Windows
Analysis Report
qoIZSkdejM
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 2536 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Doc_WordXMLRels_May22 | Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard, Wojciech Cieslak |
| |
INDICATOR_OLE_RemoteTemplate | Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
Click to see the 4 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira URL Cloud: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Extracted files from sample: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | LNK file: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | Extracted files from sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 13 Exploitation for Client Execution | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 2 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 13 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
35% | Virustotal | Browse | ||
23% | Metadefender | Browse | ||
45% | ReversingLabs | Document-Word.Exploit.CVE-2022-30190 | ||
100% | Avira | W97M/Dldr.Agent.G1 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | JS/CVE-2022-30190.G | ||
100% | Avira | JS/CVE-2022-30190.G | ||
100% | Avira | JS/CVE-2022-30190.G |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.malwarejake.com | 143.198.109.79 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
143.198.109.79 | www.malwarejake.com | United States | 15557 | LDCOMNETFR | true |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 686090 |
Start date and time: | 2022-08-18 08:26:02 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 33s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | qoIZSkdejM (renamed file extension from none to docx) |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal96.expl.evad.winDOCX@1/18@15/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe
- Report size getting too big, too many NtQueryAttributesFile calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
LDCOMNETFR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.28873688711451273 |
Encrypted: | false |
SSDEEP: | 48:I36SRBz0/O33Oq3OOeOplGOmjn3YOh8Qys1gOX7FBOX0GROXX3OXJrPOXvTO4OwR:KnLz765g0GWXsVEmyrySH |
MD5: | 28F73E1D7481A925E37DD40FBD66ADB5 |
SHA1: | C83C1651B1CE7CA06214D536C733A4BE288D1035 |
SHA-256: | A32B295015C9D2E54D7B85D64FBC2B512E28F3696291F1F7EEA9CA1DE51366CE |
SHA-512: | 233C0AE685D4F96D9521BBF1BBC566AA44F97302D3A5E84F35564FE740579CE13E5FD396E2A8A5558009D09F59DC620293CC9552A7B7F5DBEDE163178930A584 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{B8717A19-9829-40D6-A026-8F5ABC06FCCF}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.6724512997201999 |
Encrypted: | false |
SSDEEP: | 768:X4VM1AI/x/3bC/pmqw4gdm+2YKyiIt1m+2YKyiIttm+2YKyiItIm+2YKyiI:XnRzbo |
MD5: | 77F6420775F752B526D099B514984A9E |
SHA1: | DBD33E40BE3851E00BD269864C3395B4B42AC961 |
SHA-256: | BCFED7836FE35909AD9DDBF5DCD4D9E862A623583BF6550DFD263AA243A5CB30 |
SHA-512: | 0C79EB825AA45F69CC6277B8BE18C720F40B965180B2DB944230EFB599D6E95DC5FCCCDFD648CD11167BEAD6FE58E1AA5D759D39D8EC0E3F173E3562F9C83413 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.959476246683456 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlzyl8jFYiRzhpTXrCwkAjfct276:yPblzyl6FYiRmwkAbct22 |
MD5: | 42A4C1F97C02E4455D7124209DAD82D6 |
SHA1: | 35E02941D6F93B89612B9138A4158B3E73722DC7 |
SHA-256: | 2DF9425A9498D48647078C0374EFE91BDD7AAD2A5295E512F8C73F053BF5D5ED |
SHA-512: | 16D712CBFAC51BC908683F3AA925CE1383FB19529B4B25E600FC59B105D75A9F1E2D88C1631D40D7154A6006DF8028409208E3A240EA7DB6307FBB75DB7A73C6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.28691484699157094 |
Encrypted: | false |
SSDEEP: | 48:I3taRBG+81ZCMG4gaBTMhUfkgMfPlQwrnerk9H:KtaLXKNlTHMfPldMqH |
MD5: | 3ACA8973093C12C413A9EE1A54F08EC9 |
SHA1: | CECF24CEEEE35496AFC258BD51AEE8A015CE5860 |
SHA-256: | 3B541FD09566960CD44EBD7FE9636389A0D32B051BC361F6BEABC7C352F8A70B |
SHA-512: | 0E37BB3424786D4165C36509BD5BFA179DFF8BE3A8AFE3F514C038F1F49BE48EDD10A23A07911E3CDF2295EF6513D96967555695557BC6CA72DB596338066651 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{C6D9626B-042E-41CB-8D4F-7A4C3803912A}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.22069206926972237 |
Encrypted: | false |
SSDEEP: | 48:I3qf0TUUrBrME5BFdkY9oso/mSpM/oNP/oNh:K8SUC55Gpq |
MD5: | 7C3F381F7EBADADFC1D6D02020D4A9C2 |
SHA1: | 98C49943B9F8F74B74CCD81F03DE992B38B71A4C |
SHA-256: | EE92EA31846F8A102B1F1ACA826FAD2779FA061390888EE22B6E4638C4EBF384 |
SHA-512: | 35712E6451D7818EE4DAFF5D03290E9991E9B78D83B0E74C3F7E229D5C51688E6C6CBC4EADFFA12F4FED6B755E19A7AB443470FEF497C0CFD472F627B2849D61 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.9934613605512386 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlzq7lU1SLNyeSldhttkL0WFPFu276:yPblzaU7jBEz9Fu22 |
MD5: | 3E7A15E942D05782E9E43891ECECF90C |
SHA1: | F90804676119952EB42BBB590F7D6869544B43CE |
SHA-256: | 95F6BA028B9748336838FC2D20CCB266CAA743CD8B6FF5044745D0651237B505 |
SHA-512: | 7C64CC766B4CBDA1EC0F61EDEC8EEDF56BA4E243044543C1275C025613CC8B6CC4B46213DD843E31FC284385B9AC34E91BA204E65FD4F0A1A55256A3AE44C2B7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\456[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 7056 |
