Windows
Analysis Report
Court Fine.doc
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 2564 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Doc_WordXMLRels_May22 | Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard, Wojciech Cieslak |
| |
INDICATOR_OLE_RemoteTemplate | Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
Click to see the 4 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Extracted files from sample: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File opened: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Key opened: |
Source: | LNK file: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | Extracted files from sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 13 Exploitation for Client Execution | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 2 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 13 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | Virustotal | Browse | ||
44% | ReversingLabs | Document-Word.Trojan.Heuristic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
akmalreload.com | 104.21.73.122 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.73.122 | akmalreload.com | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.190.5 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 671073 |
Start date and time: 21/07/202214:26:16 | 2022-07-21 14:26:16 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | Court Fine.doc |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal72.expl.evad.winDOC@1/18@15/2 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe
- TCP Packets have been reduced to 100
- Report size getting too big, too many NtQueryAttributesFile calls found.
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.28680685008290585 |
Encrypted: | false |
SSDEEP: | 96:KZ2LRN7+j8PoT4oVs6YoiHsca03UcEPbeWu0+yCq/beWu0+yCqpH:3pj8W1Y |
MD5: | 4E7A6E2EA5D20A17520E2B174699A2AF |
SHA1: | 92EDDDC249D635F883598B8829FBEB5D525B1542 |
SHA-256: | 12D1183176F18527A8DBF551F2AC0D813D9B59C71464A14166989617EEEEA7E1 |
SHA-512: | 84DB899119699FB494E67985E3606C625D8D11F3D7E70BAB66DD3353E999E2D17439DA89B99E1CB0FEB97AAE021ED184BA382097B24B6C7A5FA79C6BFF666D6E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{F2F9B79C-A4CE-402A-8C23-897F2BBCD3F2}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.6723577593694318 |
Encrypted: | false |
SSDEEP: | 96:KGZCyp6MqS9NoGw7eGr8VnZoZQs2w1w265s2w1w2ccds2w1w2O4s2w1wO:bpqGq85Z9/8S5/8EI/8F/8 |
MD5: | 2D322C965F678443E0810A73B98142C2 |
SHA1: | D3CADC4E4289F085BF7C193F565EF2FD94D7793D |
SHA-256: | 169686FC24AB7EA61A28A4291B27E4B1F1021B8DBF9F89C6210F5521D62EDF4F |
SHA-512: | CDCC216BBBE917CB3F7DE7274BD84049107D32837F1F9A11B2E2FC765C76DD14EFB879225FDA011F6C93412605D96B89EFFE17AB2E2FE3EDFF2D7F5F7E67338D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.9025444484757976 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlzTInlb0rDSgWRP3sJ1WTlS5tfal276:yPblzElb0rPWObWTIy22 |
MD5: | 98F3F4788D3C837E74311C16E9F69646 |
SHA1: | 0B7F5E8E354353A4D9A36729A5DC156C8427EC2E |
SHA-256: | EFFC23B2C2BA256BD21C16AC1DCE84A38CC251B828BC4F3E03A8BCDA97859AD4 |
SHA-512: | 2B25ABDC2A01418DC2678742D5C7046FCC05BC1AA3FAFC2236DC8EE05116A03D6BF6D0F0281D3CB1EEEFA76F373458368DC6896F7135B558E76D023301DC8160 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.28734608648642523 |
Encrypted: | false |
SSDEEP: | 48:I3iRBqCR0Vf2d4TN1AgBCKgMlorUQJxZYgDAtnf3YtugDAtnf3Yt0H:KiLKKVCH |
MD5: | 653978AE7654C508539081FA8C191C65 |
SHA1: | DFEF43A940A091A0D22507E2E48098ECCDE5E2CB |
SHA-256: | 5FAC531854AAF6B30ECEAFD3AC2EFBED715C9DCF61DAC0D1784937EAB50BD753 |
SHA-512: | 3500E53714F2506D8D37C40DE4B54622CF1AE3149D58E316C82926205BFC9C9BC3935D48DC51DE2493BC68C48E9D2C986B113F0C2BFE616CD89A0A9AC7573719 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{2EF4E38E-0991-4992-A481-93278A415998}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.22040206507032212 |
Encrypted: | false |
SSDEEP: | 48:I3N2UrBM49XHt9Z84L1jeMKvuvAfXla7XQs4ZUZC:KN2CMEG4BiMKvu4fX07XQs4ZUZC |
MD5: | B854761AA5AA50445BDEC0CE4823FF81 |
SHA1: | 1D3DD7A6B640B67BC8DC670FB454774D49B9783F |
SHA-256: | BDE16CA49E63781E842EB52CE49EDE98605570CED28A88368088E5FCB9B27B7F |
SHA-512: | DB4B0D4A7BD577BDB14268F5E388BA26DF8809E6AC9613278185BB2C900DD1F75736ACB3DB300EBD3E85A20F09D1817AB539474093B36775723BFC7DE12DC1C9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.891255356565245 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlzwzdOkRfXWkLlnbUZdlwKQfmf276:yPblz4NhoZcW22 |
MD5: | 953577F7C4042A246CB32B7057ABFDD4 |
SHA1: | DDD4DE7B9BB66A60FE7DA2B8DF8DA9F207DC21F0 |
SHA-256: | 4A035E642431CCB2DD0A39F4FCEC739A5EA4ADD19C205D93976B96AB7769069A |
SHA-512: | FF20EFDC228F237275C7696982E7E6A13EBB2E010BD9F091CD5EFA2AE8BC1F0AF81E0ADC27DDC55F709CBDAE83F4A2D0B83DF093258D85B1E1A0C60AFA71FEF7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wellcome[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 7275 |
Entropy (8bit): | 5.573158632495138 |
Encrypted: | false |
SSDEEP: | 48:Ye+xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ68:vUP+miLSAwD |
MD5: | CDD33FFA502CBFFEC6E64C4574846A89 |
SHA1: | 4E57B2D731513551B26F684B3D2871EB0F8CC14D |
SHA-256: | 5C632292394979EBF07B47CC5F9DD62A04C53CFF3F6C85FA26D259612D010F75 |
SHA-512: | 1A780ACF25E4B765BEB5FD34A587BBDD5991344BB0E075989192327C48EBD345BF9BD194CDF1BD0D5F13DCBB2E3BE035AB59283685D3FB3DC186B264EC6375BB |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
IE Cache URL: | https://akmalreload.com/struk/wellcome.html |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31E8062F.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7275 |
Entropy (8bit): | 5.573158632495138 |
Encrypted: | false |
SSDEEP: | 48:Ye+xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ68:vUP+miLSAwD |
MD5: | CDD33FFA502CBFFEC6E64C4574846A89 |
SHA1: | 4E57B2D731513551B26F684B3D2871EB0F8CC14D |
SHA-256: | 5C632292394979EBF07B47CC5F9DD62A04C53CFF3F6C85FA26D259612D010F75 |
SHA-512: | 1A780ACF25E4B765BEB5FD34A587BBDD5991344BB0E075989192327C48EBD345BF9BD194CDF1BD0D5F13DCBB2E3BE035AB59283685D3FB3DC186B264EC6375BB |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3F669AB9.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7275 |
Entropy (8bit): | 5.573158632495138 |
Encrypted: | false |
SSDEEP: | 48:Ye+xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ68:vUP+miLSAwD |
MD5: | CDD33FFA502CBFFEC6E64C4574846A89 |
SHA1: | 4E57B2D731513551B26F684B3D2871EB0F8CC14D |
SHA-256: | 5C632292394979EBF07B47CC5F9DD62A04C53CFF3F6C85FA26D259612D010F75 |
SHA-512: | 1A780ACF25E4B765BEB5FD34A587BBDD5991344BB0E075989192327C48EBD345BF9BD194CDF1BD0D5F13DCBB2E3BE035AB59283685D3FB3DC186B264EC6375BB |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{697ED1F7-F1B9-4514-A3EE-C4B3306C8B08}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5632 |
Entropy (8bit): | 2.064572703959004 |
Encrypted: | false |
SSDEEP: | 48:rxJw7AMvn2wEy2w0i1AQ+Q/tMvn2w2y2w0iB:9Jw70wENwV1AQ+Q/Zw2NwV |
MD5: | 16A79AFC2AA06F10B7C3BA9AF3E7C036 |
SHA1: | 5723D8FFDF337292E318AB62B28CD6ADAE62C182 |
SHA-256: | 252730B8F5D9C0F018E8769237572D8F626517624B6335FC7D81FFF40D66734D |
SHA-512: | 3F81D5B48F9B071827678A5A2AC54281F12D13DC5F827A2D7132EB3ECC5B72D10415C32FA8691927A8002A6DD0566B715A36D2E8A28D18405FFF7373CFFAD352 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2A788D5B-3466-495B-88B0-2FA2AEAC79CB}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6E224AA4-9332-4211-9CA4-7A9B901A033B}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 0.8065410214023134 |
Encrypted: | false |
SSDEEP: | 6:olgI5lNcY2Iel5E7l8iIjJ0dYB4PxZUtLamN:4v2iBUJEZw |
MD5: | 712D5A8CE10E91EFED4B1A1EB41849F5 |
SHA1: | 7E2D68210C45F13D42BE4734453389AB8D0B70D4 |
SHA-256: | 8C7D470BB5E3723F9CBAD381111A09AABBE71BE27906316A2E671409B90B3F8D |
SHA-512: | FB36BEA5A5BF60846AF25CBE2F3EDF348EC2A64013A3230811566A76E8465616426109B9D6BF5AEEE9DE0F783C660551D03CE90752B97D481D4D91266F4A2E6A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025496986098376227 |
Encrypted: | false |
SSDEEP: | 6:I3DPcLcr3vxggLR3fvstw66/RXv//4tfnRujlw//+GtluJ/eRuj:I3DPjcUvYg3J/ |
MD5: | F2F5132E6962771250B2F3DA61355126 |
SHA1: | 9A2BF12A3516E4CE453843DDD9B8B94376BCE14E |
SHA-256: | 664269EEE42CBA111E87391D8ACFE3607E9D2ACF0E1DE3437A6F1D0E9B5A8C7D |
SHA-512: | 3B66D9C888DF5EA79A9B841675876290DAC6D920B922794086B1342EDF5F437535E722DF74DD61356D3E4C4FA76FCF90FB6FC0A67DD01E9884492602302F9E56 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025579658191413727 |
Encrypted: | false |
SSDEEP: | 6:I3DPcU6p41hmHvxggLRpYtklNxXwltRXv//4tfnRujlw//+GtluJ/eRuj:I3DPlmPFtXQTvYg3J/ |
MD5: | 2B131A2E85BCD794BAC91667A8DD3FE1 |
SHA1: | 521D22ED142DB50773FECB705C3495294C8B62A4 |
SHA-256: | 0A0269F9140F65CAC49FE0B559B653AEABD4BB93DC6BE75D951592772E055E56 |
SHA-512: | 2237814DD0F5894D86BEC8C72ABF11A4756FBB8A99A0A8509CF70DD88FD32E4F19F5C724EB6E144FF31880B63C4E22C6AC13B27FB54782F9810ACCAB59953E16 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1014 |
Entropy (8bit): | 4.550763041853616 |
Encrypted: | false |
SSDEEP: | 12:8jU16FgXg/XAlCPCHaXMBzB/nPyX+WgfcfCikliicvbSMhCDtZ3YilMMEpxRljKe:8QG/XT89dq+ulspeLCDv3qgG77 |
MD5: | 5CDD5E2518A0562A8A2A5FD663C9C4A7 |
SHA1: | D66DC9944DA20CEB4328AE58B36799DDE2B179A8 |
SHA-256: | 51587A61287BF12C2228D14C8C45066332C21BF951C050AD33DD20B916C781A3 |
SHA-512: | 8FD589350D19C8A1EAD74963D7C5F7C0FD09A87CB9CC8129CD43A7538C13D37ED5A0E75FCBAE0C537E21C910FFA2A5F96903895BD4D148B430DDB95523252990 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 71 |
Entropy (8bit): | 4.700901747101609 |
Encrypted: | false |
SSDEEP: | 3:bDuMJl+uuBCmX19RuBCv:bC0wlws |
MD5: | 120B034EB6B6B92AE484D8C680191DDE |
SHA1: | 4A290FB06BDA060533757A072DF583C48D32BD5F |
SHA-256: | 883F086DC75F1B2CE89171B98AEEAAF2B50DD6E6913F6B206166954E1B017841 |
SHA-512: | 4AF0F233F568972D34B6D95F87E0DE6199DF3AA1900572E30ABD939C4059922C6133FB49A44CA207C8F48449E02EA50E16AFCA3E8E4C77FD2081C4FF32A20B09 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020303 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyAI/ugXImW4eedln:vdsCkWtpIGgXvdl |
MD5: | 1674A1C7C99CD9FAADA789F5E2AEB335 |
SHA1: | 26D9E81D5ED584A899A94D5EA8945A5AE3403F85 |
SHA-256: | BB5F0D32E0E1C8B6865FCE4AE1FC50E34CA954B89E771364A6BE6627F7C726B6 |
SHA-512: | B2225E8F93F06FFE32B4FDF987D5134BB06F1B0874509E1CC973FD4D30B0F1341CB1AE72FBE9C282A65794A130E2D9C8D4939B789492BC1BCC96394C5F03E02C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020303 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyAI/ugXImW4eedln:vdsCkWtpIGgXvdl |
MD5: | 1674A1C7C99CD9FAADA789F5E2AEB335 |
SHA1: | 26D9E81D5ED584A899A94D5EA8945A5AE3403F85 |
SHA-256: | BB5F0D32E0E1C8B6865FCE4AE1FC50E34CA954B89E771364A6BE6627F7C726B6 |
SHA-512: | B2225E8F93F06FFE32B4FDF987D5134BB06F1B0874509E1CC973FD4D30B0F1341CB1AE72FBE9C282A65794A130E2D9C8D4939B789492BC1BCC96394C5F03E02C |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.776614426711646 |
TrID: |
|
File name: | Court Fine.doc |
File size: | 10734 |
MD5: | 730768c4f029608adf0032e95e8e8a1d |
SHA1: | c071befaa2d7548d53dfb0f1f611c6fd1b174f46 |
SHA256: | 94fabeeeffae82a107913815c2b62e4311aeef432197e0d2d6af40a7a65cd5f1 |
SHA512: | 6540610ac9db98f6a67b81029b4e0b3f7757e9b8399ab234f50225e8ff952f81f7c213e40a819a760d795d91e2e5b78bb83fb25a9a3ce978201522be1a9f1556 |
SSDEEP: | 192:CEhMA1GheFb8c9264wpHV7Z/c+8poF1d3jvvtlFOrGxjPkfzUUy2G:Cq/1GAFbx92hwhcfa7pr1lFOyxjPkfz+ |
TLSH: | 29228D36802A5D30DAAAF774F0A45A56EC5C1482E7773DF9B016BEB389C22CE5274E40 |
File Content Preview: | PK........$k.T................_rels/PK........$k.T................docProps/PK........$k.T................word/PK........$k.T...lT... .......[Content_Types].xml...j.0.E.....6.J.(.....e.h...4NDeIh&...8NC)i.M.1.3..3...x].l..m....}....X?+...9.....F.....@1.]_. |
Icon Hash: | e4eea2aaa4b4b4a4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 21, 2022 14:27:15.562505007 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:15.562547922 CEST | 443 | 49171 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:15.562647104 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:15.584110022 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:15.584130049 CEST | 443 | 49171 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:15.688189030 CEST | 443 | 49171 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:15.688410044 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:15.701831102 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:15.701862097 CEST | 443 | 49171 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:15.702217102 CEST | 443 | 49171 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:15.702328920 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:16.002845049 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:16.044497967 CEST | 443 | 49171 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:16.656471014 CEST | 443 | 49171 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:16.656761885 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:16.656786919 CEST | 443 | 49171 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:16.656860113 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:16.656909943 CEST | 443 | 49171 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:16.656977892 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:16.656985998 CEST | 443 | 49171 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:16.657001019 CEST | 443 | 49171 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:16.657025099 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:16.657052994 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:16.661003113 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:16.661039114 CEST | 443 | 49171 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:16.661083937 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:16.661127090 CEST | 49171 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:23.584991932 CEST | 49172 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:23.585036039 CEST | 443 | 49172 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:23.585139990 CEST | 49172 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:23.585822105 CEST | 49172 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:23.585860014 CEST | 443 | 49172 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:23.666750908 CEST | 443 | 49172 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:23.666882992 CEST | 49172 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:23.674122095 CEST | 49172 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:23.674180031 CEST | 443 | 49172 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:23.674561024 CEST | 443 | 49172 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:23.695034981 CEST | 49172 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:23.736505032 CEST | 443 | 49172 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:24.360281944 CEST | 443 | 49172 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:24.360379934 CEST | 443 | 49172 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:24.360546112 CEST | 49172 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:24.383265018 CEST | 49172 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:24.383317947 CEST | 443 | 49172 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:24.383411884 CEST | 49172 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:24.383436918 CEST | 443 | 49172 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:29.371695995 CEST | 49173 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:29.371771097 CEST | 443 | 49173 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:29.371871948 CEST | 49173 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:29.373940945 CEST | 49173 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:29.373980999 CEST | 443 | 49173 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:29.455991030 CEST | 443 | 49173 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:29.456223965 CEST | 49173 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:29.476640940 CEST | 49173 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:29.476663113 CEST | 443 | 49173 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:29.477127075 CEST | 443 | 49173 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:29.504311085 CEST | 49173 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:29.548502922 CEST | 443 | 49173 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:30.101973057 CEST | 443 | 49173 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:30.308506012 CEST | 443 | 49173 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:30.308650017 CEST | 49173 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:30.309060097 CEST | 49173 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:30.309248924 CEST | 443 | 49173 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:30.309279919 CEST | 443 | 49173 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:30.309340000 CEST | 49173 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:30.309381008 CEST | 49173 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:30.310249090 CEST | 49174 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:30.310287952 CEST | 443 | 49174 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:30.310374975 CEST | 49174 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:30.311671019 CEST | 49174 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:30.311690092 CEST | 443 | 49174 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:30.403256893 CEST | 443 | 49174 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:30.403989077 CEST | 49174 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:30.404023886 CEST | 443 | 49174 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:30.405523062 CEST | 49174 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:30.405538082 CEST | 443 | 49174 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:31.136116028 CEST | 443 | 49174 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:31.136220932 CEST | 443 | 49174 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:31.136337996 CEST | 49174 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:31.137269020 CEST | 49174 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:31.137295961 CEST | 443 | 49174 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:32.086927891 CEST | 49175 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:32.086987972 CEST | 443 | 49175 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:32.087083101 CEST | 49175 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:32.087445974 CEST | 49175 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:32.087483883 CEST | 443 | 49175 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:32.192456007 CEST | 443 | 49175 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:32.192651033 CEST | 49175 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:32.201138973 CEST | 49175 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:32.201173067 CEST | 443 | 49175 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:32.201617002 CEST | 443 | 49175 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:32.203011990 CEST | 49175 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:32.244527102 CEST | 443 | 49175 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:32.830347061 CEST | 443 | 49175 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:33.036537886 CEST | 443 | 49175 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:33.036787987 CEST | 49175 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:33.037116051 CEST | 49175 | 443 | 192.168.2.22 | 104.21.73.122 |
Jul 21, 2022 14:27:33.037445068 CEST | 443 | 49175 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:33.037491083 CEST | 443 | 49175 | 104.21.73.122 | 192.168.2.22 |
Jul 21, 2022 14:27:33.037554026 CEST | 49175 | 443 | 192.168.2.22 | 104.21.73.122 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 21, 2022 14:27:15.512864113 CEST | 55868 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:15.549956083 CEST | 53 | 55868 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:23.511842966 CEST | 49688 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:23.538865089 CEST | 53 | 49688 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:23.556592941 CEST | 58836 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:23.583969116 CEST | 53 | 58836 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:29.300681114 CEST | 50134 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:29.323832035 CEST | 53 | 50134 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:29.329186916 CEST | 55275 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:29.370870113 CEST | 53 | 55275 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:32.023483992 CEST | 59915 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:32.046896935 CEST | 53 | 59915 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:32.049637079 CEST | 54408 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:32.086246014 CEST | 53 | 54408 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:35.056154966 CEST | 50108 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:35.079658031 CEST | 53 | 50108 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:35.085864067 CEST | 54723 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:35.128310919 CEST | 53 | 54723 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:39.121766090 CEST | 58062 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:39.144685984 CEST | 53 | 58062 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:39.149637938 CEST | 56703 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:39.172910929 CEST | 53 | 56703 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:40.740448952 CEST | 59241 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:40.781209946 CEST | 53 | 59241 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:40.785455942 CEST | 55244 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:40.808691025 CEST | 53 | 55244 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:42.705621004 CEST | 53958 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:42.729373932 CEST | 53 | 53958 | 8.8.8.8 | 192.168.2.22 |
Jul 21, 2022 14:27:42.732542038 CEST | 56020 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 21, 2022 14:27:42.755990982 CEST | 53 | 56020 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jul 21, 2022 14:27:15.512864113 CEST | 192.168.2.22 | 8.8.8.8 | 0x88f3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:23.511842966 CEST | 192.168.2.22 | 8.8.8.8 | 0xfcf | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:23.556592941 CEST | 192.168.2.22 | 8.8.8.8 | 0x33a2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:29.300681114 CEST | 192.168.2.22 | 8.8.8.8 | 0xf2ca | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:29.329186916 CEST | 192.168.2.22 | 8.8.8.8 | 0xdc64 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:32.023483992 CEST | 192.168.2.22 | 8.8.8.8 | 0x646c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:32.049637079 CEST | 192.168.2.22 | 8.8.8.8 | 0x12f1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:35.056154966 CEST | 192.168.2.22 | 8.8.8.8 | 0xe6e0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:35.085864067 CEST | 192.168.2.22 | 8.8.8.8 | 0x6703 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:39.121766090 CEST | 192.168.2.22 | 8.8.8.8 | 0xe23a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:39.149637938 CEST | 192.168.2.22 | 8.8.8.8 | 0xa865 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:40.740448952 CEST | 192.168.2.22 | 8.8.8.8 | 0x7820 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:40.785455942 CEST | 192.168.2.22 | 8.8.8.8 | 0x2c87 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:42.705621004 CEST | 192.168.2.22 | 8.8.8.8 | 0x4c7a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:27:42.732542038 CEST | 192.168.2.22 | 8.8.8.8 | 0x288a | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jul 21, 2022 14:27:15.549956083 CEST | 8.8.8.8 | 192.168.2.22 | 0x88f3 | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:15.549956083 CEST | 8.8.8.8 | 192.168.2.22 | 0x88f3 | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:23.538865089 CEST | 8.8.8.8 | 192.168.2.22 | 0xfcf | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:23.538865089 CEST | 8.8.8.8 | 192.168.2.22 | 0xfcf | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:23.583969116 CEST | 8.8.8.8 | 192.168.2.22 | 0x33a2 | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:23.583969116 CEST | 8.8.8.8 | 192.168.2.22 | 0x33a2 | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:29.323832035 CEST | 8.8.8.8 | 192.168.2.22 | 0xf2ca | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:29.323832035 CEST | 8.8.8.8 | 192.168.2.22 | 0xf2ca | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:29.370870113 CEST | 8.8.8.8 | 192.168.2.22 | 0xdc64 | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:29.370870113 CEST | 8.8.8.8 | 192.168.2.22 | 0xdc64 | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:32.046896935 CEST | 8.8.8.8 | 192.168.2.22 | 0x646c | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:32.046896935 CEST | 8.8.8.8 | 192.168.2.22 | 0x646c | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:32.086246014 CEST | 8.8.8.8 | 192.168.2.22 | 0x12f1 | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:32.086246014 CEST | 8.8.8.8 | 192.168.2.22 | 0x12f1 | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:35.079658031 CEST | 8.8.8.8 | 192.168.2.22 | 0xe6e0 | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:35.079658031 CEST | 8.8.8.8 | 192.168.2.22 | 0xe6e0 | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:35.128310919 CEST | 8.8.8.8 | 192.168.2.22 | 0x6703 | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:35.128310919 CEST | 8.8.8.8 | 192.168.2.22 | 0x6703 | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:39.144685984 CEST | 8.8.8.8 | 192.168.2.22 | 0xe23a | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:39.144685984 CEST | 8.8.8.8 | 192.168.2.22 | 0xe23a | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:39.172910929 CEST | 8.8.8.8 | 192.168.2.22 | 0xa865 | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:39.172910929 CEST | 8.8.8.8 | 192.168.2.22 | 0xa865 | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:40.781209946 CEST | 8.8.8.8 | 192.168.2.22 | 0x7820 | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:40.781209946 CEST | 8.8.8.8 | 192.168.2.22 | 0x7820 | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:40.808691025 CEST | 8.8.8.8 | 192.168.2.22 | 0x2c87 | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:40.808691025 CEST | 8.8.8.8 | 192.168.2.22 | 0x2c87 | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:42.729373932 CEST | 8.8.8.8 | 192.168.2.22 | 0x4c7a | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:42.729373932 CEST | 8.8.8.8 | 192.168.2.22 | 0x4c7a | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:42.755990982 CEST | 8.8.8.8 | 192.168.2.22 | 0x288a | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:27:42.755990982 CEST | 8.8.8.8 | 192.168.2.22 | 0x288a | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49171 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:15 UTC | 0 | OUT | |
2022-07-21 12:27:16 UTC | 0 | IN | |
2022-07-21 12:27:16 UTC | 1 | IN | |
2022-07-21 12:27:16 UTC | 1 | IN | |
2022-07-21 12:27:16 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49172 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:23 UTC | 1 | OUT | |
2022-07-21 12:27:24 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.22 | 49181 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:38 UTC | 21 | OUT | |
2022-07-21 12:27:39 UTC | 22 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.22 | 49182 | 172.67.190.5 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:39 UTC | 23 | OUT | |
2022-07-21 12:27:39 UTC | 23 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.22 | 49183 | 172.67.190.5 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:40 UTC | 24 | OUT | |
2022-07-21 12:27:41 UTC | 24 | IN | |
2022-07-21 12:27:41 UTC | 25 | IN | |
2022-07-21 12:27:41 UTC | 25 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.22 | 49184 | 172.67.190.5 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:41 UTC | 25 | OUT | |
2022-07-21 12:27:41 UTC | 26 | IN | |
2022-07-21 12:27:41 UTC | 27 | IN | |
2022-07-21 12:27:41 UTC | 27 | IN | |
2022-07-21 12:27:41 UTC | 27 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.22 | 49185 | 172.67.190.5 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:42 UTC | 27 | OUT | |
2022-07-21 12:27:43 UTC | 27 | IN | |
2022-07-21 12:27:43 UTC | 28 | IN | |
2022-07-21 12:27:43 UTC | 29 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.22 | 49186 | 172.67.190.5 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:44 UTC | 29 | OUT | |
2022-07-21 12:27:44 UTC | 29 | IN | |
2022-07-21 12:27:44 UTC | 30 | IN | |
2022-07-21 12:27:44 UTC | 30 | IN | |
2022-07-21 12:27:44 UTC | 30 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
16 | 192.168.2.22 | 49187 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:45 UTC | 30 | OUT | |
2022-07-21 12:27:45 UTC | 31 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
17 | 192.168.2.22 | 49188 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:48 UTC | 32 | OUT | |
2022-07-21 12:27:49 UTC | 32 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
18 | 192.168.2.22 | 49189 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:49 UTC | 33 | OUT | |
2022-07-21 12:27:49 UTC | 33 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49173 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:29 UTC | 2 | OUT | |
2022-07-21 12:27:30 UTC | 2 | IN | |
2022-07-21 12:27:30 UTC | 4 | IN | |
2022-07-21 12:27:30 UTC | 4 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49174 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:30 UTC | 4 | OUT | |
2022-07-21 12:27:31 UTC | 4 | IN | |
2022-07-21 12:27:31 UTC | 5 | IN | |
2022-07-21 12:27:31 UTC | 5 | IN | |
2022-07-21 12:27:31 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.22 | 49175 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:32 UTC | 5 | OUT | |
2022-07-21 12:27:32 UTC | 5 | IN | |
2022-07-21 12:27:32 UTC | 7 | IN | |
2022-07-21 12:27:32 UTC | 7 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.22 | 49176 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:33 UTC | 7 | OUT | |
2022-07-21 12:27:33 UTC | 7 | IN | |
2022-07-21 12:27:33 UTC | 8 | IN | |
2022-07-21 12:27:33 UTC | 8 | IN | |
2022-07-21 12:27:33 UTC | 8 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.22 | 49177 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:35 UTC | 8 | OUT | |
2022-07-21 12:27:35 UTC | 9 | IN | |
2022-07-21 12:27:35 UTC | 10 | IN | |
2022-07-21 12:27:35 UTC | 10 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.22 | 49178 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:36 UTC | 10 | OUT | |
2022-07-21 12:27:36 UTC | 10 | IN | |
2022-07-21 12:27:36 UTC | 11 | IN | |
2022-07-21 12:27:36 UTC | 11 | IN | |
2022-07-21 12:27:36 UTC | 11 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.22 | 49179 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:37 UTC | 11 | OUT | |
2022-07-21 12:27:37 UTC | 12 | IN | |
2022-07-21 12:27:37 UTC | 13 | IN | |
2022-07-21 12:27:37 UTC | 13 | IN | |
2022-07-21 12:27:37 UTC | 14 | IN | |
2022-07-21 12:27:37 UTC | 16 | IN | |
2022-07-21 12:27:37 UTC | 17 | IN | |
2022-07-21 12:27:37 UTC | 18 | IN | |
2022-07-21 12:27:37 UTC | 20 | IN | |
2022-07-21 12:27:37 UTC | 20 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.22 | 49180 | 104.21.73.122 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:27:38 UTC | 20 | OUT | |
2022-07-21 12:27:38 UTC | 20 | IN |
Target ID: | 0 |
Start time: | 14:26:19 |
Start date: | 21/07/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f1c0000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |