Edit tour
Windows
Analysis Report
doc1712.docx
Overview
General Information
Detection
Follina CVE-2022-30190
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Yara detected Microsoft Office Exploit Follina CVE-2022-30190
Snort IDS alert for network traffic
Contains an external reference to another file
Yara signature match
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Internet Provider seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Document misses a certain OLE stream usually present in this Microsoft Office document type
Classification
- System is w7x64
- WINWORD.EXE (PID: 1204 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MAL_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MAL_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
MAL_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
MAL_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 | Tobias Michalski, Christian Burkard |
| |
Click to see the 1 entries |
⊘No Sigma rule has matched
Timestamp: | 45.32.185.177192.168.2.2280491762036726 06/07/22-17:33:41.296228 |
SID: | 2036726 |
Source Port: | 80 |
Destination Port: | 49176 |
Protocol: | TCP |
Classtype: | Attempted User Privilege Gain |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Networking |
---|
Source: | Snort IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Virustotal: |
Source: | LNK file: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | Extracted files from sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 2 Exploitation for Client Execution | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Non-Application Layer Protocol | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 11 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Ingress Tool Transfer | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
⊘No contacted domains info
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| low | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.32.185.177 | unknown | United States | 20473 | AS-CHOOPAUS | true |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 640804 |
Start date and time: 07/06/202217:32:33 | 2022-06-07 17:32:33 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | doc1712.docx |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal68.expl.evad.winDOCX@1/18@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe
- TCP Packets have been reduced to 100
- Report size getting too big, too many NtQueryAttributesFile calls found.
⊘No simulations
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.2866751271712012 |
Encrypted: | false |
SSDEEP: | 48:I39dFlkRBwRiSdXfthv4qx3qF5QJNGs0lNo21rSTrwjGmH:K7fkLwMShf/3oF5MGsGo25srwjGmH |
MD5: | 205378DA7DCF371A43C479B7B0F9A2AD |
SHA1: | E00F4D3429165C950A6FCA02AC85B4EE4BE79F86 |
SHA-256: | A04716B070A827159831E3AD865F6A62B2466F941722B54ED2862A1FD7883A3C |
SHA-512: | 695EEEA6F4FA6449AD2BD822499C0698729641C9489CA2F3901DCE51F8A2516F3C1198BF958740D8B3A6D6AB0A61ABBC6E5D0E857DFD06C723DFEECEF2ED1BCC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{21C75FA3-D59D-4916-8777-2F8DF89A7989}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.6722944138308831 |
Encrypted: | false |
SSDEEP: | 96:KTCyPQuvtjXLi5CpoGCd1GKGXVMZCBIEMLW/LtWLt:APxv5i5C+Ga1NbsLo8tit |
MD5: | 0619296DF6C45C7BE46A7252C333B2C2 |
SHA1: | A43D8FF16A461B32B6A7F10B8B5A63F609C35427 |
SHA-256: | 016831A58683C476F54FAEA19E0308406037953FB098236DD861105721775B29 |
SHA-512: | D30A9B621C9BADEC6B59F7A9A731DC9C946FE500D8AD0CA2DA13E8EB509E790C8FFE4121F17A5700CB3C3DE871F4244CC6E174B0063D73E42F827A16465D9853 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.8757507299451563 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlzsmlwr7Kl4WRGKSWWP3ZnNc+YUnUYDZ276:yPblzHMGSfpO+YUBt22 |
MD5: | C14E09D3EC890E7ED1042FB5E67173E4 |
SHA1: | 192CBAE659A8861394BE1583C410C1AF900C503C |
SHA-256: | FA11FB46BC064933EBF6F226409F02F62AB09EAF92099BF4C6C08AA33921F326 |
SHA-512: | C67243C05CAE05FA67259DA5E41457B49CB363AD5BE650D4186B9405FE05FDE83EDF35819EA3A6A8C2A0700459D6031C839475CCF0514A8794AE5D642AB1F9B2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.2880583450358858 |
Encrypted: | false |
SSDEEP: | 48:I3IoHRRBTZBA6TdqEz6uVpWiK7IxgeZGett8fhrUMzfKqDcDfH:K1LTZTPOs3ZGett8FUMGhH |
MD5: | 9E46BE96F855416E452AF830BDB02202 |
SHA1: | 14E4A4E600D7C8910070ECA1F06DD5C4356CA7C7 |
SHA-256: | 3E0056641E7814076CC40F431D5BAF1A69ACCCD583F4898A4E08173E08F9CD7C |
SHA-512: | 3DF1F27301A68977BED559D5C45202ACF8C49ED24D3724A97E3704BBA37011497DCF1EEAE6210CC4E6C9E3C67F5DF3918C59A8C9B54BE77F8B7BC79DDED0DCC2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{6894BD70-C9F6-4E64-BA1D-696172CE4314}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.22107362032323508 |
Encrypted: | false |
SSDEEP: | 48:I3+UrBCvvr0SiJoteSOfgV5Vuz3iCX0kRke:K+CMrkadVdaPme |
MD5: | AD8C750FDFC17D93C33BA3087D3FD555 |
SHA1: | 50AE879216EC832CD5250C3D46FD62BB28ABAC32 |
SHA-256: | D70EF9A7ACC8DDF6827A899E8319116101A55544978060999A23F20BDD4A9334 |
SHA-512: | 893467504A2A40CB35E09E91B0F335E0EEC6C1F0B88B490663753AB3A06312224EABECA3500A8C11CB0890C3C9CC2C5894772163196C74A28AFC19E2BAD67C08 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.954300014527465 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlzIl7hWPYmQSeRSHkKzwINbRlVU276:yPblzIloPLBeUHkfIs22 |
MD5: | DD3EDE691A56C2D4DFF30FF5C39C0FA5 |
SHA1: | 54F859A53C2215FBF11C0951DB71E2C93FE7EDFC |
SHA-256: | 38395295006CA6283B2629459D07F44B55D657303E9CEE979933FC9C72EF204A |
SHA-512: | BBB5CE1A701CF1E097B9F94DDD7F8418EECD042429F6099707030ABD36D820F5EF32B0EB03F3DA4E2646228D35472A87A961D8B4E5FBA612BEBB6906EDFB0B87 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\123[1].RES
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 5889 |
Entropy (8bit): | 4.705994860110501 |
Encrypted: | false |
SSDEEP: | 96:t/iGBF2nPW5mDtWID8qImz1I8vHWYMLJS2lpyffnbTc7Oi/EAEwC8EA5KiSe+0gR:tJ5mDtWIDu0GTl9EHbTcKeZEwC8EaKio |
MD5: | EA48F95AB4F3CA3B0C687A726CB00C49 |
SHA1: | C473DB9C4D460D3F7801B506F289C04A04D3A50F |
SHA-256: | CDEC208EC12FA58C122DB1887ABB7F58C7998A9BA6EEEBFFC501E11DE3975215 |
SHA-512: | 394E847B28549EF616F9CD1CA613B20BB318194A3A6B749A8156319A9CBFAC35CC0C44251A3CCBC14ECB7CF79F86816C7BB971DA5719D1FB8E1E51581F964470 |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
IE Cache URL: | http://45.32.185.177/123.RES |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1677574B.RES
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5889 |
Entropy (8bit): | 4.705994860110501 |
Encrypted: | false |
SSDEEP: | 96:t/iGBF2nPW5mDtWID8qImz1I8vHWYMLJS2lpyffnbTc7Oi/EAEwC8EA5KiSe+0gR:tJ5mDtWIDu0GTl9EHbTcKeZEwC8EaKio |
MD5: | EA48F95AB4F3CA3B0C687A726CB00C49 |
SHA1: | C473DB9C4D460D3F7801B506F289C04A04D3A50F |
SHA-256: | CDEC208EC12FA58C122DB1887ABB7F58C7998A9BA6EEEBFFC501E11DE3975215 |
SHA-512: | 394E847B28549EF616F9CD1CA613B20BB318194A3A6B749A8156319A9CBFAC35CC0C44251A3CCBC14ECB7CF79F86816C7BB971DA5719D1FB8E1E51581F964470 |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8DA8FA91.RES
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5889 |
Entropy (8bit): | 4.705994860110501 |
Encrypted: | false |
SSDEEP: | 96:t/iGBF2nPW5mDtWID8qImz1I8vHWYMLJS2lpyffnbTc7Oi/EAEwC8EA5KiSe+0gR:tJ5mDtWIDu0GTl9EHbTcKeZEwC8EaKio |
MD5: | EA48F95AB4F3CA3B0C687A726CB00C49 |
SHA1: | C473DB9C4D460D3F7801B506F289C04A04D3A50F |
SHA-256: | CDEC208EC12FA58C122DB1887ABB7F58C7998A9BA6EEEBFFC501E11DE3975215 |
SHA-512: | 394E847B28549EF616F9CD1CA613B20BB318194A3A6B749A8156319A9CBFAC35CC0C44251A3CCBC14ECB7CF79F86816C7BB971DA5719D1FB8E1E51581F964470 |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{218309EB-4D56-417B-9AE4-46135952AAFD}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5632 |
Entropy (8bit): | 2.193335989623885 |
Encrypted: | false |
SSDEEP: | 24:rVDNK/njbEOAAneLn7nEWiQA56Be9134oTOAAneLnZnEWiQcm:rVcLYOATiQA56BKRTOA1iQx |
MD5: | 8B673A3336AF537A8BE96B8EA3048871 |
SHA1: | CFBCE6835C5B31AE7170F1039BFB2C76002F1DC3 |
SHA-256: | 0F233D976207B3465D4C8BB3B7B8F977B8DA9BF43417A8B42E180A90FB99C2B4 |
SHA-512: | 3CAE8109B4443479DCE7CEADCCC6992C39C46F7A77218570BD27C188FEF0529F7FED61F623DC4F8D555BFC909EF2025356A53D114BF5A77BE61C7B4EC3BCC817 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0FB641AE-A3C8-41BE-B49C-07E97C275C10}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A4DAF9D9-9403-4C16-9440-8C0CD34B4722}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2130 |
Entropy (8bit): | 1.1455277829933739 |
Encrypted: | false |
SSDEEP: | 6:/9IqgHu42sarhYkIuvgB4PxZUtr1iI5lN24NLRUlQ/lfEz/RUlQ/lflKDmPm1Pc7:mbb2sOhYk5vnZABylAlY/ylAldIm5 |
MD5: | 06F97D56780E4E8E5E513A038B6D23C5 |
SHA1: | AC6FD87B383193CAA33E86670AD51B6689A57661 |
SHA-256: | CF1AAF863CBFFBBB570286E2A20872BED7F36D039E3CE3A9FDCC0ECDBF5ED3B0 |
SHA-512: | E74962F10214651F89915ED590F2E241BA1B94DA120CCE87866BCF6F9AEA2B7AC532CEE81594F40DA501B66D553F017BC18BD678C2B8F5F702DB9BEC7AA83BD5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025516343463298688 |
Encrypted: | false |
SSDEEP: | 6:I3DPcRoFvxggLRV6AK2RRgJgRXv//4tfnRujlw//+GtluJ/eRuj:I3DPsopAMwyvYg3J/ |
MD5: | 99C66582A073466D851197E61D9E4977 |
SHA1: | 72AD2E75939E0F352912BA79B5CA0F90A8A3F642 |
SHA-256: | 4517A42130351BC4643AEF4246A09D32077F23EBFACEB9A4512E7C44E82C0289 |
SHA-512: | F9122690748F7C8C473B119FC203DB178FAD01CBB23879C3A9EF1902057E6765049E07E838966E4B50BBBB4413EABF935A5AF532C1D840553C68D29C533A8147 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025638993377216004 |
Encrypted: | false |
SSDEEP: | 6:I3DPcC1f5Z97FvxggLR/gtBMMRXv//4tfnRujlw//+GtluJ/eRuj:I3DPv1f5Z9dTgtCAvYg3J/ |
MD5: | 2447DAB5C0393923C0417D2AF4471316 |
SHA1: | 2EAF7E9074AB1AF9F59D7891C3411C1936411953 |
SHA-256: | C38E53967022743EB7D114B46270D960E0E0B2A9ADF0C8EA1A92FC16BA9078B5 |
SHA-512: | 4E2605ECCD95759397D9ECFF989CB76B6836A63621E8C8EE8D6C6080978F9A4248A9F87C57FE9825CE14FA65AC90F82ECC757C3710C5728E5A04B443E391F6E9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1004 |
Entropy (8bit): | 4.523969906389643 |
Encrypted: | false |
SSDEEP: | 12:8gRgXg/XAlCPCHaXBKBnB/xQpX+Ws2ai84icvbIS2nYla7SNDtZ3YilMMEpxRljM:8o/XTRKJINt8reES/lomDv3q3Y7h |
MD5: | D2B1BED3040717B5D022C32C68292CE1 |
SHA1: | 06D6D2EECD5F069300DC1E8D0D2919BFA0503C97 |
SHA-256: | E7B2E0BC2D533C2854B5C2E5ADF17D643A2DFA419D0F1B8E8D39041ED8578F0C |
SHA-512: | 960A7C525816FFA978DF78558CA25B93C2353F4C7CDE7239940297879C3A798047FD768E1C586568EA0C1F7514D21883779D5F494A8F0EEAE43A10DCD0E4C75E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 66 |
Entropy (8bit): | 4.597075278863427 |
Encrypted: | false |
SSDEEP: | 3:bDuMJlZVUNzCmxWKVUNzCv:bCSVUDUy |
MD5: | 2E496A3F1C20211051285A980DADA39A |
SHA1: | B980277016A7BCCC0E108CD9A00E82AF61433394 |
SHA-256: | B466FF5520F73BD086D77160EB4D437F0AA73747604E1318E3BF3C220D218763 |
SHA-512: | 3104FE77ABF38AC191DC43C0BC437017B1A07804238503A6F8D2A3762F48E96E687BF0EB98FEF36E9FFC3451820E6D54BB00AE01B789779CDD10AAE61302E547 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020303 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyAI/ugXImW4eedln:vdsCkWtpIGgXvdl |
MD5: | 1674A1C7C99CD9FAADA789F5E2AEB335 |
SHA1: | 26D9E81D5ED584A899A94D5EA8945A5AE3403F85 |
SHA-256: | BB5F0D32E0E1C8B6865FCE4AE1FC50E34CA954B89E771364A6BE6627F7C726B6 |
SHA-512: | B2225E8F93F06FFE32B4FDF987D5134BB06F1B0874509E1CC973FD4D30B0F1341CB1AE72FBE9C282A65794A130E2D9C8D4939B789492BC1BCC96394C5F03E02C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020303 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyAI/ugXImW4eedln:vdsCkWtpIGgXvdl |
MD5: | 1674A1C7C99CD9FAADA789F5E2AEB335 |
SHA1: | 26D9E81D5ED584A899A94D5EA8945A5AE3403F85 |
SHA-256: | BB5F0D32E0E1C8B6865FCE4AE1FC50E34CA954B89E771364A6BE6627F7C726B6 |
SHA-512: | B2225E8F93F06FFE32B4FDF987D5134BB06F1B0874509E1CC973FD4D30B0F1341CB1AE72FBE9C282A65794A130E2D9C8D4939B789492BC1BCC96394C5F03E02C |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.869586027326007 |
TrID: |
|
File name: | doc1712.docx |
File size: | 10142 |
MD5: | 7a91b01a037ccbfe6589161643d0a65a |
SHA1: | 53658a5b5bc577d601e23ae77a34cb44dcba1f27 |
SHA256: | f17f5c8eac3a18c961705a61385e1d2894cc8f22fb33aa3e076a40b826384c60 |
SHA512: | f1accdbe0ea88f717f7473818df6ee72fc77077c1a145bb872863bb0bb681cb59b653dd6927e68fd2b9e8942b7498c5e7e8ab26c8d0aece3c9fcc21e580ad100 |
SSDEEP: | 192:s5VReDWRPj8Iugw1Blb8VPkf+CFk4v1Y2VveFLC9FJ7S/bQ7dlJ78:snPj8I10lD9+2Vvxm/bqlJ78 |
TLSH: | 29229E36D65508B1CAD7A279E0AC1A19E30C41BBA37BE9CB61C663E412C86DF0F5530C |
File Content Preview: | PK.........k.T...L....'.......[Content_Types].xml...n.0.E....m.NR....,.X...~...`.l.....C ......l....sg..'.m..kp^...Q4d...H..1.X...,.(.......x6..L.;.>.b.c.!...}.A!|d,h.....i.....K,....;....1.R.M'O..U....^WF.....Ub....6W.@.....(aM..r..3e....?J(#....7..S...p |
Icon Hash: | e4e6a2a2a4b4b4a4 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
45.32.185.177192.168.2.2280491762036726 06/07/22-17:33:41.296228 | TCP | 2036726 | ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190) | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 7, 2022 17:33:28.018767118 CEST | 49173 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:28.041985989 CEST | 80 | 49173 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:28.042093992 CEST | 49173 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:28.042892933 CEST | 49173 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:28.065942049 CEST | 80 | 49173 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:28.066274881 CEST | 80 | 49173 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:28.066356897 CEST | 49173 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:33.067442894 CEST | 80 | 49173 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:33.067533016 CEST | 49173 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:33.984051943 CEST | 49174 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:34.007215023 CEST | 80 | 49174 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:34.007349968 CEST | 49174 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:34.007536888 CEST | 49174 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:34.030474901 CEST | 80 | 49174 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:34.030771017 CEST | 80 | 49174 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:34.238008022 CEST | 49174 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:34.256355047 CEST | 80 | 49174 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:34.256531000 CEST | 49174 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:38.161386013 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:38.184550047 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:38.184705973 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:38.184900045 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:38.207914114 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:38.208200932 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:38.419167995 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:38.436250925 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:38.436436892 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:39.031132936 CEST | 80 | 49174 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:39.031232119 CEST | 49174 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:39.031289101 CEST | 49174 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:39.054394960 CEST | 80 | 49174 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:39.330252886 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:39.353648901 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:39.353693008 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:39.558034897 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:39.580319881 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:39.580566883 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:41.189172983 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:41.212749958 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:41.212960005 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:41.242566109 CEST | 49173 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:41.243115902 CEST | 49176 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:41.265652895 CEST | 80 | 49173 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:41.265860081 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:41.265966892 CEST | 49176 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:41.273190975 CEST | 49176 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:41.295975924 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:41.296227932 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:41.296260118 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:41.296288013 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:41.296314001 CEST | 49176 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:41.296315908 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:41.296334028 CEST | 49176 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:41.296344042 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:41.296374083 CEST | 49176 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:41.296389103 CEST | 49176 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:41.430147886 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:41.440367937 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:41.440541029 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:42.952044010 CEST | 49176 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:42.974982023 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:42.975111008 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:42.975275993 CEST | 49176 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:43.084708929 CEST | 49177 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:43.107714891 CEST | 80 | 49177 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:43.107907057 CEST | 49177 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:43.125586987 CEST | 49177 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:43.148494959 CEST | 80 | 49177 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:43.148684025 CEST | 80 | 49177 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:43.395939112 CEST | 80 | 49177 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:43.396003962 CEST | 49177 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:43.396056890 CEST | 49177 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:44.479470015 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:44.502660036 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:44.502847910 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:44.706597090 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:44.728271961 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:44.728430033 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:45.477780104 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:45.501329899 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:45.540532112 CEST | 49176 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:45.563441038 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:45.563630104 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:45.563802004 CEST | 49176 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:45.720526934 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:45.728183031 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:45.728290081 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:45.771857023 CEST | 49176 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:45.794635057 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:45.794852018 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:45.794971943 CEST | 49176 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:48.150402069 CEST | 80 | 49177 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:48.150511026 CEST | 49177 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:48.151854038 CEST | 49177 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:48.175110102 CEST | 80 | 49177 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:50.505388021 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:50.505740881 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:50.505805016 CEST | 49175 | 80 | 192.168.2.22 | 45.32.185.177 |
Jun 7, 2022 17:33:50.529305935 CEST | 80 | 49175 | 45.32.185.177 | 192.168.2.22 |
Jun 7, 2022 17:33:50.797528028 CEST | 80 | 49176 | 45.32.185.177 | 192.168.2.22 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49173 | 45.32.185.177 | 80 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jun 7, 2022 17:33:28.042892933 CEST | 1 | OUT | |
Jun 7, 2022 17:33:28.066274881 CEST | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49174 | 45.32.185.177 | 80 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jun 7, 2022 17:33:34.007536888 CEST | 3 | OUT | |
Jun 7, 2022 17:33:34.030771017 CEST | 3 | IN | |
Jun 7, 2022 17:33:34.256355047 CEST | 3 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49175 | 45.32.185.177 | 80 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jun 7, 2022 17:33:38.184900045 CEST | 4 | OUT | |
Jun 7, 2022 17:33:38.208200932 CEST | 4 | IN | |
Jun 7, 2022 17:33:38.436250925 CEST | 4 | IN | |
Jun 7, 2022 17:33:39.353693008 CEST | 5 | IN | |
Jun 7, 2022 17:33:39.580319881 CEST | 6 | IN | |
Jun 7, 2022 17:33:41.212960005 CEST | 7 | IN | |
Jun 7, 2022 17:33:41.440367937 CEST | 15 | IN | |
Jun 7, 2022 17:33:44.502847910 CEST | 18 | IN | |
Jun 7, 2022 17:33:44.728271961 CEST | 18 | IN | |
Jun 7, 2022 17:33:45.501329899 CEST | 19 | IN | |
Jun 7, 2022 17:33:45.728183031 CEST | 21 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49176 | 45.32.185.177 | 80 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jun 7, 2022 17:33:41.273190975 CEST | 8 | OUT | |
Jun 7, 2022 17:33:41.296227932 CEST | 9 | IN |