Entropy (8bit): | 1.1561718807594425 |
Encrypted: | false |
SSDEEP: | 24:0Wr/HdlR1N7cGkLnPKZ2kt8HqCkEvNu4SYMW:0Wr/ddUPyNnEFu4SPW |
MD5: | B92EE400BE1F2612B4138031DFC5881E |
SHA1: | 322065E52393CC668A77A0EB76F33EEC191CC668 |
SHA-256: | 8918EDE0A38D40EE0B89028819DCAAC6BB73D2280AD88EA2E1D0A42FD7101AA6 |
SHA-512: | B33D22C2C3951BF8403E3B8FB13BEB8614BF8EF743344BA944D119FE1DD67D61BDEB78964639B99346E6B8045E517A023FECB8A29665E31F26E70BDCC6B9732B |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
IE Cache URL: | https://www.malwarejake.com/456.html |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8EBCBBE8.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7056 |
Entropy (8bit): | 1.1561718807594425 |
Encrypted: | false |
SSDEEP: | 24:0Wr/HdlR1N7cGkLnPKZ2kt8HqCkEvNu4SYMW:0Wr/ddUPyNnEFu4SPW |
MD5: | B92EE400BE1F2612B4138031DFC5881E |
SHA1: | 322065E52393CC668A77A0EB76F33EEC191CC668 |
SHA-256: | 8918EDE0A38D40EE0B89028819DCAAC6BB73D2280AD88EA2E1D0A42FD7101AA6 |
SHA-512: | B33D22C2C3951BF8403E3B8FB13BEB8614BF8EF743344BA944D119FE1DD67D61BDEB78964639B99346E6B8045E517A023FECB8A29665E31F26E70BDCC6B9732B |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F8D236.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7056 |
Entropy (8bit): | 1.1561718807594425 |
Encrypted: | false |
SSDEEP: | 24:0Wr/HdlR1N7cGkLnPKZ2kt8HqCkEvNu4SYMW:0Wr/ddUPyNnEFu4SPW |
MD5: | B92EE400BE1F2612B4138031DFC5881E |
SHA1: | 322065E52393CC668A77A0EB76F33EEC191CC668 |
SHA-256: | 8918EDE0A38D40EE0B89028819DCAAC6BB73D2280AD88EA2E1D0A42FD7101AA6 |
SHA-512: | B33D22C2C3951BF8403E3B8FB13BEB8614BF8EF743344BA944D119FE1DD67D61BDEB78964639B99346E6B8045E517A023FECB8A29665E31F26E70BDCC6B9732B |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{6D6953D1-CE9C-4DB1-815E-63A7D4CF5844}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5120 |
Entropy (8bit): | 2.1106765232664424 |
Encrypted: | false |
SSDEEP: | 24:rYvXkbK/FPifnQNSLNni0nQdPi4ggooULNniT:rYfkm9cnQSpi0nQdfWFpi |
MD5: | D0E8EEB4350D366F88AB89E9AB7BC0BE |
SHA1: | 3C96C82FD16422901C26C1966F5726F73DA6DE34 |
SHA-256: | 46C37C7B7958325F3882CE70315C10B0FDBB912404925FAFB893AB765707A02B |
SHA-512: | FA4FFC253836E0712FAA0C7B6CEB81349895313767F0BB14A97B2D35FF8637D6FA1FE38803A64663FF17DA9172951937BA1966C040BB5D2DF4830D54B96DE24B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AA6E250D-FB32-4807-A558-7E6F31821338}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 0.7710450912559451 |
Encrypted: | false |
SSDEEP: | 3:5lsl4/I5lNVRIYk/lElXlAPlMOau+2lT8M1nRF5Zfdkl5XHlRtp/gdl/ABdllqPe:olgI5lNcYWeuPa+ejJoYB4PxZUtLsmN |
MD5: | DF555F2BD2F7953B785FBD5C2EC880ED |
SHA1: | EC5BBE67F462283F60964E804FEA21BE05DEDE5E |
SHA-256: | B5E66DC74C4F74A231454D7843C6A8E9B6DFF18E51AF4590CC460FE9E5373E6D |
SHA-512: | E2C31A4890ECD7B809D27DF505BAD97BD9B5BF7A7F5900C07F81705221FFCD13F949A57E8DBC5D07E025FE2778DC37F75346D24CEE342C1316FFC493632C95E4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C04F3D99-F9B9-4448-A2CE-FCD4E5583AFE}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025595998137779664 |
Encrypted: | false |
SSDEEP: | 6:I3DPcXKq3u/FvxggLRBJgNkBB/RDRXv//4tfnRujlw//+GtluJ/eRuj:I3DPAsTgGB/R1vYg3J/ |
MD5: | 1DE094F8CC783FB8C79C8796F6DEFE80 |
SHA1: | 7D012B58C1F576912E30B7626563E66504C45FEA |
SHA-256: | 05415D3ECB94C1E9A41DF6598194681CA259A883B702D73F24A9C14C3B60128A |
SHA-512: | D8D4EFCFBE62216E78D57BEF7531FEB8C7433602E169EED5FB3B1903E33F6A0EC32E0D15D4D017719DF45B4906D79D01E6DC990E0E149E01F61EAF8C59498815 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025470567096111188 |
Encrypted: | false |
SSDEEP: | 6:I3DPchixVvxggLRNA40ltRXv//4tfnRujlw//+GtluJ/eRuj:I3DP2ixZMTvYg3J/ |
MD5: | 314C04BEA9F8999637A6874D071429EB |
SHA1: | 004A2ECCE0788F2ACA8ADFD7725608B8AAAFA44A |
SHA-256: | DAA04F38CD32929596048F14FD986658824430CD0B025D6D4C7074E29D57610E |
SHA-512: | 38DD64E7172A9CC0BFE9C8EECCE3DA1AE4CA9FFD8216A0E74E51979161B00647A02109020611C06F13747C9C944F763B71D2164F5DED9AB16189786DBD919DCA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 4.786273488348122 |
Encrypted: | false |
SSDEEP: | 3:bDuMJlMKpO1d2mxWfOO1d2v:bCAm |
MD5: | 22FF1DED7C768389EA5A0012AD7FFDB7 |
SHA1: | 3C6A3F7DCF0A4DF09F1C6649D44517042797A9FC |
SHA-256: | 4B03CCDC4AF57995C882CEE2F0FF79078A3521735DA3976B07F3DF4A2BFB658D |
SHA-512: | 8011B24585EC92ED0E5A6E4806D89533DE7604BFD949B663B7EEF16EA1D40D3F93BEA03F07E04EE9D10456FE8C3D87F7EB7AF06BE515A686D79EBE5CD6182DBB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1019 |
Entropy (8bit): | 4.575475970912561 |
Encrypted: | false |
SSDEEP: | 24:8nkvk/XTHEmxQoyCNeixGFgDv3qGniu7D:8kvk/XTkLoyCNjc/Gi0D |
MD5: | B1265A330658214AB98AB51EEFFD590A |
SHA1: | 059ACAD7A250B8FDC69045F883DD97BEC5246641 |
SHA-256: | CD34EE17637F61F1857FC3D3B374C294CF58241C07B1DC442027FD0E1592BAE2 |
SHA-512: | 97A96DD5E41667621B7833BACBF2ED12D2C6CF4195327A3D8861A2AB522CC762332851FF7142188328FAEB4E6BD4A996D9926C76ADF9EC51F56097054DE111B4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.832260939059278 |
TrID: |
|
File name: | qoIZSkdejM.docx |
File size: | 10469 |
MD5: | 0d37337ead8492e1b2395f6cd4f724fc |
SHA1: | a66ff1064025c026f2d88b87796009ba34c1bee8 |
SHA256: | cd3132beed7d712a890f83dc302765bfa232e5b059a6fa7b4ee5355f11b55368 |
SHA512: | 113711a807da1417cff28760d0050543631c969725c65b7b32da874cc07c16baa24a894c97ffc185cbdc574c62f078621216d7e970cdf7c89e553ca5f2fdbd2a |
SSDEEP: | 192:R8D/fgUUn+iZ7dADiIF8TBIuICjBlK2dRBeVeT6lf/XO+ra8a:R8bfgzn+iZ7dADiIF8NIFCu2dRBOm6lK |
TLSH: | 9322BF35DF0A2D52C00BC23B60060706E44B68F3DA6F2A4FF6901AD6CD624EC175DD5E |
File Content Preview: | PK...........T...lU... .......[Content_Types].xml...N.0.E.H.C.m..e..j...%T.|.kOZ..dO_...)..J#..DJf.=w.....5..b...lP.Y.Nz...d.....e..S.x.%.Bb....p...2R.T..b..<..X....Q......8.A..1.~...r.....k.6.>B%.....}n.D0.e.Mc.*...h)..|...%...R.z.B...............&j..DD| |
Icon Hash: | e4e6a2a2a4b4b4a4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 18, 2022 08:27:05.079196930 CEST | 49178 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:05.079236984 CEST | 443 | 49178 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:05.079355001 CEST | 49178 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:05.094245911 CEST | 49178 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:05.094278097 CEST | 443 | 49178 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:05.496416092 CEST | 443 | 49178 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:05.496752977 CEST | 49178 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:05.508595943 CEST | 49178 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:05.508629084 CEST | 443 | 49178 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:05.509022951 CEST | 443 | 49178 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:05.509111881 CEST | 49178 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:05.760010958 CEST | 49178 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:05.807367086 CEST | 443 | 49178 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:05.950066090 CEST | 443 | 49178 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:05.950203896 CEST | 443 | 49178 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:05.950298071 CEST | 49178 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:05.950345993 CEST | 49178 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:05.950719118 CEST | 49178 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:05.950742960 CEST | 443 | 49178 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:05.950781107 CEST | 49178 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:05.950820923 CEST | 49178 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:11.777801991 CEST | 49179 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:11.777848959 CEST | 443 | 49179 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:11.777939081 CEST | 49179 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:11.781728983 CEST | 49179 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:11.781754971 CEST | 443 | 49179 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:12.157306910 CEST | 443 | 49179 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:12.157476902 CEST | 49179 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:12.168793917 CEST | 49179 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:12.168811083 CEST | 443 | 49179 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:12.169581890 CEST | 443 | 49179 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:12.193221092 CEST | 49179 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:12.235373974 CEST | 443 | 49179 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:12.522223949 CEST | 443 | 49179 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:12.522680998 CEST | 49179 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:12.522768021 CEST | 443 | 49179 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:12.522789001 CEST | 49179 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:12.523118973 CEST | 443 | 49179 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:12.523174047 CEST | 443 | 49179 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:12.523310900 CEST | 49179 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:17.034006119 CEST | 49180 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:17.034058094 CEST | 443 | 49180 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:17.034127951 CEST | 49180 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:17.035756111 CEST | 49180 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:17.035784006 CEST | 443 | 49180 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:17.393188000 CEST | 443 | 49180 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:17.393440962 CEST | 49180 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:17.407644987 CEST | 49180 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:17.407680988 CEST | 443 | 49180 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:17.408390999 CEST | 443 | 49180 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:17.435034037 CEST | 49180 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:17.479376078 CEST | 443 | 49180 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:17.738584995 CEST | 443 | 49180 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:17.738720894 CEST | 443 | 49180 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:17.738814116 CEST | 49180 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:17.739058971 CEST | 49180 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:17.739078045 CEST | 443 | 49180 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:18.835387945 CEST | 49181 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:18.835422993 CEST | 443 | 49181 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:18.835465908 CEST | 49181 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:18.835896969 CEST | 49181 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:18.835911036 CEST | 443 | 49181 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:19.202419043 CEST | 443 | 49181 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:19.202724934 CEST | 49181 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:19.214833975 CEST | 49181 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:19.214850903 CEST | 443 | 49181 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:19.215549946 CEST | 443 | 49181 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:19.217200994 CEST | 49181 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:19.259370089 CEST | 443 | 49181 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:19.556180954 CEST | 443 | 49181 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:19.556308031 CEST | 443 | 49181 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:19.556437969 CEST | 49181 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:19.556953907 CEST | 49181 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:19.556973934 CEST | 443 | 49181 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:20.579341888 CEST | 49182 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:20.579407930 CEST | 443 | 49182 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:20.579480886 CEST | 49182 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:20.579756021 CEST | 49182 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:20.579777002 CEST | 443 | 49182 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:20.953999996 CEST | 443 | 49182 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:20.954180956 CEST | 49182 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:20.967492104 CEST | 49182 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:20.967525005 CEST | 443 | 49182 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:20.967890978 CEST | 443 | 49182 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:20.971045017 CEST | 49182 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:21.011486053 CEST | 443 | 49182 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:21.308835030 CEST | 443 | 49182 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:21.308968067 CEST | 443 | 49182 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:21.309154987 CEST | 49182 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:21.309405088 CEST | 49182 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:21.309431076 CEST | 443 | 49182 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:21.380564928 CEST | 49183 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:21.380642891 CEST | 443 | 49183 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:21.380734921 CEST | 49183 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:21.381005049 CEST | 49183 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:21.381026983 CEST | 443 | 49183 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:21.740636110 CEST | 443 | 49183 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:21.740732908 CEST | 49183 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:21.748636007 CEST | 49183 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:21.748660088 CEST | 443 | 49183 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:21.752554893 CEST | 49183 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:21.752564907 CEST | 443 | 49183 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:22.089577913 CEST | 443 | 49183 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:22.089698076 CEST | 443 | 49183 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:22.089773893 CEST | 49183 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.089785099 CEST | 443 | 49183 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:22.089833021 CEST | 49183 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.089858055 CEST | 49183 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.092797041 CEST | 49183 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.092833042 CEST | 443 | 49183 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:22.290458918 CEST | 49184 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.290574074 CEST | 443 | 49184 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:22.290679932 CEST | 49184 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.291095018 CEST | 49184 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.291124105 CEST | 443 | 49184 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:22.643919945 CEST | 443 | 49184 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:22.644179106 CEST | 49184 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.668955088 CEST | 49184 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.668979883 CEST | 443 | 49184 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:22.671838999 CEST | 49184 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.671861887 CEST | 443 | 49184 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:22.994339943 CEST | 443 | 49184 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:22.994438887 CEST | 443 | 49184 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:22.994647980 CEST | 49184 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.994735003 CEST | 49184 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.994813919 CEST | 49184 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.994852066 CEST | 443 | 49184 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:22.994873047 CEST | 49184 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:22.994961977 CEST | 49184 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.194561958 CEST | 49185 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.194628954 CEST | 443 | 49185 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:23.194725037 CEST | 49185 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.194979906 CEST | 49185 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.195003986 CEST | 443 | 49185 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:23.549240112 CEST | 443 | 49185 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:23.549345970 CEST | 49185 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.556111097 CEST | 49185 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.556132078 CEST | 443 | 49185 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:23.558793068 CEST | 49185 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.558813095 CEST | 443 | 49185 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:23.898886919 CEST | 443 | 49185 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:23.898973942 CEST | 443 | 49185 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:23.899334908 CEST | 49185 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.899435997 CEST | 49185 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.899458885 CEST | 443 | 49185 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:23.899467945 CEST | 49185 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.899774075 CEST | 49185 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.981180906 CEST | 49186 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.981225967 CEST | 443 | 49186 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:23.981297970 CEST | 49186 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.981651068 CEST | 49186 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:23.981673956 CEST | 443 | 49186 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:24.339759111 CEST | 443 | 49186 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:24.339955091 CEST | 49186 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:24.353986979 CEST | 49186 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:24.354033947 CEST | 443 | 49186 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:24.354629993 CEST | 443 | 49186 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:24.362306118 CEST | 49186 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:24.403378963 CEST | 443 | 49186 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:24.687177896 CEST | 443 | 49186 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:24.687351942 CEST | 49186 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:24.687393904 CEST | 443 | 49186 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:24.687419891 CEST | 49186 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:24.687455893 CEST | 443 | 49186 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:24.687504053 CEST | 49186 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:24.687546015 CEST | 443 | 49186 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:25.720864058 CEST | 49187 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:25.720897913 CEST | 443 | 49187 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:25.720959902 CEST | 49187 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:25.721229076 CEST | 49187 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:25.721242905 CEST | 443 | 49187 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:26.083959103 CEST | 443 | 49187 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:26.084094048 CEST | 49187 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:26.094850063 CEST | 49187 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:26.094866037 CEST | 443 | 49187 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:26.095748901 CEST | 443 | 49187 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:26.096977949 CEST | 49187 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:26.143372059 CEST | 443 | 49187 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:26.443223000 CEST | 443 | 49187 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:26.443377972 CEST | 443 | 49187 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:26.443504095 CEST | 49187 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:26.443991899 CEST | 49187 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:26.444020987 CEST | 443 | 49187 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:27.538872004 CEST | 49188 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:27.538916111 CEST | 443 | 49188 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:27.539006948 CEST | 49188 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:27.539387941 CEST | 49188 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:27.539403915 CEST | 443 | 49188 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:27.892153025 CEST | 443 | 49188 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:27.892285109 CEST | 49188 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:27.915718079 CEST | 49188 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:27.915741920 CEST | 443 | 49188 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:27.916099072 CEST | 443 | 49188 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:27.917593956 CEST | 49188 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:27.959369898 CEST | 443 | 49188 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:28.239523888 CEST | 443 | 49188 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:28.239666939 CEST | 443 | 49188 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:28.239732027 CEST | 49188 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.239902973 CEST | 49188 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.239922047 CEST | 443 | 49188 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:28.256913900 CEST | 49189 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.256958961 CEST | 443 | 49189 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:28.257119894 CEST | 49189 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.257324934 CEST | 49189 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.257337093 CEST | 443 | 49189 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:28.619525909 CEST | 443 | 49189 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:28.619667053 CEST | 49189 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.627465010 CEST | 49189 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.627477884 CEST | 443 | 49189 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:28.631366968 CEST | 49189 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.631376982 CEST | 443 | 49189 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:28.975547075 CEST | 443 | 49189 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:28.975713968 CEST | 49189 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.975744009 CEST | 443 | 49189 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:28.975821018 CEST | 49189 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.975869894 CEST | 49189 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.975905895 CEST | 49189 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.980618000 CEST | 49190 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.980657101 CEST | 443 | 49190 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:28.980739117 CEST | 49190 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.981069088 CEST | 49190 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:28.981079102 CEST | 443 | 49190 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:29.332745075 CEST | 443 | 49190 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:29.333010912 CEST | 49190 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:29.345938921 CEST | 49190 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:29.345959902 CEST | 443 | 49190 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:29.349055052 CEST | 49190 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:29.349073887 CEST | 443 | 49190 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:29.681632996 CEST | 443 | 49190 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:29.681720018 CEST | 49190 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:29.681735992 CEST | 443 | 49190 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:29.681749105 CEST | 443 | 49190 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:29.681812048 CEST | 49190 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:29.681863070 CEST | 49190 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:29.681885958 CEST | 443 | 49190 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:29.681895018 CEST | 49190 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:29.681967974 CEST | 49190 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:29.875495911 CEST | 49191 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:29.875545025 CEST | 443 | 49191 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:29.875617981 CEST | 49191 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:29.875919104 CEST | 49191 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:29.875933886 CEST | 443 | 49191 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:30.233663082 CEST | 443 | 49191 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:30.233766079 CEST | 49191 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:30.241590977 CEST | 49191 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:30.241616011 CEST | 443 | 49191 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:30.245172977 CEST | 49191 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:30.245201111 CEST | 443 | 49191 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:30.580070972 CEST | 443 | 49191 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:30.580219030 CEST | 49191 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:30.580372095 CEST | 49191 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:30.580558062 CEST | 443 | 49191 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:30.580589056 CEST | 443 | 49191 | 143.198.109.79 | 192.168.2.22 |
Aug 18, 2022 08:27:30.580657959 CEST | 49191 | 443 | 192.168.2.22 | 143.198.109.79 |
Aug 18, 2022 08:27:30.583137035 CEST | 49191 | 443 | 192.168.2.22 | 143.198.109.79 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 18, 2022 08:27:05.044718027 CEST | 59915 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:05.067305088 CEST | 53 | 59915 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:11.726632118 CEST | 54408 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:11.754184961 CEST | 53 | 54408 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:11.759929895 CEST | 50108 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:11.776880980 CEST | 53 | 50108 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:16.983206034 CEST | 54723 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:17.008132935 CEST | 53 | 54723 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:17.010565996 CEST | 58062 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:17.033431053 CEST | 53 | 58062 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:18.789341927 CEST | 56703 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:18.808767080 CEST | 53 | 56703 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:18.810611010 CEST | 59241 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:18.829739094 CEST | 53 | 59241 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:20.532392979 CEST | 55244 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:20.549607992 CEST | 53 | 55244 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:20.552045107 CEST | 53958 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:20.575946093 CEST | 53 | 53958 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:23.934649944 CEST | 56020 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:23.951637030 CEST | 53 | 56020 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:23.955573082 CEST | 51663 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:23.980344057 CEST | 53 | 51663 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:25.661467075 CEST | 51020 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:25.680829048 CEST | 53 | 51020 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:25.695321083 CEST | 60622 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:25.719031096 CEST | 53 | 60622 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:27.480531931 CEST | 53160 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:27.516104937 CEST | 53 | 53160 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 08:27:27.519289970 CEST | 64948 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 08:27:27.538095951 CEST | 53 | 64948 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 18, 2022 08:27:05.044718027 CEST | 192.168.2.22 | 8.8.8.8 | 0x868f | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:11.726632118 CEST | 192.168.2.22 | 8.8.8.8 | 0xd966 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:11.759929895 CEST | 192.168.2.22 | 8.8.8.8 | 0x1b3e | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:16.983206034 CEST | 192.168.2.22 | 8.8.8.8 | 0xf2ca | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:17.010565996 CEST | 192.168.2.22 | 8.8.8.8 | 0xdc64 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:18.789341927 CEST | 192.168.2.22 | 8.8.8.8 | 0x646c | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:18.810611010 CEST | 192.168.2.22 | 8.8.8.8 | 0x12f1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:20.532392979 CEST | 192.168.2.22 | 8.8.8.8 | 0xe6e0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:20.552045107 CEST | 192.168.2.22 | 8.8.8.8 | 0x6703 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:23.934649944 CEST | 192.168.2.22 | 8.8.8.8 | 0xc8dd | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:23.955573082 CEST | 192.168.2.22 | 8.8.8.8 | 0xe95b | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:25.661467075 CEST | 192.168.2.22 | 8.8.8.8 | 0x7820 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:25.695321083 CEST | 192.168.2.22 | 8.8.8.8 | 0x2c87 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:27.480531931 CEST | 192.168.2.22 | 8.8.8.8 | 0x4c7a | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 08:27:27.519289970 CEST | 192.168.2.22 | 8.8.8.8 | 0x288a | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 18, 2022 08:27:05.067305088 CEST | 8.8.8.8 | 192.168.2.22 | 0x868f | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:11.754184961 CEST | 8.8.8.8 | 192.168.2.22 | 0xd966 | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:11.776880980 CEST | 8.8.8.8 | 192.168.2.22 | 0x1b3e | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:17.008132935 CEST | 8.8.8.8 | 192.168.2.22 | 0xf2ca | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:17.033431053 CEST | 8.8.8.8 | 192.168.2.22 | 0xdc64 | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:18.808767080 CEST | 8.8.8.8 | 192.168.2.22 | 0x646c | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:18.829739094 CEST | 8.8.8.8 | 192.168.2.22 | 0x12f1 | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:20.549607992 CEST | 8.8.8.8 | 192.168.2.22 | 0xe6e0 | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:20.575946093 CEST | 8.8.8.8 | 192.168.2.22 | 0x6703 | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:23.951637030 CEST | 8.8.8.8 | 192.168.2.22 | 0xc8dd | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:23.980344057 CEST | 8.8.8.8 | 192.168.2.22 | 0xe95b | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:25.680829048 CEST | 8.8.8.8 | 192.168.2.22 | 0x7820 | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:25.719031096 CEST | 8.8.8.8 | 192.168.2.22 | 0x2c87 | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:27.516104937 CEST | 8.8.8.8 | 192.168.2.22 | 0x4c7a | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 08:27:27.538095951 CEST | 8.8.8.8 | 192.168.2.22 | 0x288a | No error (0) | 143.198.109.79 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49178 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:05 UTC | 0 | OUT | |
2022-08-18 06:27:05 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49179 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:12 UTC | 0 | OUT | |
2022-08-18 06:27:12 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.22 | 49188 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:27 UTC | 11 | OUT | |
2022-08-18 06:27:28 UTC | 11 | IN | |
2022-08-18 06:27:28 UTC | 12 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.22 | 49189 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:28 UTC | 12 | OUT | |
2022-08-18 06:27:28 UTC | 12 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.22 | 49190 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:29 UTC | 13 | OUT | |
2022-08-18 06:27:29 UTC | 13 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.22 | 49191 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:30 UTC | 13 | OUT | |
2022-08-18 06:27:30 UTC | 13 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49180 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:17 UTC | 0 | OUT | |
2022-08-18 06:27:17 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49181 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:19 UTC | 1 | OUT | |
2022-08-18 06:27:19 UTC | 1 | IN | |
2022-08-18 06:27:19 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.22 | 49182 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:20 UTC | 1 | OUT | |
2022-08-18 06:27:21 UTC | 1 | IN | |
2022-08-18 06:27:21 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.22 | 49183 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:21 UTC | 2 | OUT | |
2022-08-18 06:27:22 UTC | 2 | IN | |
2022-08-18 06:27:22 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.22 | 49184 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:22 UTC | 9 | OUT | |
2022-08-18 06:27:22 UTC | 10 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.22 | 49185 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:23 UTC | 10 | OUT | |
2022-08-18 06:27:23 UTC | 10 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.22 | 49186 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:24 UTC | 10 | OUT | |
2022-08-18 06:27:24 UTC | 10 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.22 | 49187 | 143.198.109.79 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 06:27:26 UTC | 11 | OUT | |
2022-08-18 06:27:26 UTC | 11 | IN | |
2022-08-18 06:27:26 UTC | 11 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 08:26:20 |
Start date: | 18/08/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f5c0000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |