Windows
Analysis Report
0mvOExDB0u
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 2292 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Doc_WordXMLRels_May22 | Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard, Wojciech Cieslak |
| |
INDICATOR_OLE_RemoteTemplate | Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
Click to see the 4 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Extracted files from sample: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Networking |
---|
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | LNK file: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | Extracted files from sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 13 Exploitation for Client Execution | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 2 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 113 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
47% | Virustotal | Browse | ||
29% | Metadefender | Browse | ||
59% | ReversingLabs | Document-Word.Trojan.Groooboor | ||
100% | Avira | W97M/Dldr.Agent.G1 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | JS/CVE-2022-30190.G | ||
100% | Avira | JS/CVE-2022-30190.G | ||
100% | Avira | JS/CVE-2022-30190.G |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
zaloapp.duckdns.org | 34.126.146.169 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
34.126.146.169 | zaloapp.duckdns.org | United States | 15169 | GOOGLEUS | false |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 686188 |
Start date and time: | 2022-08-18 10:21:37 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 4s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 0mvOExDB0u (renamed file extension from none to docx) |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.expl.evad.winDOCX@1/19@15/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtSetValueKey calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.2853581143204819 |
Encrypted: | false |
SSDEEP: | 48:I3OeRBL7fCaX1yW7lCkH+ubmnsWr8O6HqGEGtH:KrLL8uQsO8DH7H |
MD5: | B4EC9F550B9A27723E69F50CD728A1C3 |
SHA1: | D91C22484F51EC5FC78872A70BCB6385155EDAC7 |
SHA-256: | 3B4196112446BA03696C1CB78B8DB2EBD4339365712938B47AE524E8D5BC92A1 |
SHA-512: | 97AB4BBF2695F7D74C307C65C815898150A169BFF37842B37385194D712A281628C2AC4A457954AAA63B6C59A915967A85E023CFA2F00FD77EF121650053BB7F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{CC68C536-9CD4-4A67-8EC7-4282F7DE8CCB}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.6731627658053673 |
Encrypted: | false |
SSDEEP: | 96:KQBCyE1afuA2tW0K3JlqA/oGwofckwlvYTfQPSqpKCNGRsYi+ksYi+:fBE1aILK3yHGMYc |
MD5: | DC3A133D8C9F7733D2F7C017149A71E9 |
SHA1: | 2FC4E58E0CEF4234281962B3A15691F848E3E7B0 |
SHA-256: | 8464C1FDEC7EC159B40629D5EE33F4A0CE1BD665E8B086EB61669610304DBBDD |
SHA-512: | CF92EA1F9DDD8DFA30C2F7BE2F848B13BD72A18881333BAF87A430A50C0E93837CC1FAA0DE24033A2CD51167279F95A839C07E620E7881DC29A21EEA62EA5D4C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.9087992162143683 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlzfrSwWc17LWDyPgmIiXNiMUSmRZ276:yPblzfrSjc12D2INMKZ22 |
MD5: | 69EAB43E70AC5A8DD1647EBCE3A05117 |
SHA1: | CD735629B8C99F5857D3BF2EEEFD239902B11C65 |
SHA-256: | E3CCCF8DDBC4968B975D8402A285A92B1C834A365EE7506F537FF72EC4AFDF7E |
SHA-512: | 0334D93ADD87F3CDFA29C7ED8A1A28B8B2F548217BB985E1B07F78EBB0F6C38435A6F61444C68F7EF1239B647DC99386AD586A373C127E748E2ADA345302BEB7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.28530361872249105 |
Encrypted: | false |
SSDEEP: | 48:I30jcpnRBuMMh2HhQ+/Xh/LtyHLc8fylYIN2ioEIrUj8j7E8j7UH:K0j+nLIh2HO2qeOINlg+H |
MD5: | 9EB88C7CC0659B145A02B67A553839F0 |
SHA1: | AFFAF04AC8D35EF1D7E067877AF80427BB9C38B3 |
SHA-256: | E442768F76531897C5AD2FF02566FD4D89E99B83488DFDA14FA092F6619533F9 |
SHA-512: | 8D51595F54444FF14441090C0F32DF99421BDE5B4C78075F4B93D3FBF7054815161A221F48FE00710D8DAE798B6160162561B52670D457A0FBB0B224C0F9D447 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{1B2D91C0-F32B-418D-958E-39DD37B1A090}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.22199601554512252 |
Encrypted: | false |
SSDEEP: | 48:I37ZUrBBA0dSa0LX2RXAn81RAgbwYLZiyifE5fES:K7ZC6MlXo6R |
MD5: | 46A9916CD1680C35383CC505149F2FBE |
SHA1: | 99438273FE2405D7A2A7FA3D633843C09156DE0F |
SHA-256: | 953FD74DDF202BE930B5D6E12374E40881F656A63C7FAFCD0DC3E8587FB473EA |
SHA-512: | DF8F9A0FB1F0EFB5CE2E5B29F9D5ABBAED56835E854A875E62E2E645EFE9B6D4AF84ACF36BDCC7CEB6A9AAC1577D6FD7EDE19831F83E91D3EA233A801110F0E5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.945130000864161 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlz8Nlhlc9Klj6lNG/lx9OlF0jl276:yPblzqw9KwlNQx08Z22 |
MD5: | DBF23C97AA8DAD1E2507C8A9950D0F4F |
SHA1: | 25239FB7E747517BEC244CEB79185EFDEB3D433C |
SHA-256: | 8094CA05E108A78D68916AD17D2EE6563EDF228C73040D365ED1CD230D837536 |
SHA-512: | B146BC6DCFE2968B46C7967785BB9D5F37B8159DF9306BEB1E5D703B1991E8618D9952FCF007A202ABDA13EC0F35FF86789DEC1ABCF78CB13F3B2C8EAE3B77E5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\dkm[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 10046 |
Entropy (8bit): | 0.39625399248312637 |
Encrypted: | false |
SSDEEP: | 6:qTIuJzhqIABckGX0ZifLSmmH8VztFCrOHfuG8+fg+OpyQzAw8Mhyu1JlYDXkZaXT:qTp4ckTcSxH8d2GZfgGw1sue4ZaoQL |
MD5: | 12DC70B699AD09EE089F094EABA151BE |
SHA1: | 77197B2B8C6BE62E565B3B4AA872CDCF4F34F68C |
SHA-256: | 1CB4E92945112FF717660F6E298ABFCF730D623144848403BDC876FED7EF030E |
SHA-512: | E48B19AA1405A26F0C0B263FA3180438F4E2B52BC2C3EB7F8AEADF2D57EE85A8C80ACE7329F6F40B1B2000A003832D71D4D2587DC1D9EFFF129A17180D8D1F31 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
IE Cache URL: | https://zaloapp.duckdns.org/dkm.html |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\71E1C088.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10046 |
Entropy (8bit): | 0.39625399248312637 |
Encrypted: | false |
SSDEEP: | 6:qTIuJzhqIABckGX0ZifLSmmH8VztFCrOHfuG8+fg+OpyQzAw8Mhyu1JlYDXkZaXT:qTp4ckTcSxH8d2GZfgGw1sue4ZaoQL |
MD5: | 12DC70B699AD09EE089F094EABA151BE |
SHA1: | 77197B2B8C6BE62E565B3B4AA872CDCF4F34F68C |
SHA-256: | 1CB4E92945112FF717660F6E298ABFCF730D623144848403BDC876FED7EF030E |
SHA-512: | E48B19AA1405A26F0C0B263FA3180438F4E2B52BC2C3EB7F8AEADF2D57EE85A8C80ACE7329F6F40B1B2000A003832D71D4D2587DC1D9EFFF129A17180D8D1F31 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BA0768EA.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10046 |
Entropy (8bit): | 0.39625399248312637 |
Encrypted: | false |
SSDEEP: | 6:qTIuJzhqIABckGX0ZifLSmmH8VztFCrOHfuG8+fg+OpyQzAw8Mhyu1JlYDXkZaXT:qTp4ckTcSxH8d2GZfgGw1sue4ZaoQL |
MD5: | 12DC70B699AD09EE089F094EABA151BE |
SHA1: | 77197B2B8C6BE62E565B3B4AA872CDCF4F34F68C |
SHA-256: | 1CB4E92945112FF717660F6E298ABFCF730D623144848403BDC876FED7EF030E |
SHA-512: | E48B19AA1405A26F0C0B263FA3180438F4E2B52BC2C3EB7F8AEADF2D57EE85A8C80ACE7329F6F40B1B2000A003832D71D4D2587DC1D9EFFF129A17180D8D1F31 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{54C3BB41-4824-4D76-9814-5AB27D135E39}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 1.9040508325537 |
Encrypted: | false |
SSDEEP: | 12:rl3bn+qFgsRYnhHao22p0hCaiDvChWWQtKh44kjC10SNBtKh44kFn7iVjuai4CIw:rgH/pp0Z7hWWQtKhrLtKh4iNO8Rs |
MD5: | EE47AAD5E32A0B89C7A68F2D62FC4FE3 |
SHA1: | 3A91BE006987E0E6CA2A06B3390EEDFA1FC92FCE |
SHA-256: | 8887507803A2E6E06733F15C39BC224D82CE9355DE19790BFC29C6C5363FFA71 |
SHA-512: | 50CF40AAA68D1F77663E50E464FF11679DEA6D50AB9175E723C1D3E3E5508F29165E2E800BE4D1D79A56CFF3C011D930CC6918FE4C9DB8E6E3FDFD5D33C3DC91 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{99A334A3-9CCE-497E-9069-C0103D350D75}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 2.297626787151332 |
Encrypted: | false |
SSDEEP: | 12:YXHH3FlvtKh44gqI+zb1wuRjouQXemZFHXZ035ZEP:InHtKh5nuuqXfZRa3kP |
MD5: | FAE056EB8034239A8BB76CF27BA316D2 |
SHA1: | 33799DBEE29988E390F555AAAF29F3121547D4EC |
SHA-256: | 46A390F4B3A63A8D1324DF8FE943AC2DB2E81961A0888312EF7B7E6BB129792A |
SHA-512: | 353447AC2A51B8919CA1F3B468FDEEF5EADBE3FDFF771557D48B266C3DF70F5322084954565DC42EA59C0DAA24FFAAD147ED047287B9A5FE67D8938FA6CA8025 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F116EB59-8281-4971-8EDA-A57BD55E7891}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025663554541681895 |
Encrypted: | false |
SSDEEP: | 6:I3DPctHvxggLRViFz1qRXv//4tfnRujlw//+GtluJ/eRuj:I3DPCu6vYg3J/ |
MD5: | 358C2EE90CF743E44AC340A608A0D639 |
SHA1: | DD52A1838416FBC90785D43C1690EF3E938C9C0E |
SHA-256: | C0013D75C88E496EB9F2D2E518CA50B7DF71808A1983DBD9962FFCA2A986451C |
SHA-512: | 6A5B6D9FAB964544A94C71E2F1294627155F5C1C3B00051BA08B158A06F7C2C46F8E2E43B706C19611E0B059C6BAC770F40CB9C2C3C8B5631C9D8D893B389620 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025553961890493235 |
Encrypted: | false |
SSDEEP: | 6:I3DPcJB3N/NHvxggLRF31qFpB3RXv//4tfnRujlw//+GtluJ/eRuj:I3DPwZN/ZZmpBRvYg3J/ |
MD5: | 757FB51249F13C7D7CF2E8A435D3A23D |
SHA1: | D81504934D1D56BB4EA9E8668782EDD13B5AAABE |
SHA-256: | 9F6B8B9F1C3E178D35127C4C8AF75FE2D681ECF3940D6C0FB68E317AE1C76268 |
SHA-512: | 0B9BBE263750C0E11C4BD9D431DBAD75A6C2E8FADBA481CD7521BFFCCADFC9FB37F779F3250873A86597EB19B9B89A39F3B1A60C9DF0EAA2BE5CBB05D79AB35C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1019 |
Entropy (8bit): | 4.551296430094558 |
Encrypted: | false |
SSDEEP: | 12:8LR80gXg/XAlCPCHaXRBktB//GAEZX+W9DOjuicvbrqN64JNDtZ3YilMMEpxRljO:8Lek/XThO4ZeNeg9Dv3qmMu7D |
MD5: | C65B2B7A9557CDC19D21E4D991F9812A |
SHA1: | E559949AC9B95FF3B44D1B21A59B5A7168CB1509 |
SHA-256: | 424FD3DE8D9C7BB5B820F7A1957D693EBB7CA87725631354305B7FBA96B5C138 |
SHA-512: | AFBB5F64F319ADBE9D9C3E571F7B4A519DB8276D4DBB0898D670A87C55625FCC2A1DE328C482D690B158EB7B500A3CAD6C987CA7CB690E5ED12D44BD89FFF80E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 4.723328085908684 |
Encrypted: | false |
SSDEEP: | 3:bDuMJl4h6LBVomxWXmYh6LBVov:bCF6BV6N6BVy |
MD5: | 1E1C12B75E95D8C4BD23148E4A2288D8 |
SHA1: | 278413E8CFC60AB4EE8CCE2DAA6D551CF001C78D |
SHA-256: | BFBFB1A2D8168B3739C318EF769DE91B17CF827B2FF0AEF2B58013C0D17BDE94 |
SHA-512: | 0C5AB8E903D669C242031CB30990997965F3FDD3E98CCC38A70FD765788EC91D77DB5470F6597655C14601D41061FB3FDFD0782977D6EB779E95CE0848C04DF7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyaJybdJylp2bG/WWNJbilFGUld/ln:vdsCkWtz8Oz2q/rViXdH/l |
MD5: | 7CFA404FD881AF8DF49EA584FE153C61 |
SHA1: | 32D9BF92626B77999E5E44780BF24130F3D23D66 |
SHA-256: | 248DB6BD8C5CD3542A5C0AE228D3ACD6D8A7FA0C0C62ABC3E178E57267F6CCD7 |
SHA-512: | F7CEC1177D4FF3F84F6F2A2A702E96713322AA56C628B49F728CD608E880255DA3EF412DE15BB58DF66D65560C03E68BA2A0DD6FDFA533BC9E428B0637562AEA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2 |
Entropy (8bit): | 1.0 |
Encrypted: | false |
SSDEEP: | 3:Qn:Qn |
MD5: | F3B25701FE362EC84616A93A45CE9998 |
SHA1: | D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB |
SHA-256: | B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
SHA-512: | 98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyaJybdJylp2bG/WWNJbilFGUld/ln:vdsCkWtz8Oz2q/rViXdH/l |
MD5: | 7CFA404FD881AF8DF49EA584FE153C61 |
SHA1: | 32D9BF92626B77999E5E44780BF24130F3D23D66 |
SHA-256: | 248DB6BD8C5CD3542A5C0AE228D3ACD6D8A7FA0C0C62ABC3E178E57267F6CCD7 |
SHA-512: | F7CEC1177D4FF3F84F6F2A2A702E96713322AA56C628B49F728CD608E880255DA3EF412DE15BB58DF66D65560C03E68BA2A0DD6FDFA533BC9E428B0637562AEA |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.716105973707646 |
TrID: |
|
File name: | 0mvOExDB0u.docx |
File size: | 13980 |
MD5: | ba0bfeb5fe6552217f5dd46eaf365db2 |
SHA1: | 1f371d032ee40e1ff115f3d463246ab92b77e640 |
SHA256: | a849eb6768d0d38975faa5e2d0ad261e80468e3ec153e3511c41c86c7d58320b |
SHA512: | 96a241226deb38d1e0a87fe9dd3ffd26066af5c2fa0618011c1d8765451d84b3b3ce1cbb1480407330b17ab0c6536a2652d1b6ce79eedc0d21f7bd5f49506794 |
SSDEEP: | 384:I9+EqKDGs8Pt5RqC+XahG/tL7EEig385jsU+9c3toPsh5tGQI581hgaQ:kUCah0tLRfc3WP++xB |
TLSH: | 8E526C70C618A11AF38F5538C119039AF2A6498753C23B397E592364FA5F3C3AB72745 |
File Content Preview: | PK..........!.J..qf...(.......[Content_Types].xmlUT....C...C..ux................j.0.E.....6.J.(.....e.h...4NDeIH...w.;..4.M.1.3..3c..tW.d.!jgs6..,.+..v....sz....*a....!....j<.{...m.....s...J.3..R.p..H.a....b..f8...Y..)V.l2~.B..&O;.\..0.%.uc..3...R ....o)i |
Icon Hash: | e4e6a2a2a4b4b4a4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 18, 2022 10:22:29.727519989 CEST | 49171 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:29.727571964 CEST | 443 | 49171 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:29.727643013 CEST | 49171 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:29.739470959 CEST | 49171 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:29.739531040 CEST | 443 | 49171 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:30.381345987 CEST | 443 | 49171 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:30.381658077 CEST | 49171 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:30.396342993 CEST | 49171 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:30.396378040 CEST | 443 | 49171 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:30.397021055 CEST | 443 | 49171 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:30.397164106 CEST | 49171 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:30.678561926 CEST | 49171 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:30.719372988 CEST | 443 | 49171 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:30.985897064 CEST | 443 | 49171 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:30.986017942 CEST | 443 | 49171 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:30.986051083 CEST | 49171 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:30.986083031 CEST | 49171 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:30.986401081 CEST | 49171 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:30.986413956 CEST | 443 | 49171 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:37.106261969 CEST | 49172 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:37.106331110 CEST | 443 | 49172 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:37.106471062 CEST | 49172 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:37.108634949 CEST | 49172 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:37.108668089 CEST | 443 | 49172 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:37.729034901 CEST | 443 | 49172 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:37.729317904 CEST | 49172 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:37.745069981 CEST | 49172 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:37.745137930 CEST | 443 | 49172 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:37.745790005 CEST | 443 | 49172 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:37.776681900 CEST | 49172 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:37.819430113 CEST | 443 | 49172 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:38.339445114 CEST | 443 | 49172 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:38.339561939 CEST | 443 | 49172 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:38.339672089 CEST | 49172 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:38.339729071 CEST | 49172 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:38.339754105 CEST | 443 | 49172 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:42.389955044 CEST | 49173 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:42.389995098 CEST | 443 | 49173 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:42.390104055 CEST | 49173 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:42.393033981 CEST | 49173 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:42.393057108 CEST | 443 | 49173 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:43.015925884 CEST | 443 | 49173 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:43.016022921 CEST | 49173 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:43.022638083 CEST | 49173 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:43.022651911 CEST | 443 | 49173 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:43.023180008 CEST | 443 | 49173 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:43.045002937 CEST | 49173 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:43.087368011 CEST | 443 | 49173 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:43.628778934 CEST | 443 | 49173 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:43.628856897 CEST | 443 | 49173 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:43.628931999 CEST | 49173 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:43.635086060 CEST | 49173 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:43.635117054 CEST | 443 | 49173 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:43.635149956 CEST | 49173 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:43.635157108 CEST | 443 | 49173 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:44.919738054 CEST | 49174 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:44.919780016 CEST | 443 | 49174 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:44.919867992 CEST | 49174 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:44.920417070 CEST | 49174 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:44.920438051 CEST | 443 | 49174 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:45.552894115 CEST | 443 | 49174 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:45.553268909 CEST | 49174 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:45.566783905 CEST | 49174 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:45.566831112 CEST | 443 | 49174 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:45.567609072 CEST | 443 | 49174 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:45.569916010 CEST | 49174 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:45.611463070 CEST | 443 | 49174 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:46.175451040 CEST | 443 | 49174 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:46.175620079 CEST | 443 | 49174 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:46.175700903 CEST | 49174 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:46.176309109 CEST | 49174 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:46.176330090 CEST | 443 | 49174 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:47.181730986 CEST | 49175 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:47.181785107 CEST | 443 | 49175 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:47.181859970 CEST | 49175 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:47.182157993 CEST | 49175 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:47.182188034 CEST | 443 | 49175 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:47.808624029 CEST | 443 | 49175 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:47.808806896 CEST | 49175 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:47.822031021 CEST | 49175 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:47.822077990 CEST | 443 | 49175 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:47.822885990 CEST | 443 | 49175 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:47.825006008 CEST | 49175 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:47.871371984 CEST | 443 | 49175 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:48.420911074 CEST | 443 | 49175 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:48.421030045 CEST | 443 | 49175 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:48.421329021 CEST | 49175 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:48.421981096 CEST | 49175 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:48.421994925 CEST | 443 | 49175 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:48.463387012 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:48.463448048 CEST | 443 | 49176 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:48.463552952 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:48.463743925 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:48.463761091 CEST | 443 | 49176 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:49.087546110 CEST | 443 | 49176 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:49.087704897 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.095005989 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.095043898 CEST | 443 | 49176 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:49.099301100 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.099315882 CEST | 443 | 49176 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:49.717793941 CEST | 443 | 49176 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:49.717967987 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.717983007 CEST | 443 | 49176 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:49.718009949 CEST | 443 | 49176 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:49.718065977 CEST | 443 | 49176 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:49.718065977 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.718080044 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.718092918 CEST | 443 | 49176 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:49.718120098 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.718136072 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.720236063 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.720875025 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.721376896 CEST | 443 | 49176 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:49.721450090 CEST | 443 | 49176 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:49.721486092 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.721524954 CEST | 49176 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.926815987 CEST | 49177 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.926872969 CEST | 443 | 49177 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:49.926994085 CEST | 49177 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.927782059 CEST | 49177 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:49.927812099 CEST | 443 | 49177 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:50.547621012 CEST | 443 | 49177 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:50.547818899 CEST | 49177 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:50.553981066 CEST | 49177 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:50.553998947 CEST | 443 | 49177 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:50.556613922 CEST | 49177 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:50.556628942 CEST | 443 | 49177 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:51.163744926 CEST | 443 | 49177 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:51.163829088 CEST | 443 | 49177 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:51.163882971 CEST | 49177 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:51.163898945 CEST | 49177 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:51.164016962 CEST | 49177 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:51.164033890 CEST | 443 | 49177 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:51.164052963 CEST | 49177 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:51.164113045 CEST | 49177 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:51.389579058 CEST | 49178 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:51.389621019 CEST | 443 | 49178 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:51.389678001 CEST | 49178 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:51.389844894 CEST | 49178 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:51.389853001 CEST | 443 | 49178 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:52.011904001 CEST | 443 | 49178 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:52.012231112 CEST | 49178 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:52.027689934 CEST | 49178 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:52.027714014 CEST | 443 | 49178 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:52.032118082 CEST | 49178 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:52.032129049 CEST | 443 | 49178 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:52.625180006 CEST | 443 | 49178 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:52.625247002 CEST | 443 | 49178 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:52.625304937 CEST | 49178 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:52.625314951 CEST | 49178 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:52.625405073 CEST | 49178 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:52.625417948 CEST | 443 | 49178 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:52.625436068 CEST | 49178 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:52.625458002 CEST | 49178 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:52.792094946 CEST | 49179 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:52.792131901 CEST | 443 | 49179 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:52.792181969 CEST | 49179 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:52.792463064 CEST | 49179 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:52.792474985 CEST | 443 | 49179 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:53.405052900 CEST | 443 | 49179 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:53.405199051 CEST | 49179 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:53.418107033 CEST | 49179 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:53.418128967 CEST | 443 | 49179 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:53.418683052 CEST | 443 | 49179 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:53.429302931 CEST | 49179 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:53.471389055 CEST | 443 | 49179 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:54.007282972 CEST | 443 | 49179 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:54.007489920 CEST | 443 | 49179 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:54.007671118 CEST | 49179 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:54.007702112 CEST | 49179 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:54.007716894 CEST | 443 | 49179 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:54.007739067 CEST | 49179 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:54.007747889 CEST | 443 | 49179 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:54.998347044 CEST | 49180 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:54.998414993 CEST | 443 | 49180 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:54.998500109 CEST | 49180 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:54.998752117 CEST | 49180 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:54.998768091 CEST | 443 | 49180 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:55.620981932 CEST | 443 | 49180 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:55.621074915 CEST | 49180 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:55.640280008 CEST | 49180 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:55.640337944 CEST | 443 | 49180 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:55.640863895 CEST | 443 | 49180 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:55.651923895 CEST | 49180 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:55.695377111 CEST | 443 | 49180 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:56.236006021 CEST | 443 | 49180 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:56.236073017 CEST | 443 | 49180 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:22:56.236212015 CEST | 49180 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:56.236454964 CEST | 49180 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:22:56.236485004 CEST | 443 | 49180 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:02.528203011 CEST | 49181 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:02.528265953 CEST | 443 | 49181 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:02.528382063 CEST | 49181 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:02.528625011 CEST | 49181 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:02.528647900 CEST | 443 | 49181 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:03.151737928 CEST | 443 | 49181 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:03.151837111 CEST | 49181 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:03.158900976 CEST | 49181 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:03.158921957 CEST | 443 | 49181 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:03.159615040 CEST | 443 | 49181 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:03.160787106 CEST | 49181 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:03.203380108 CEST | 443 | 49181 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:03.762170076 CEST | 443 | 49181 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:03.762285948 CEST | 443 | 49181 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:03.762366056 CEST | 49181 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:03.770157099 CEST | 49181 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:03.770185947 CEST | 443 | 49181 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:03.780930042 CEST | 49182 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:03.780972958 CEST | 443 | 49182 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:03.781061888 CEST | 49182 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:03.781284094 CEST | 49182 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:03.781296015 CEST | 443 | 49182 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:04.406238079 CEST | 443 | 49182 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:04.406431913 CEST | 49182 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:04.446022034 CEST | 49182 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:04.446059942 CEST | 443 | 49182 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:04.448426962 CEST | 49182 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:04.448452950 CEST | 443 | 49182 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:05.053831100 CEST | 443 | 49182 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:05.053966999 CEST | 443 | 49182 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:05.054049969 CEST | 49182 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:05.054069042 CEST | 49182 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:05.054161072 CEST | 49182 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:05.054184914 CEST | 443 | 49182 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:05.054202080 CEST | 49182 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:05.054260969 CEST | 49182 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:05.074152946 CEST | 49183 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:05.074212074 CEST | 443 | 49183 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:05.074304104 CEST | 49183 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:05.074568987 CEST | 49183 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:05.074587107 CEST | 443 | 49183 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:05.697005987 CEST | 443 | 49183 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:05.697241068 CEST | 49183 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:05.712575912 CEST | 49183 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:05.712596893 CEST | 443 | 49183 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:05.719937086 CEST | 49183 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:05.719949961 CEST | 443 | 49183 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:06.312954903 CEST | 443 | 49183 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:06.313095093 CEST | 443 | 49183 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:06.313189983 CEST | 49183 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:06.313283920 CEST | 49183 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:06.313303947 CEST | 49183 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:06.313325882 CEST | 443 | 49183 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:06.313415051 CEST | 49183 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:06.313452005 CEST | 49183 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:06.512339115 CEST | 49184 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:06.512420893 CEST | 443 | 49184 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:06.512530088 CEST | 49184 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:06.512671947 CEST | 49184 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:06.512691021 CEST | 443 | 49184 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:07.134990931 CEST | 443 | 49184 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:07.135119915 CEST | 49184 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:07.142425060 CEST | 49184 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:07.142442942 CEST | 443 | 49184 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:07.146048069 CEST | 49184 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:07.146064043 CEST | 443 | 49184 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:07.750052929 CEST | 443 | 49184 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:07.750153065 CEST | 443 | 49184 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:07.750385046 CEST | 49184 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:07.750396013 CEST | 49184 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:07.750411987 CEST | 49184 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:07.750427961 CEST | 443 | 49184 | 34.126.146.169 | 192.168.2.22 |
Aug 18, 2022 10:23:07.750459909 CEST | 49184 | 443 | 192.168.2.22 | 34.126.146.169 |
Aug 18, 2022 10:23:07.750508070 CEST | 49184 | 443 | 192.168.2.22 | 34.126.146.169 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 18, 2022 10:22:29.609472990 CEST | 55868 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:22:29.717694998 CEST | 53 | 55868 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:22:36.884685040 CEST | 49688 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:22:36.993660927 CEST | 53 | 49688 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:22:36.997009039 CEST | 58836 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:22:37.105369091 CEST | 53 | 58836 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:22:42.347714901 CEST | 50134 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:22:42.366522074 CEST | 53 | 50134 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:22:42.369672060 CEST | 55275 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:22:42.388848066 CEST | 53 | 55275 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:22:44.698024988 CEST | 59915 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:22:44.807086945 CEST | 53 | 59915 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:22:44.811660051 CEST | 54408 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:22:44.918117046 CEST | 53 | 54408 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:22:47.050482988 CEST | 50108 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:22:47.067842960 CEST | 53 | 50108 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:22:47.071903944 CEST | 54723 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:22:47.180713892 CEST | 53 | 54723 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:22:52.662750959 CEST | 58062 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:22:52.769201040 CEST | 53 | 58062 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:22:52.772412062 CEST | 56703 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:22:52.791373014 CEST | 53 | 56703 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:22:54.954214096 CEST | 59241 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:22:54.973300934 CEST | 53 | 59241 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:22:54.976391077 CEST | 55244 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:22:54.993453026 CEST | 53 | 55244 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:23:02.473371983 CEST | 53958 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:23:02.503618002 CEST | 53 | 53958 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:23:02.510858059 CEST | 56020 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:23:02.527656078 CEST | 53 | 56020 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 18, 2022 10:22:29.609472990 CEST | 192.168.2.22 | 8.8.8.8 | 0xe245 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:22:36.884685040 CEST | 192.168.2.22 | 8.8.8.8 | 0x52a8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:22:36.997009039 CEST | 192.168.2.22 | 8.8.8.8 | 0xfc39 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:22:42.347714901 CEST | 192.168.2.22 | 8.8.8.8 | 0xf2ca | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:22:42.369672060 CEST | 192.168.2.22 | 8.8.8.8 | 0xdc64 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:22:44.698024988 CEST | 192.168.2.22 | 8.8.8.8 | 0x646c | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:22:44.811660051 CEST | 192.168.2.22 | 8.8.8.8 | 0x12f1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:22:47.050482988 CEST | 192.168.2.22 | 8.8.8.8 | 0xe6e0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:22:47.071903944 CEST | 192.168.2.22 | 8.8.8.8 | 0x6703 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:22:52.662750959 CEST | 192.168.2.22 | 8.8.8.8 | 0xa1e7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:22:52.772412062 CEST | 192.168.2.22 | 8.8.8.8 | 0x50dd | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:22:54.954214096 CEST | 192.168.2.22 | 8.8.8.8 | 0x7820 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:22:54.976391077 CEST | 192.168.2.22 | 8.8.8.8 | 0x2c87 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:23:02.473371983 CEST | 192.168.2.22 | 8.8.8.8 | 0x4c7a | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:23:02.510858059 CEST | 192.168.2.22 | 8.8.8.8 | 0x288a | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 18, 2022 10:22:29.717694998 CEST | 8.8.8.8 | 192.168.2.22 | 0xe245 | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:22:36.993660927 CEST | 8.8.8.8 | 192.168.2.22 | 0x52a8 | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:22:37.105369091 CEST | 8.8.8.8 | 192.168.2.22 | 0xfc39 | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:22:42.366522074 CEST | 8.8.8.8 | 192.168.2.22 | 0xf2ca | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:22:42.388848066 CEST | 8.8.8.8 | 192.168.2.22 | 0xdc64 | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:22:44.807086945 CEST | 8.8.8.8 | 192.168.2.22 | 0x646c | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:22:44.918117046 CEST | 8.8.8.8 | 192.168.2.22 | 0x12f1 | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:22:47.067842960 CEST | 8.8.8.8 | 192.168.2.22 | 0xe6e0 | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:22:47.180713892 CEST | 8.8.8.8 | 192.168.2.22 | 0x6703 | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:22:52.769201040 CEST | 8.8.8.8 | 192.168.2.22 | 0xa1e7 | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:22:52.791373014 CEST | 8.8.8.8 | 192.168.2.22 | 0x50dd | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:22:54.973300934 CEST | 8.8.8.8 | 192.168.2.22 | 0x7820 | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:22:54.993453026 CEST | 8.8.8.8 | 192.168.2.22 | 0x2c87 | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:23:02.503618002 CEST | 8.8.8.8 | 192.168.2.22 | 0x4c7a | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:23:02.527656078 CEST | 8.8.8.8 | 192.168.2.22 | 0x288a | No error (0) | 34.126.146.169 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49171 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:22:30 UTC | 0 | OUT | |
2022-08-18 08:22:30 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49172 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:22:37 UTC | 0 | OUT | |
2022-08-18 08:22:38 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.22 | 49181 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:23:03 UTC | 14 | OUT | |
2022-08-18 08:23:03 UTC | 14 | IN | |
2022-08-18 08:23:03 UTC | 15 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.22 | 49182 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:23:04 UTC | 15 | OUT | |
2022-08-18 08:23:05 UTC | 15 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.22 | 49183 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:23:05 UTC | 15 | OUT | |
2022-08-18 08:23:06 UTC | 16 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.22 | 49184 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:23:07 UTC | 16 | OUT | |
2022-08-18 08:23:07 UTC | 16 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49173 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:22:43 UTC | 0 | OUT | |
2022-08-18 08:22:43 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49174 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:22:45 UTC | 1 | OUT | |
2022-08-18 08:22:46 UTC | 1 | IN | |
2022-08-18 08:22:46 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.22 | 49175 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:22:47 UTC | 1 | OUT | |
2022-08-18 08:22:48 UTC | 1 | IN | |
2022-08-18 08:22:48 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.22 | 49176 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:22:49 UTC | 2 | OUT | |
2022-08-18 08:22:49 UTC | 2 | IN | |
2022-08-18 08:22:49 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.22 | 49177 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:22:50 UTC | 12 | OUT | |
2022-08-18 08:22:51 UTC | 12 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.22 | 49178 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:22:52 UTC | 13 | OUT | |
2022-08-18 08:22:52 UTC | 13 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.22 | 49179 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:22:53 UTC | 13 | OUT | |
2022-08-18 08:22:54 UTC | 13 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.22 | 49180 | 34.126.146.169 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:22:55 UTC | 14 | OUT | |
2022-08-18 08:22:56 UTC | 14 | IN | |
2022-08-18 08:22:56 UTC | 14 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 10:23:11 |
Start date: | 18/08/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f900000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |