Windows
Analysis Report
fHER4lglqY
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 1972 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Doc_WordXMLRels_May22 | Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard, Wojciech Cieslak |
| |
INDICATOR_OLE_RemoteTemplate | Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
Click to see the 4 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Extracted files from sample: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | LNK file: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | Extracted files from sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 13 Exploitation for Client Execution | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 2 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 13 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
25% | Virustotal | Browse | ||
23% | Metadefender | Browse | ||
49% | ReversingLabs | Document-Word.Trojan.Heuristic | ||
100% | Avira | W97M/Dldr.Agent.G1 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | JS/CVE-2022-30190.G | ||
100% | Avira | JS/CVE-2022-30190.G | ||
100% | Avira | JS/CVE-2022-30190.G |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
10% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
2hell.nl | 178.21.112.152 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
178.21.112.152 | 2hell.nl | Netherlands | 29028 | COMPUKOS-ASNL | true |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 685991 |
Start date and time: | 2022-08-18 03:25:22 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 50s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | fHER4lglqY (renamed file extension from none to docx) |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.expl.evad.winDOCX@1/18@15/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe
- Report size getting too big, too many NtQueryAttributesFile calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
COMPUKOS-ASNL | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.2870048758293995 |
Encrypted: | false |
SSDEEP: | 48:I3a1RB74WvIfbz9s2df8IQpINoQ/QiQNQGtULNS/rZQ+QNH:KgL7WtbrkWv9AGLNSTZncH |
MD5: | EC9A7D70A816366A8AD0612EE7DAD739 |
SHA1: | 211C3DF619B389F77457B057074FD7F4DA9D002D |
SHA-256: | 072E182B4D7CB3314F0B2FF9D40766A095F5838DDD2B6E3F2777C6F7A3D79905 |
SHA-512: | F667EB136F6444F31FAAB94E6D10D14D097870E7CCAB93E5127961D2DC2B6FBDE206183522F50436B54C12E44F1A121CD6C16C13B2C306D713B27408AB0D2920 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{469EB5A9-1D77-4731-94E0-EE25EED167A3}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.6741548819501937 |
Encrypted: | false |
SSDEEP: | 96:KeaeCyuA6ePGhOfBmS2fmjpMkuPyr6P/0/9oGZIT0tVb4/////T/VyuxPXa/lPhw:nx6eP0FUlYG2otdu/DVyuxPCpbr |
MD5: | BD9BCE9BD766B0C50F6BDD1409BBDEB0 |
SHA1: | E387BA8EB8AAA2DDD14033D255D17BE68EEE3C55 |
SHA-256: | 28EDF61A62B1C6F4C5A5D71AE369EE5C4AA8292189D660338992B7DAED014EDF |
SHA-512: | AA07253F9DDD6D02216E96B979659EDD5E299658AB8F71A6897FFDF0AC40DAE29E92461F0E46E3EE14A2F76A071C51222996D43DFE54F9DD8BB81D6F177A1C49 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.934207961409454 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlz1Glg9BcT7IIl0Yxl8dI4pKpWEjl276:yPblzElggTEIRxl8dIBX22 |
MD5: | DBA4B08FF943511A17440A6D3A639091 |
SHA1: | 79EC57290092B5CFD266CC0F82429940DE111BF6 |
SHA-256: | 5FED6073738D6334C21CF755BA59C1D8263838DB98A05843CC498F919F835609 |
SHA-512: | 7914072E66FB17FF44957467E51D33BF3F7C5948FC93A4C1F44F7F7DD34D09478B302C728FE55574F6F72B94206D47C9DF7DE871181EAA05017A201CE12FC92F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.28744221424527927 |
Encrypted: | false |
SSDEEP: | 48:I3z/ERBzET5RqIhb9ByvXWpZqfTbrZJHvH:Kz/ELXm1pZqL3PH |
MD5: | A66312A6CB954A6150D5AFB584B5A8B3 |
SHA1: | 26E4AC2E42E72A854E0E202AD6C160ADF2415314 |
SHA-256: | 4F2AF0D38289B8EF8BEE2414A1BB01B973C064905E571BB7421E6BD852D6AEDC |
SHA-512: | DCEFB07E904F63E4B4F1EAEDFAA10A6AC879A7BCD1486A64D0082B1BECB1ADFA6F8B2316EA81B79EC2AAFE59EEA832EFF5F3B300FFFF5F1C751C992F564E895D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{D6F1608A-034A-4693-92DF-9F6F675BC0BA}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.22169652718262306 |
Encrypted: | false |
SSDEEP: | 48:I36JKUUrBZfR2fNIiLMMtRS/9FvP14Jqrvp0vk+ip0vk+W:K0ZCGMMKXIzW |
MD5: | 543D6526423FBA0DC5BC4CD9B5990CEC |
SHA1: | 9FA79AD3E23A8D4AF6F0078FC77FCF83BE663452 |
SHA-256: | 53CFB4F00751832884F2FC168A97FAB523ED9833663169FC797C01281E922C04 |
SHA-512: | B7ACA1EDA28D5556A8381718AFB61C3C3507F9E8F4BD6CBA3C75C72AC7107DF6C3041E51B5B94651856D2208F4B7E9E8F5D748175C46703995EADC18566107CA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.9376321677740433 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlzfqJds4MkWSg2lUt7TYQckClL7276:yPblzfqTsLkWSg2lRQckCt22 |
MD5: | 782CE5A82AFB74AE293FED453122DB20 |
SHA1: | E1329D7D27002B4002827124B2457A3A01B2BEEF |
SHA-256: | 52BC8B7A17D59A4CC93AF4FE6A0474B893B963EE9C33979E22AAA7B1A00A3902 |
SHA-512: | 777E83913D9644AC814EAE384E86E0E14E1289199575229418699260A5C1D0F005C534E5EFAA8309290D0502D51196B06B5EACD71F055684492D24E762ABD379 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\poc[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 6774 |
Entropy (8bit): | 0.7823015818904822 |
Encrypted: | false |
SSDEEP: | 6:qTFQzhqIAXMzSKWEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEM:qTWvzSsAxH8d2GZfgGw1sue4kVM1Gb |
MD5: | EA3FE2CB4B8E3C7AFA0C773A28742AA8 |
SHA1: | FC00C991825CFE83AC01AD60D9BCE9E5DE2D061D |
SHA-256: | 8D68FC5C45CDFD449252B1E3E2EC8A1E35E00C83532628102E5F699A1190D101 |
SHA-512: | 73E55B24AE1DE1794745B1C168ACDFDDF8F15BD7DB611867773CA94BB9A8688D46D3E781B1AAE274879E002043465B03A1736BA7FA5D563F9AA67C459F649710 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
IE Cache URL: | https://2hell.nl/follina/poc.html |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3BF80B4F.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 6774 |
Entropy (8bit): | 0.7823015818904822 |
Encrypted: | false |
SSDEEP: | 6:qTFQzhqIAXMzSKWEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEM:qTWvzSsAxH8d2GZfgGw1sue4kVM1Gb |
MD5: | EA3FE2CB4B8E3C7AFA0C773A28742AA8 |
SHA1: | FC00C991825CFE83AC01AD60D9BCE9E5DE2D061D |
SHA-256: | 8D68FC5C45CDFD449252B1E3E2EC8A1E35E00C83532628102E5F699A1190D101 |
SHA-512: | 73E55B24AE1DE1794745B1C168ACDFDDF8F15BD7DB611867773CA94BB9A8688D46D3E781B1AAE274879E002043465B03A1736BA7FA5D563F9AA67C459F649710 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4D314135.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 6774 |
Entropy (8bit): | 0.7823015818904822 |
Encrypted: | false |
SSDEEP: | 6:qTFQzhqIAXMzSKWEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEM:qTWvzSsAxH8d2GZfgGw1sue4kVM1Gb |
MD5: | EA3FE2CB4B8E3C7AFA0C773A28742AA8 |
SHA1: | FC00C991825CFE83AC01AD60D9BCE9E5DE2D061D |
SHA-256: | 8D68FC5C45CDFD449252B1E3E2EC8A1E35E00C83532628102E5F699A1190D101 |
SHA-512: | 73E55B24AE1DE1794745B1C168ACDFDDF8F15BD7DB611867773CA94BB9A8688D46D3E781B1AAE274879E002043465B03A1736BA7FA5D563F9AA67C459F649710 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{FB6581E1-1A5E-4649-84C2-3FA331ABA6D2}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5120 |
Entropy (8bit): | 2.0826917413964643 |
Encrypted: | false |
SSDEEP: | 12:rl3bn+LFI/SBYd09aiZ/t21U/hCKoDyzRDHcIxC/0GcIFn7iVjrRDHuKo4CIz4zc:rL/dK/nLRDH+niFRDHFRvxXorniWlo |
MD5: | 754C7DA115CD19CB9E6C3948128B0E3B |
SHA1: | 1FF961744798D170810B0BC310F7C22B7355FEA2 |
SHA-256: | 3E426FA1EF8F541849E5710B49E5C25E19A9E568E19A4ECBD5A18EF9941B2919 |
SHA-512: | 8CE245544C0794D4522D10EFBE00814845E18AA51DA4E99A37980EB565E4ED447AF3899C36F9E7D606D8FE06775F4A9F6EB21587C2842FBF6DD2B29CE981DABB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{908054AA-4410-45BE-A60F-B0BC543AE3BB}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 0.898955158116908 |
Encrypted: | false |
SSDEEP: | 6:FlgI5lNcYcbsPFjK/WmP9+7giP4n4PxZUtBs/6:Flvc8KS7gJGZO |
MD5: | 549518436A2C4B97E9422E1AEC32E432 |
SHA1: | EEDC2867A3EA3EDB16E3FB52CA3ADEF8908B6DF1 |
SHA-256: | A2DD71C1827995791EEBB3170D3730645F313B9099C17F234443DB289ABBA1C4 |
SHA-512: | DF367523A22321691356CD49FFCE10B772B5E8F0E05377FA4B57BFAA74F5CAB757679FAEEDFB5D0F382AC74E3D23B9FA16B192A311B39A503A6E14E14DAA0908 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9DD68104-9F74-4147-BF67-D8C1A9A331E2}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.02555472380356475 |
Encrypted: | false |
SSDEEP: | 6:I3DPc0/VvxggLRzFIrnLGtRXv//4tfnRujlw//+GtluJ/eRuj:I3DPn/ZCrnIvYg3J/ |
MD5: | E7911CB21AB21ABF6D89358D6702668E |
SHA1: | 75B4F3034A40010A0064E588C100D56D0B794118 |
SHA-256: | E521F2141D1EB1690CE92108E94E8743E10608499707E72CF8E2D3FD18A6ED03 |
SHA-512: | FD49A4268F7C4887483DF721F8DFF33B6C513B01ADA44B33228F8FAE26660EE8D69278DA072A4C2D64505208049337C277AE4B421C6F14428AFA1DC48C5E1987 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.02554110170684297 |
Encrypted: | false |
SSDEEP: | 6:I3DPcFi8TVvxggLRjulTw1XlYPf7/RXv//4tfnRujlw//+GtluJ/eRuj:I3DPWPdP4U1XqH7pvYg3J/ |
MD5: | D5BB7E24CE5A19D0A36F70C87DFE89E8 |
SHA1: | 008D3EA4CF3DB6239AEEE6E092BEF43992EC2FC3 |
SHA-256: | AF13BE6172560EB428222CFA28013BE34B98DB55AE7D0FDCE0E91F6405FD22D3 |
SHA-512: | 95BF9A3BE65CD6ABA10EB9FEFD8502F275C2020D30EDB412BD90B536F1EC4DA5946F7ED6EA7F81FC528E07A2811606C06CA28621D5089A2F7474138266E0BEAA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1019 |
Entropy (8bit): | 4.569563658423784 |
Encrypted: | false |
SSDEEP: | 12:8bl80gXg/XAlCPCHaXRBktB/LAJX+WoDjuicvbIsYJ4hNDtZ3YilMMEpxRljK3w9:8uk/XThOkeHNeMsYuDv3qcTu7D |
MD5: | FE7E32F5C42E82CAF2EE7F0826F4F2D3 |
SHA1: | 057A06D484B3959E7307D0356B67B41D3C5F4C87 |
SHA-256: | D69CA660603491620A4F41EC06A83A183832847C991569AA5A1FE543E4A3BA5B |
SHA-512: | ABDB997CE84CBB2C83D391D3A4168FC8E8169CA556B5F55DB407D0304AF67432BA4212F4978B27083B274120863502735B7A3A3A562E2E7BE797A2287E7AD0B8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 4.759882730988537 |
Encrypted: | false |
SSDEEP: | 3:bDuMJlb4JipzCmxWItg3RJipzCv:bCQEiBqiBs |
MD5: | AADFD38DB75E156799C4CEC091515464 |
SHA1: | A3FD60947600D1F2216CF172352BD39DA775E4FA |
SHA-256: | 8929BCDAB20E01FDAE7BD030860DF319AAB030241B52BB5E469C464FC7D60BC6 |
SHA-512: | 7A63884E252637DE3A43EEF2055A6108E16161689876D5EE2E3A28364558CCD4CCD6A6B8A38AEA21A4F8FCC9A88A67CFBF19C7455B24E34541954FEE44EDC4BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyaJybdJylp2bG/WWNJbilFGUld/ln:vdsCkWtz8Oz2q/rViXdH/l |
MD5: | 7CFA404FD881AF8DF49EA584FE153C61 |
SHA1: | 32D9BF92626B77999E5E44780BF24130F3D23D66 |
SHA-256: | 248DB6BD8C5CD3542A5C0AE228D3ACD6D8A7FA0C0C62ABC3E178E57267F6CCD7 |
SHA-512: | F7CEC1177D4FF3F84F6F2A2A702E96713322AA56C628B49F728CD608E880255DA3EF412DE15BB58DF66D65560C03E68BA2A0DD6FDFA533BC9E428B0637562AEA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyaJybdJylp2bG/WWNJbilFGUld/ln:vdsCkWtz8Oz2q/rViXdH/l |
MD5: | 7CFA404FD881AF8DF49EA584FE153C61 |
SHA1: | 32D9BF92626B77999E5E44780BF24130F3D23D66 |
SHA-256: | 248DB6BD8C5CD3542A5C0AE228D3ACD6D8A7FA0C0C62ABC3E178E57267F6CCD7 |
SHA-512: | F7CEC1177D4FF3F84F6F2A2A702E96713322AA56C628B49F728CD608E880255DA3EF412DE15BB58DF66D65560C03E68BA2A0DD6FDFA533BC9E428B0637562AEA |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.273550678614421 |
TrID: |
|
File name: | fHER4lglqY.docx |
File size: | 12260 |
MD5: | 6878265f91c6cb31618ad8ff45891f60 |
SHA1: | 178c99c6b3ad6e1e835b2325b0d9a023d61d6d64 |
SHA256: | 2f75f6ee9ba9ef599dff95249a32312bb457ea34d5e25dec338b803c312221a0 |
SHA512: | b41459bcf66f1e9d77e21cc27fc940ec04559a352b38c236f659734b697c5d9a33d26ca905be9af482cbef230f586c93c9a5f666083dd6a3e9e8894d63753f15 |
SSDEEP: | 192:Ctv4DlKdmUGQ3CI1Ymkh+4wyuDUIKew+Wfm0FfkvGUlfLXaqEGF6:av4JORSIHkh/ruDUIs+30OnTge6 |
TLSH: | E8428D38CB50F874C42789FDAA8883F2E7895447E217546E2484E3998650593973BADF |
File Content Preview: | PK..........!....lZ... .......[Content_Types].xml ...(......................................................................................................................................................................................................... |
Icon Hash: | e4e6a2a2a4b4b4a4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 18, 2022 03:26:14.182174921 CEST | 49173 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:14.182254076 CEST | 443 | 49173 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:14.182373047 CEST | 49173 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:14.203026056 CEST | 49173 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:14.203078032 CEST | 443 | 49173 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:14.306660891 CEST | 443 | 49173 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:14.306756020 CEST | 49173 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:14.314047098 CEST | 49173 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:14.314063072 CEST | 443 | 49173 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:14.314338923 CEST | 443 | 49173 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:14.314404964 CEST | 49173 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:14.565172911 CEST | 49173 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:14.593014002 CEST | 443 | 49173 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:14.593157053 CEST | 49173 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:14.593182087 CEST | 443 | 49173 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:14.593221903 CEST | 443 | 49173 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:14.593276978 CEST | 49173 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:14.593307972 CEST | 49173 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:14.593504906 CEST | 49173 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:14.593527079 CEST | 443 | 49173 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:14.593561888 CEST | 49173 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:14.593609095 CEST | 49173 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:19.983845949 CEST | 49174 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:19.983912945 CEST | 443 | 49174 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:19.983988047 CEST | 49174 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:19.984257936 CEST | 49174 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:19.984275103 CEST | 443 | 49174 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:20.039246082 CEST | 443 | 49174 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:20.039416075 CEST | 49174 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:20.046616077 CEST | 49174 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:20.046659946 CEST | 443 | 49174 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:20.047168016 CEST | 443 | 49174 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:20.075588942 CEST | 49174 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:20.102585077 CEST | 443 | 49174 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:20.102710962 CEST | 443 | 49174 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:20.102804899 CEST | 49174 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:20.102861881 CEST | 49174 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:20.102888107 CEST | 443 | 49174 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:20.102916002 CEST | 49174 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:20.102926016 CEST | 443 | 49174 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:24.832207918 CEST | 49175 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:24.832277060 CEST | 443 | 49175 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:24.832361937 CEST | 49175 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:24.837711096 CEST | 49175 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:24.837760925 CEST | 443 | 49175 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:24.895754099 CEST | 443 | 49175 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:24.895880938 CEST | 49175 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:24.906800985 CEST | 49175 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:24.906837940 CEST | 443 | 49175 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:24.908533096 CEST | 443 | 49175 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:24.960191965 CEST | 49175 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:24.988162041 CEST | 443 | 49175 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:24.988338947 CEST | 443 | 49175 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:24.988435030 CEST | 49175 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:24.988894939 CEST | 49175 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:24.988931894 CEST | 443 | 49175 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:24.988950014 CEST | 49175 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:24.988965034 CEST | 443 | 49175 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:24.989316940 CEST | 49176 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:24.989362955 CEST | 443 | 49176 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:24.989552975 CEST | 49176 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:24.989753008 CEST | 49176 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:24.989768982 CEST | 443 | 49176 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:25.043608904 CEST | 443 | 49176 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:25.052735090 CEST | 49176 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:25.052793026 CEST | 443 | 49176 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:25.053524971 CEST | 49176 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:25.053544044 CEST | 443 | 49176 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:25.094947100 CEST | 443 | 49176 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:25.095072031 CEST | 443 | 49176 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:25.095199108 CEST | 49176 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:25.095341921 CEST | 49176 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:25.095379114 CEST | 443 | 49176 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:25.095484018 CEST | 49176 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:25.095496893 CEST | 443 | 49176 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.518024921 CEST | 49177 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.518086910 CEST | 443 | 49177 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.518208027 CEST | 49177 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.518573046 CEST | 49177 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.518604040 CEST | 443 | 49177 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.575459003 CEST | 443 | 49177 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.575592995 CEST | 49177 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.591032982 CEST | 49177 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.591059923 CEST | 443 | 49177 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.591826916 CEST | 443 | 49177 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.593431950 CEST | 49177 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.624212980 CEST | 443 | 49177 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.624478102 CEST | 443 | 49177 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.624552011 CEST | 49177 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.624588966 CEST | 49177 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.624609947 CEST | 443 | 49177 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.624625921 CEST | 49177 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.624634027 CEST | 443 | 49177 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.624881983 CEST | 49178 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.624918938 CEST | 443 | 49178 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.624985933 CEST | 49178 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.625117064 CEST | 49178 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.625130892 CEST | 443 | 49178 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.678792000 CEST | 443 | 49178 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.679228067 CEST | 49178 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.679258108 CEST | 443 | 49178 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.680341959 CEST | 49178 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.680355072 CEST | 443 | 49178 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.735126019 CEST | 443 | 49178 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.735229969 CEST | 443 | 49178 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:27.735296965 CEST | 49178 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.735750914 CEST | 49178 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:27.735773087 CEST | 443 | 49178 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:28.828907967 CEST | 49179 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:28.828941107 CEST | 443 | 49179 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:28.829010963 CEST | 49179 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:28.829351902 CEST | 49179 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:28.829370022 CEST | 443 | 49179 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:28.884264946 CEST | 443 | 49179 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:28.884381056 CEST | 49179 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:28.905508041 CEST | 49179 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:28.905529976 CEST | 443 | 49179 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:28.906013012 CEST | 443 | 49179 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:28.907669067 CEST | 49179 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:28.933871984 CEST | 443 | 49179 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:28.934182882 CEST | 443 | 49179 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:28.934269905 CEST | 49179 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:28.934336901 CEST | 49179 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:28.934356928 CEST | 443 | 49179 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:28.934372902 CEST | 49179 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:28.934381008 CEST | 443 | 49179 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:28.934674025 CEST | 49180 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:28.934706926 CEST | 443 | 49180 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:28.934773922 CEST | 49180 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:28.934901953 CEST | 49180 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:28.934916973 CEST | 443 | 49180 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.049283981 CEST | 443 | 49180 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.050079107 CEST | 49180 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.050110102 CEST | 443 | 49180 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.051697016 CEST | 49180 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.051717043 CEST | 443 | 49180 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.102128983 CEST | 443 | 49180 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.102318048 CEST | 443 | 49180 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.102416992 CEST | 49180 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.102461100 CEST | 49180 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.102492094 CEST | 443 | 49180 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.164927959 CEST | 49181 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.164982080 CEST | 443 | 49181 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.165102959 CEST | 49181 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.165364027 CEST | 49181 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.165390015 CEST | 443 | 49181 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.219578981 CEST | 443 | 49181 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.219805956 CEST | 49181 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.234894991 CEST | 49181 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.234908104 CEST | 443 | 49181 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.237591982 CEST | 49181 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.237600088 CEST | 443 | 49181 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.274084091 CEST | 443 | 49181 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.274164915 CEST | 49181 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.274305105 CEST | 443 | 49181 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.274401903 CEST | 49181 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.274418116 CEST | 443 | 49181 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.274461985 CEST | 443 | 49181 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.274476051 CEST | 49181 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.274522066 CEST | 49181 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.276987076 CEST | 49181 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.277009010 CEST | 443 | 49181 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.466778040 CEST | 49182 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.466850996 CEST | 443 | 49182 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.466979027 CEST | 49182 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.467436075 CEST | 49182 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.467468023 CEST | 443 | 49182 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.524586916 CEST | 443 | 49182 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.524719000 CEST | 49182 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.544425964 CEST | 49182 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.544466019 CEST | 443 | 49182 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.547264099 CEST | 49182 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.547302008 CEST | 443 | 49182 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.578814983 CEST | 443 | 49182 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.578917980 CEST | 49182 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.578948975 CEST | 443 | 49182 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.579026937 CEST | 49182 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.579051018 CEST | 49182 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.579070091 CEST | 443 | 49182 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.579081059 CEST | 49182 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.579138994 CEST | 49182 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.767379999 CEST | 49183 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.767416000 CEST | 443 | 49183 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.767493963 CEST | 49183 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.767754078 CEST | 49183 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.767766953 CEST | 443 | 49183 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.821538925 CEST | 443 | 49183 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.821661949 CEST | 49183 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.834794044 CEST | 49183 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.834815025 CEST | 443 | 49183 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.838196993 CEST | 49183 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.838211060 CEST | 443 | 49183 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.871902943 CEST | 443 | 49183 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.871989965 CEST | 49183 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.872019053 CEST | 443 | 49183 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.872051001 CEST | 443 | 49183 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.872073889 CEST | 49183 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.872091055 CEST | 49183 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.872101068 CEST | 443 | 49183 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.872111082 CEST | 49183 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.872122049 CEST | 49183 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.872147083 CEST | 49183 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.993560076 CEST | 49184 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.993613005 CEST | 443 | 49184 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:29.993681908 CEST | 49184 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.993980885 CEST | 49184 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:29.994010925 CEST | 443 | 49184 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:30.050597906 CEST | 443 | 49184 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:30.050750017 CEST | 49184 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:30.066996098 CEST | 49184 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:30.067029953 CEST | 443 | 49184 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:30.067912102 CEST | 443 | 49184 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:30.077763081 CEST | 49184 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:30.105458021 CEST | 443 | 49184 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:30.105593920 CEST | 443 | 49184 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:30.105684042 CEST | 49184 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:30.105768919 CEST | 49184 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:30.105798006 CEST | 443 | 49184 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:30.105828047 CEST | 49184 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:30.105843067 CEST | 443 | 49184 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:30.105881929 CEST | 49184 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:30.105894089 CEST | 443 | 49184 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.228614092 CEST | 49185 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.228693962 CEST | 443 | 49185 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.228782892 CEST | 49185 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.229090929 CEST | 49185 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.229116917 CEST | 443 | 49185 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.284296989 CEST | 443 | 49185 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.284399986 CEST | 49185 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.296518087 CEST | 49185 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.296551943 CEST | 443 | 49185 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.297146082 CEST | 443 | 49185 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.298226118 CEST | 49185 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.334104061 CEST | 443 | 49185 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.334306002 CEST | 443 | 49185 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.334580898 CEST | 49185 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.334765911 CEST | 49185 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.334803104 CEST | 443 | 49185 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.334825993 CEST | 49185 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.334837914 CEST | 443 | 49185 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.335710049 CEST | 49186 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.335758924 CEST | 443 | 49186 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.335859060 CEST | 49186 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.336083889 CEST | 49186 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.336110115 CEST | 443 | 49186 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.390105963 CEST | 443 | 49186 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.395313978 CEST | 49186 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.395349979 CEST | 443 | 49186 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.398246050 CEST | 49186 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.398258924 CEST | 443 | 49186 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.440855026 CEST | 443 | 49186 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.441067934 CEST | 443 | 49186 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:31.441160917 CEST | 49186 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.441317081 CEST | 49186 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:31.441348076 CEST | 443 | 49186 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.376491070 CEST | 49187 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.376535892 CEST | 443 | 49187 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.376612902 CEST | 49187 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.383979082 CEST | 49187 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.383996010 CEST | 443 | 49187 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.439623117 CEST | 443 | 49187 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.439737082 CEST | 49187 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.452527046 CEST | 49187 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.452569008 CEST | 443 | 49187 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.453336000 CEST | 443 | 49187 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.455018044 CEST | 49187 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.489166975 CEST | 443 | 49187 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.489384890 CEST | 443 | 49187 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.489593029 CEST | 49187 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.491607904 CEST | 49187 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.491667032 CEST | 443 | 49187 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.491708040 CEST | 49187 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.491723061 CEST | 443 | 49187 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.492157936 CEST | 49188 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.492209911 CEST | 443 | 49188 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.492286921 CEST | 49188 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.495819092 CEST | 49188 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.495848894 CEST | 443 | 49188 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.550169945 CEST | 443 | 49188 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.550585985 CEST | 49188 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.550625086 CEST | 443 | 49188 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.551805019 CEST | 49188 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.551817894 CEST | 443 | 49188 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.601104021 CEST | 443 | 49188 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.601293087 CEST | 443 | 49188 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.601538897 CEST | 49188 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.607307911 CEST | 49188 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.607342005 CEST | 443 | 49188 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.620943069 CEST | 49189 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.621007919 CEST | 443 | 49189 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.621098042 CEST | 49189 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.621252060 CEST | 49189 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.621268988 CEST | 443 | 49189 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.675162077 CEST | 443 | 49189 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.675282955 CEST | 49189 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.689403057 CEST | 49189 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.689436913 CEST | 443 | 49189 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.692982912 CEST | 49189 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.693016052 CEST | 443 | 49189 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.725722075 CEST | 443 | 49189 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.725920916 CEST | 443 | 49189 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.725976944 CEST | 49189 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.726008892 CEST | 49189 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.726026058 CEST | 443 | 49189 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.726042986 CEST | 49189 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.727767944 CEST | 49189 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.728760958 CEST | 49190 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.728821039 CEST | 443 | 49190 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.728909016 CEST | 49190 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.729113102 CEST | 49190 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.729131937 CEST | 443 | 49190 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.783004045 CEST | 443 | 49190 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.783129930 CEST | 49190 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.799756050 CEST | 49190 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.799779892 CEST | 443 | 49190 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.804323912 CEST | 49190 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.804347038 CEST | 443 | 49190 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.835503101 CEST | 443 | 49190 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.835597992 CEST | 49190 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.835624933 CEST | 443 | 49190 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.835655928 CEST | 443 | 49190 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.835700035 CEST | 49190 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.835716009 CEST | 443 | 49190 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:32.835727930 CEST | 49190 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.835738897 CEST | 49190 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:32.835767031 CEST | 49190 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:33.027527094 CEST | 49191 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:33.027592897 CEST | 443 | 49191 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:33.027712107 CEST | 49191 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:33.041888952 CEST | 49191 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:33.041933060 CEST | 443 | 49191 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:33.096925974 CEST | 443 | 49191 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:33.097075939 CEST | 49191 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:33.113004923 CEST | 49191 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:33.113032103 CEST | 443 | 49191 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:33.118805885 CEST | 49191 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:33.118859053 CEST | 443 | 49191 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:33.147566080 CEST | 443 | 49191 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:33.147661924 CEST | 49191 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:33.147680998 CEST | 443 | 49191 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:33.147711039 CEST | 443 | 49191 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:33.147732973 CEST | 49191 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:33.147764921 CEST | 49191 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:33.147783995 CEST | 49191 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:33.147805929 CEST | 443 | 49191 | 178.21.112.152 | 192.168.2.22 |
Aug 18, 2022 03:26:33.147814989 CEST | 49191 | 443 | 192.168.2.22 | 178.21.112.152 |
Aug 18, 2022 03:26:33.147862911 CEST | 49191 | 443 | 192.168.2.22 | 178.21.112.152 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 18, 2022 03:26:14.132697105 CEST | 49688 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:14.172312975 CEST | 53 | 49688 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:19.898319960 CEST | 58836 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:19.937839031 CEST | 53 | 58836 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:19.943753004 CEST | 50134 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:19.982876062 CEST | 53 | 50134 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:24.749608994 CEST | 55275 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:24.771452904 CEST | 53 | 55275 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:24.782529116 CEST | 59915 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:24.823863029 CEST | 53 | 59915 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:27.424046040 CEST | 54408 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:27.463329077 CEST | 53 | 54408 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:27.470101118 CEST | 50108 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:27.517323971 CEST | 53 | 50108 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:28.789442062 CEST | 54723 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:28.808691025 CEST | 53 | 54723 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:28.810887098 CEST | 58062 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:28.828114986 CEST | 53 | 58062 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:29.904416084 CEST | 56703 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:29.923461914 CEST | 53 | 56703 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:29.928502083 CEST | 59241 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:29.992835045 CEST | 53 | 59241 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:31.190190077 CEST | 55244 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:31.207489967 CEST | 53 | 55244 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:31.209192991 CEST | 53958 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:31.228089094 CEST | 53 | 53958 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:32.329346895 CEST | 56020 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:32.346155882 CEST | 53 | 56020 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 03:26:32.348210096 CEST | 51663 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 03:26:32.367182970 CEST | 53 | 51663 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 18, 2022 03:26:14.132697105 CEST | 192.168.2.22 | 8.8.8.8 | 0x5930 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:19.898319960 CEST | 192.168.2.22 | 8.8.8.8 | 0x75e7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:19.943753004 CEST | 192.168.2.22 | 8.8.8.8 | 0x1897 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:24.749608994 CEST | 192.168.2.22 | 8.8.8.8 | 0xf2ca | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:24.782529116 CEST | 192.168.2.22 | 8.8.8.8 | 0xdc64 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:27.424046040 CEST | 192.168.2.22 | 8.8.8.8 | 0xbe50 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:27.470101118 CEST | 192.168.2.22 | 8.8.8.8 | 0x646c | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:28.789442062 CEST | 192.168.2.22 | 8.8.8.8 | 0x12f1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:28.810887098 CEST | 192.168.2.22 | 8.8.8.8 | 0xe6e0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:29.904416084 CEST | 192.168.2.22 | 8.8.8.8 | 0x2057 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:29.928502083 CEST | 192.168.2.22 | 8.8.8.8 | 0x5cd7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:31.190190077 CEST | 192.168.2.22 | 8.8.8.8 | 0x6703 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:31.209192991 CEST | 192.168.2.22 | 8.8.8.8 | 0x7820 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:32.329346895 CEST | 192.168.2.22 | 8.8.8.8 | 0x2c87 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 03:26:32.348210096 CEST | 192.168.2.22 | 8.8.8.8 | 0x4c7a | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 18, 2022 03:26:14.172312975 CEST | 8.8.8.8 | 192.168.2.22 | 0x5930 | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:19.937839031 CEST | 8.8.8.8 | 192.168.2.22 | 0x75e7 | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:19.982876062 CEST | 8.8.8.8 | 192.168.2.22 | 0x1897 | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:24.771452904 CEST | 8.8.8.8 | 192.168.2.22 | 0xf2ca | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:24.823863029 CEST | 8.8.8.8 | 192.168.2.22 | 0xdc64 | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:27.463329077 CEST | 8.8.8.8 | 192.168.2.22 | 0xbe50 | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:27.517323971 CEST | 8.8.8.8 | 192.168.2.22 | 0x646c | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:28.808691025 CEST | 8.8.8.8 | 192.168.2.22 | 0x12f1 | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:28.828114986 CEST | 8.8.8.8 | 192.168.2.22 | 0xe6e0 | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:29.923461914 CEST | 8.8.8.8 | 192.168.2.22 | 0x2057 | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:29.992835045 CEST | 8.8.8.8 | 192.168.2.22 | 0x5cd7 | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:31.207489967 CEST | 8.8.8.8 | 192.168.2.22 | 0x6703 | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:31.228089094 CEST | 8.8.8.8 | 192.168.2.22 | 0x7820 | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:32.346155882 CEST | 8.8.8.8 | 192.168.2.22 | 0x2c87 | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 03:26:32.367182970 CEST | 8.8.8.8 | 192.168.2.22 | 0x4c7a | No error (0) | 178.21.112.152 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49173 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:14 UTC | 0 | OUT | |
2022-08-18 01:26:14 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49174 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:20 UTC | 0 | OUT | |
2022-08-18 01:26:20 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.22 | 49183 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:29 UTC | 13 | OUT | |
2022-08-18 01:26:29 UTC | 13 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.22 | 49184 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:30 UTC | 13 | OUT | |
2022-08-18 01:26:30 UTC | 13 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.22 | 49185 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:31 UTC | 14 | OUT | |
2022-08-18 01:26:31 UTC | 14 | IN | |
2022-08-18 01:26:31 UTC | 14 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.22 | 49186 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:31 UTC | 15 | OUT | |
2022-08-18 01:26:31 UTC | 15 | IN | |
2022-08-18 01:26:31 UTC | 15 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.22 | 49187 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:32 UTC | 15 | OUT | |
2022-08-18 01:26:32 UTC | 16 | IN | |
2022-08-18 01:26:32 UTC | 16 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.22 | 49188 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:32 UTC | 16 | OUT | |
2022-08-18 01:26:32 UTC | 16 | IN | |
2022-08-18 01:26:32 UTC | 17 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
16 | 192.168.2.22 | 49189 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:32 UTC | 17 | OUT | |
2022-08-18 01:26:32 UTC | 17 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
17 | 192.168.2.22 | 49190 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:32 UTC | 18 | OUT | |
2022-08-18 01:26:32 UTC | 18 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
18 | 192.168.2.22 | 49191 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:33 UTC | 18 | OUT | |
2022-08-18 01:26:33 UTC | 18 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49175 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:24 UTC | 0 | OUT | |
2022-08-18 01:26:24 UTC | 1 | IN | |
2022-08-18 01:26:24 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49176 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:25 UTC | 1 | OUT | |
2022-08-18 01:26:25 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.22 | 49177 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:27 UTC | 2 | OUT | |
2022-08-18 01:26:27 UTC | 2 | IN | |
2022-08-18 01:26:27 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.22 | 49178 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:27 UTC | 2 | OUT | |
2022-08-18 01:26:27 UTC | 3 | IN | |
2022-08-18 01:26:27 UTC | 3 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.22 | 49179 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:28 UTC | 3 | OUT | |
2022-08-18 01:26:28 UTC | 3 | IN | |
2022-08-18 01:26:28 UTC | 4 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.22 | 49180 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:29 UTC | 4 | OUT | |
2022-08-18 01:26:29 UTC | 4 | IN | |
2022-08-18 01:26:29 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.22 | 49181 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:29 UTC | 5 | OUT | |
2022-08-18 01:26:29 UTC | 5 | IN | |
2022-08-18 01:26:29 UTC | 6 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.22 | 49182 | 178.21.112.152 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 01:26:29 UTC | 12 | OUT | |
2022-08-18 01:26:29 UTC | 12 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 03:26:12 |
Start date: | 18/08/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13faa0000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |