:01:58.703216076 CET | 80 | 49318 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 15:01:58.703358889 CET | 49318 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 15:03:13.706636906 CET | 80 | 49318 | 80.78.251.134 | 192.168.1.80 |
Jan 11, 2017 15:03:13.706768990 CET | 49318 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 15:03:45.790560961 CET | 49318 | 80 | 192.168.1.80 | 80.78.251.134 |
Jan 11, 2017 15:03:45.790600061 CET | 80 | 49318 | 80.78.251.134 | 192.168.1.80 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 11, 2017 14:54:25.957855940 CET | 64305 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:26.306329966 CET | 53 | 64305 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:26.879842043 CET | 60414 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:27.869821072 CET | 60414 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:28.868186951 CET | 60414 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:29.281256914 CET | 53 | 60414 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:29.281316042 CET | 53 | 60414 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:29.281347036 CET | 53 | 60414 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:31.536072969 CET | 51491 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:31.706415892 CET | 53 | 51491 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:31.949189901 CET | 62302 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:32.127063990 CET | 53 | 62302 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:33.233813047 CET | 49901 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:33.410739899 CET | 53 | 49901 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:34.945146084 CET | 65148 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:35.078702927 CET | 53 | 65148 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:42.345592976 CET | 52357 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:42.477113962 CET | 53 | 52357 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:49.733997107 CET | 51063 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:49.873848915 CET | 53 | 51063 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:54:57.143470049 CET | 53635 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:54:57.304995060 CET | 53 | 53635 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:04.559442997 CET | 54931 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:04.723993063 CET | 53 | 54931 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:11.983508110 CET | 52967 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:12.132433891 CET | 53 | 52967 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:19.386703014 CET | 52878 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:19.586070061 CET | 53 | 52878 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:26.842533112 CET | 49206 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:27.010989904 CET | 53 | 49206 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:34.281660080 CET | 49705 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:35.275310040 CET | 49705 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:36.274554968 CET | 49705 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:36.472373009 CET | 53 | 49705 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:36.472469091 CET | 53 | 49705 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:36.472495079 CET | 53 | 49705 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:43.716273069 CET | 60040 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:43.871156931 CET | 53 | 60040 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:51.141689062 CET | 65174 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:51.287399054 CET | 53 | 65174 | 8.8.8.8 | 192.168.1.80 |
Jan 11, 2017 14:55:53.528695107 CET | 49707 | 53 | 192.168.1.80 | 8.8.8.8 |
Jan 11, 2017 14:55:53.809457064 CET | 53 | 49707 | 8.8.8.8 | 192.168.1.80 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 11, 2017 14:54:25.957855940 CET | 192.168.1.80 | 8.8.8.8 | 0xef2a | Standard query (0) | api.ipify.org | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:26.879842043 CET | 192.168.1.80 | 8.8.8.8 | 0x14e5 | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:27.869821072 CET | 192.168.1.80 | 8.8.8.8 | 0x14e5 | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:28.868186951 CET | 192.168.1.80 | 8.8.8.8 | 0x14e5 | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:31.536072969 CET | 192.168.1.80 | 8.8.8.8 | 0xd1af | Standard query (0) | solohaly.ru | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:31.949189901 CET | 192.168.1.80 | 8.8.8.8 | 0xc98e | Standard query (0) | www.mi4nd.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:33.233813047 CET | 192.168.1.80 | 8.8.8.8 | 0x416 | Standard query (0) | www.worstofbreed.net | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:34.945146084 CET | 192.168.1.80 | 8.8.8.8 | 0x592 | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:42.345592976 CET | 192.168.1.80 | 8.8.8.8 | 0x9391 | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:49.733997107 CET | 192.168.1.80 | 8.8.8.8 | 0x301a | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:57.143470049 CET | 192.168.1.80 | 8.8.8.8 | 0x1f57 | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:04.559442997 CET | 192.168.1.80 | 8.8.8.8 | 0x58b8 | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:11.983508110 CET | 192.168.1.80 | 8.8.8.8 | 0x10a3 | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:19.386703014 CET | 192.168.1.80 | 8.8.8.8 | 0x35a6 | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:26.842533112 CET | 192.168.1.80 | 8.8.8.8 | 0x72ca | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:34.281660080 CET | 192.168.1.80 | 8.8.8.8 | 0xfa5a | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:35.275310040 CET | 192.168.1.80 | 8.8.8.8 | 0xfa5a | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:36.274554968 CET | 192.168.1.80 | 8.8.8.8 | 0xfa5a | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:43.716273069 CET | 192.168.1.80 | 8.8.8.8 | 0x69d1 | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:51.141689062 CET | 192.168.1.80 | 8.8.8.8 | 0xce20 | Standard query (0) | tinhorecrin.com | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:53.528695107 CET | 192.168.1.80 | 8.8.8.8 | 0x1737 | Standard query (0) | solohaly.ru | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Replay Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 11, 2017 14:54:26.306329966 CET | 8.8.8.8 | 192.168.1.80 | 0xef2a | No error (0) | api.ipify.org | 54.243.89.142 | A (IP address) | IN (0x0001) | |
Jan 11, 2017 14:54:29.281256914 CET | 8.8.8.8 | 192.168.1.80 | 0x14e5 | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:29.281316042 CET | 8.8.8.8 | 192.168.1.80 | 0x14e5 | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:29.281347036 CET | 8.8.8.8 | 192.168.1.80 | 0x14e5 | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:31.706415892 CET | 8.8.8.8 | 192.168.1.80 | 0xd1af | No error (0) | solohaly.ru | 80.78.251.134 | A (IP address) | IN (0x0001) | |
Jan 11, 2017 14:54:32.127063990 CET | 8.8.8.8 | 192.168.1.80 | 0xc98e | No error (0) | www.mi4nd.com | 206.196.99.49 | A (IP address) | IN (0x0001) | |
Jan 11, 2017 14:54:33.410739899 CET | 8.8.8.8 | 192.168.1.80 | 0x416 | No error (0) | www.worstofbreed.net | 178.77.97.61 | A (IP address) | IN (0x0001) | |
Jan 11, 2017 14:54:35.078702927 CET | 8.8.8.8 | 192.168.1.80 | 0x592 | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:42.477113962 CET | 8.8.8.8 | 192.168.1.80 | 0x9391 | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:49.873848915 CET | 8.8.8.8 | 192.168.1.80 | 0x301a | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:54:57.304995060 CET | 8.8.8.8 | 192.168.1.80 | 0x1f57 | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:04.723993063 CET | 8.8.8.8 | 192.168.1.80 | 0x58b8 | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:12.132433891 CET | 8.8.8.8 | 192.168.1.80 | 0x10a3 | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:19.586070061 CET | 8.8.8.8 | 192.168.1.80 | 0x35a6 | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:27.010989904 CET | 8.8.8.8 | 192.168.1.80 | 0x72ca | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:36.472373009 CET | 8.8.8.8 | 192.168.1.80 | 0xfa5a | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:36.472469091 CET | 8.8.8.8 | 192.168.1.80 | 0xfa5a | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:36.472495079 CET | 8.8.8.8 | 192.168.1.80 | 0xfa5a | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:43.871156931 CET | 8.8.8.8 | 192.168.1.80 | 0x69d1 | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:51.287399054 CET | 8.8.8.8 | 192.168.1.80 | 0xce20 | Server failure (2) | tinhorecrin.com | none | none | A (IP address) | IN (0x0001) |
Jan 11, 2017 14:55:53.809457064 CET | 8.8.8.8 | 192.168.1.80 | 0x1737 | No error (0) | solohaly.ru | 80.78.251.134 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Header | Total Bytes Transfered (KB) |
---|---|---|---|---|---|---|
Jan 11, 2017 14:54:26.331377983 CET | 49310 | 80 | 192.168.1.80 | 54.243.89.142 | 0 | |
Jan 11, 2017 14:54:26.787544966 CET | 80 | 49310 | 54.243.89.142 | 192.168.1.80 | 0 | |
Jan 11, 2017 14:54:31.709688902 CET | 49311 | 80 | 192.168.1.80 | 80.78.251.134 | 2 | |
Jan 11, 2017 14:54:31.938780069 CET | 80 | 49311 | 80.78.251.134 | 192.168.1.80 |