Windows
Analysis Report
3BgX69C870
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 1448 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Doc_WordXMLRels_May22 | Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard, Wojciech Cieslak |
| |
INDICATOR_OLE_RemoteTemplate | Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
Click to see the 4 entries |
Timestamp: | 192.168.2.228.8.8.855275532027758 08/18/22-10:45:08.539171 |
SID: | 2027758 |
Source Port: | 55275 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 192.168.2.228.8.8.849688532027758 08/18/22-10:45:02.957827 |
SID: | 2027758 |
Source Port: | 49688 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 192.168.2.228.8.8.858836532027758 08/18/22-10:45:02.979786 |
SID: | 2027758 |
Source Port: | 58836 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 192.168.2.228.8.8.859915532027758 08/18/22-10:45:11.469767 |
SID: | 2027758 |
Source Port: | 59915 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 192.168.2.228.8.8.855868532027758 08/18/22-10:44:56.070010 |
SID: | 2027758 |
Source Port: | 55868 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 192.168.2.228.8.8.854408532027758 08/18/22-10:45:11.508650 |
SID: | 2027758 |
Source Port: | 54408 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 192.168.2.228.8.8.850134532027758 08/18/22-10:45:08.507639 |
SID: | 2027758 |
Source Port: | 50134 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Extracted files from sample: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | LNK file: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | Extracted files from sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 13 Exploitation for Client Execution | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 2 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 13 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
20% | Metadefender | Browse | ||
65% | ReversingLabs | Document-Word.Trojan.Leonem | ||
100% | Avira | W97M/Dldr.Agent.G1 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | JS/CVE-2022-30190.G | ||
100% | Avira | JS/CVE-2022-30190.G | ||
100% | Avira | JS/CVE-2022-30190.G |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ascota.cc | 50.31.246.2 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
50.31.246.2 | ascota.cc | United States | 40509 | FLYUS | true |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 686208 |
Start date and time: | 2022-08-18 10:44:00 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 3BgX69C870 (renamed file extension from none to docx) |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.expl.evad.winDOCX@1/19@7/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- VT rate limit hit for: 3BgX69C870.docx
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
FLYUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.287309170602846 |
Encrypted: | false |
SSDEEP: | 24:I3vz5C4tB37gITt5YTznw5zIvD8eJRlp3q6RcBahzjo+NdyjuOrmklIW5CeilIgY:I3tRBWiaJ1cKokWI8g0HYUrJNggNg4H |
MD5: | E88B0DB57BD8675D626F241A6DE70B77 |
SHA1: | A905F7B1FE5C94F5EB3D065C6A0C45C310A324D4 |
SHA-256: | E0F862F742FB0A23119306427F50BC351CC9D4A75641B0A2D0EC223A2DA455C1 |
SHA-512: | 195184D3328417C698B187DCBEA9AFB3AE7EC87011E3D81F61F676D244FE6A43799680F309E1E9E58080BCA1C1BF2B88CDFCA8DF22E3EC0A7B82F3981EB3A572 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{18325489-8F7D-4DDB-A0BA-943F66DE838D}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.673737435800811 |
Encrypted: | false |
SSDEEP: | 96:KXCy678Rx3elt6r+EoGfv8hK8vf+futyAGM5pBJqBJIXfMDfM:s67xH6+GQM |
MD5: | 4E51082DA6651E300B6C91259223A9F5 |
SHA1: | 0FD415C74D18EBF8112CFDB8451CCB6152997D72 |
SHA-256: | 34FAB831A61A9FBEAA60DC7688ABEDA8B8CA3A89003B751CE1D12A57765E6BA1 |
SHA-512: | 46B38094A02D0478382190B76657A979812E1EA75F15634A62E26E6266AA3E0420E99742BD785272592D6E214124B5F9A53057AD259E13CBEDB6747473069CBB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.92546706296779 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlzGhBl9WkH79S6n+SlIM79lkidhg276:yPblzK9WkUtSh7Eeg22 |
MD5: | 4F6DB96FDF66F7A6788031D2D5CC0232 |
SHA1: | D0F1CC860AFCAE629276405D2DA64E03F3982DB6 |
SHA-256: | CEC9440988E986CBA29C346683E7FF21BE973AB95A3D67DE7A77445B60FB9274 |
SHA-512: | C80F97898F4622EE5FFB8BF654524D2DC4AF8A25284EE0045509D6FA381EE798DBA3062A342C1811F26685876D81F6F53DC83FD69EC6863FA55A736DEFE993F5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.28419277005313737 |
Encrypted: | false |
SSDEEP: | 48:I3xIqRBEnJ9LCFzEZ1O1zQ4YorOmLyQjNlrNja1l1KzF1xRLF1xR7H:KBLkfW9qazQQrOMjNp5+v+x9xdH |
MD5: | 64F56300F83EAAE5CB4770F023FD03A0 |
SHA1: | AE8D9FA45CBFBD8C1C1E3A26AEAD897AAB28CACB |
SHA-256: | 4D8512C5B86DC08807105EC85E96BBAE98A28727A7DF0D40DCCD72102F1768E7 |
SHA-512: | 9D5F629C1E2F871C424FB1511C8212FAD109276B083D24077FA92BBF2856126D39094A6FCD102A941A07298CD110607C9F2B715C67E940EB6457C08E2F9E826F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{1B7B41A5-9895-47A6-B199-1C3C2D73F38A}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.2220402862857889 |
Encrypted: | false |
SSDEEP: | 48:I3bUrB4RxF1XOWUXC9YLZ0Fv6C6MYD+39Xoh6h9Xoh6L:KbC4RN+WUd+taMXWkXWQ |
MD5: | 656A91268490890538FDA8214268BD9D |
SHA1: | 93F9AD21F70617632CF7A28BADBFB5730244CED5 |
SHA-256: | BB7045980D9DED29076811A7B4A90A8ED256886DC75B646A271A3A8A82BE3B38 |
SHA-512: | 52C0DDE4984DFAF3D7EF2E7D3EBB3D51ABD0B7981482D6FF13AF319A0E49231AB41A7A864CBA32A17B72C8BDA8FC01763256F9D73C8CDD261A03482A1D800163 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.9626738605132825 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlz8IlR1eyQWRAOGyivlUMlZ+lsg276:yPblzrj16WHGyivlUMuz22 |
MD5: | 997672D88598225C3FA2F51B1E3BD35E |
SHA1: | D36469237EE014C361BE1D97F07B13097CB7BD55 |
SHA-256: | 245EDC20169C2604F500F382CCEC9105CA5E93E799F99E56823282A5FB672EEF |
SHA-512: | F3E08AF2F8A75E6196C2FC18A14846B5A0580A77FE3D690486497FD40DE9AF24880BDDDA641F47DF828972114DAE43A2FFAFAF6A2421E7F5A79D5DF89F631338 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\index[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 9436 |
Entropy (8bit): | 0.6237714669020853 |
Encrypted: | false |
SSDEEP: | 192:VBffffFfBffffFfBffffFfBffffFfBffffFfBffffFfBffffFfBffffRz:d |
MD5: | FBDACF8FB5CCA0ABFED43223D32F89DD |
SHA1: | 72A038DF096C97FBF7514808D181D6AD356C5443 |
SHA-256: | 30FCFA7F6292D3D62578F625F181BE62A222B0E6EA20A469E27FC1B23B94DBAB |
SHA-512: | 21FE9482108179333D92A7EF3ED6F8C705B6DEC4A43BA5A36C7E30677215887620C466E189F4D0D74A0CC9CF0AF990ECF5F2D19A4126E5E118DF82F8213942A4 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
IE Cache URL: | https://ascota.cc/index.html |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\739101BE.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4988 |
Entropy (8bit): | 3.8049842046783233 |
Encrypted: | false |
SSDEEP: | 48:E3TN78sdBgLfVTped//HksYHGui3DAjG6kpnydHkgSu:E3Z7xBSTped//qH3i3DAq+EgSu |
MD5: | EB1198A6B05E17758FE7464367AD7D5F |
SHA1: | 933D38674C516990F9E65B2D30C5F88C47D594E0 |
SHA-256: | DF3CE08C1EEA90005CF71F477D1FE40E2A43C0FC826003A8C2263A275CDBCA5C |
SHA-512: | 98A2A83FBB9D6F8C04F77BACAD1EA0A70C7EDA90C8260125D77A162E5746DDCE850A89DEBE65222A7EE9F9CF01C4209EE3345A46C18787A67A3E366A4E75DD21 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\951D3BEA.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 9436 |
Entropy (8bit): | 0.6237714669020853 |
Encrypted: | false |
SSDEEP: | 192:VBffffFfBffffFfBffffFfBffffFfBffffFfBffffFfBffffFfBffffRz:d |
MD5: | FBDACF8FB5CCA0ABFED43223D32F89DD |
SHA1: | 72A038DF096C97FBF7514808D181D6AD356C5443 |
SHA-256: | 30FCFA7F6292D3D62578F625F181BE62A222B0E6EA20A469E27FC1B23B94DBAB |
SHA-512: | 21FE9482108179333D92A7EF3ED6F8C705B6DEC4A43BA5A36C7E30677215887620C466E189F4D0D74A0CC9CF0AF990ECF5F2D19A4126E5E118DF82F8213942A4 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DB03D47C.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 9436 |
Entropy (8bit): | 0.6237714669020853 |
Encrypted: | false |
SSDEEP: | 192:VBffffFfBffffFfBffffFfBffffFfBffffFfBffffFfBffffFfBffffRz:d |
MD5: | FBDACF8FB5CCA0ABFED43223D32F89DD |
SHA1: | 72A038DF096C97FBF7514808D181D6AD356C5443 |
SHA-256: | 30FCFA7F6292D3D62578F625F181BE62A222B0E6EA20A469E27FC1B23B94DBAB |
SHA-512: | 21FE9482108179333D92A7EF3ED6F8C705B6DEC4A43BA5A36C7E30677215887620C466E189F4D0D74A0CC9CF0AF990ECF5F2D19A4126E5E118DF82F8213942A4 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{CAFD337F-CA0A-421A-962F-5A83F314B963}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5120 |
Entropy (8bit): | 2.0373587739224037 |
Encrypted: | false |
SSDEEP: | 24:r/aEK/OD5oeZU2eZUliy5oeZqioaZHkodSeZUliD:r/aRK5okLiy5o8Zl4Li |
MD5: | 59A7B83F205331057BEA523D3278CF97 |
SHA1: | 699F1642486E7B192C1EA3F43BC6B3C29E65B785 |
SHA-256: | 3F87C5353FAC6F858A4C09090326AD220E6968E5D0A1BF830C6F51157F8DA052 |
SHA-512: | EE9EBE72770A80954E9EFBA1A1E7CDD36BA5560FF6A97BEC887298DA16F7B26451CC856C1926A1DB9211AFF621B5BD8604976BE1BE8E6EB4EEF007C6C084B16F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{27621888-E8BB-4FE6-AECB-5EEE72734B15}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 0.7949885255254345 |
Encrypted: | false |
SSDEEP: | 6:FlIcElClbYeZlYDV5llAabK/W3RtF5GwPxZSuWg:Fl7MClceZiDV7XK8tRZSfg |
MD5: | 13E2E20732A6309682DD5C15F9F6D98A |
SHA1: | AD38FF2C76AD28A9A6F386079F685C4A907C48E8 |
SHA-256: | DC56243772C94E385579D36ACE9D7B6FEE2D2C3D32D1296568F3B3E351A5258E |
SHA-512: | C34D516516E8ED5F7F886513D8FEBA29A1D38ACAB252D9806286757F60CB451401AEEFD7A1E9FDDE31B2C992E1C8CC42C555372E024C9563F7AA357021274C6D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5F4EA255-C5EC-4225-B349-94755FC9E7B4}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025573008846209794 |
Encrypted: | false |
SSDEEP: | 6:I3DPc/G1r9f09HvxggLRxadxqg6cemRXv//4tfnRujlw//+GtluJ/eRuj:I3DP/1r98PY7LdeuvYg3J/ |
MD5: | 83775F54893895A78EFFE9F812647586 |
SHA1: | 7490E5AA0027EFB37EECBC531C50640B0EB337BE |
SHA-256: | F626D8232CDE87185CA591A1465567D1CA65545EEE48DEA9B348B5AC2B55E5F4 |
SHA-512: | 6DDF39709B9EE0C06B5419030EF131A90F87524C0404B92D147B6FCEFC691E7FD566AC285FB86EA0F87AD15B6EF361D230F2D22F0CB9FA16E6A64AB56D0535D3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.02562727762897618 |
Encrypted: | false |
SSDEEP: | 6:I3DPc40vAg9HvxggLRzStnuVq/DRXv//4tfnRujlw//+GtluJ/eRuj:I3DPR4Pfsaq9vYg3J/ |
MD5: | 6EE917386A8FA5D27D420C50459CA68B |
SHA1: | 925B897B79026C15EB7ECC5F665D5405E0AE3F4B |
SHA-256: | FC7C7F5A5DF336010466652E52A13390B83E626E2DA3BE7993A1A003566068F5 |
SHA-512: | 0A0C450E857EF5E15F5AF2B868ACA4D115D8CCF57C84858E0AEB6FF2EC319B9EBC7EC306EB06E573A55CB725D73A0A9E4EE24EB712A1304FBBF388E276E4879E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1019 |
Entropy (8bit): | 4.555225279433788 |
Encrypted: | false |
SSDEEP: | 12:8zec80gXg/XAlCPCHaXBKBnB/wAuX+WB+8lcRAjuicvbIn54FRKNDtZ3YilMMEpS:8zek/XTRKJ8z+8lOUNeUnmODv3qc4u7D |
MD5: | C6AFCFF431D2AD77DBD16B768CA7A5D3 |
SHA1: | 7D4958E0A91002B859737C73111F496376935119 |
SHA-256: | 1F8BFA4304CA8986F5FED27006B34A414307240AFD9C9EEE37A95A317E3D31A1 |
SHA-512: | 94B26E8FC8E44B014278905CC264819776E2DBF974542674EA721D388377E6AE61E42EFBDD90B4ECCFA596748912252AE8010D7BF9BE12736EF2F790EBEEFFD8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 4.862798141185997 |
Encrypted: | false |
SSDEEP: | 3:bDuMJlI+TXdSemxWYxXdSev:bCd+8 |
MD5: | 5DD5FC2ECB0B586CBAD963A7F61B53DF |
SHA1: | EF9B7CB148FD107EF933A72170AD667EC7247051 |
SHA-256: | AA4697402C69F0571055F140707E6B800F70222BB9A960EC96C3D841E7F35B9B |
SHA-512: | 9EBFD526875123116426D7619E9317E359E936CD99FCD033189DD8179B8A9FB97113384DD940DB07449F26CFE308707A8C473B5E97F448352D1907CF4F2600EB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.747336678011937 |
TrID: |
|
File name: | 3BgX69C870.docx |
File size: | 15283 |
MD5: | d805b55d60f9ca73ae71ed68ff692175 |
SHA1: | 947691dbba33dfeb974babcb43d3ceb7991dae29 |
SHA256: | 6a0acf2389d95abc590c8b6a327521312c4de176efce271468817c840745a096 |
SHA512: | 940890f2ad0ba703105b7a18ddef885a11d1930feeea92e554c9734c25784fd4038d4eb43513670ee50f4db3afc7190d92491442075ea58093780570ab9fea40 |
SSDEEP: | 384:e4v4JzIBKmyE084Uv4+dMCl0lnlOM003S7:hvAzIBFyEf5v4+AnXo |
TLSH: | 6A629E34CC06BC29C51F233C31EA1791FEF8688251A48219F9F805DD5CAE6575B3ABAD |
File Content Preview: | PK..........!..l.$l...........[Content_Types].xml...n.0.E......(1tQU..E...T...=..~.6....PT!h...H......L...*[..........p+....m....,Df.S.@I...pp}.......&.d....4..h....`..^...~J...l.........&.1y.A..j6W1{Z......d.M_.*.sNI.".......... ,.k..V..z...=......:...T9 |
Icon Hash: | e4e6a2a2a4b4b4a4 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.228.8.8.855275532027758 08/18/22-10:45:08.539171 | UDP | 2027758 | ET DNS Query for .cc TLD | 55275 | 53 | 192.168.2.22 | 8.8.8.8 |
192.168.2.228.8.8.849688532027758 08/18/22-10:45:02.957827 | UDP | 2027758 | ET DNS Query for .cc TLD | 49688 | 53 | 192.168.2.22 | 8.8.8.8 |
192.168.2.228.8.8.858836532027758 08/18/22-10:45:02.979786 | UDP | 2027758 | ET DNS Query for .cc TLD | 58836 | 53 | 192.168.2.22 | 8.8.8.8 |
192.168.2.228.8.8.859915532027758 08/18/22-10:45:11.469767 | UDP | 2027758 | ET DNS Query for .cc TLD | 59915 | 53 | 192.168.2.22 | 8.8.8.8 |
192.168.2.228.8.8.855868532027758 08/18/22-10:44:56.070010 | UDP | 2027758 | ET DNS Query for .cc TLD | 55868 | 53 | 192.168.2.22 | 8.8.8.8 |
192.168.2.228.8.8.854408532027758 08/18/22-10:45:11.508650 | UDP | 2027758 | ET DNS Query for .cc TLD | 54408 | 53 | 192.168.2.22 | 8.8.8.8 |
192.168.2.228.8.8.850134532027758 08/18/22-10:45:08.507639 | UDP | 2027758 | ET DNS Query for .cc TLD | 50134 | 53 | 192.168.2.22 | 8.8.8.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 18, 2022 10:44:56.110918999 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:44:56.110989094 CEST | 443 | 49171 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:44:56.111056089 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:44:56.127644062 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:44:56.127667904 CEST | 443 | 49171 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:44:56.204488039 CEST | 443 | 49171 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:44:56.204626083 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:44:56.216613054 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:44:56.216628075 CEST | 443 | 49171 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:44:56.216963053 CEST | 443 | 49171 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:44:56.217036009 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:44:56.559472084 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:44:56.603377104 CEST | 443 | 49171 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:44:56.907156944 CEST | 443 | 49171 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:44:56.907228947 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:44:56.907248974 CEST | 443 | 49171 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:44:56.907290936 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:44:56.907299042 CEST | 443 | 49171 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:44:56.907334089 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:44:56.907345057 CEST | 443 | 49171 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:44:56.907412052 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:44:56.907958031 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:44:56.907973051 CEST | 443 | 49171 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:44:56.908071995 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:44:56.908097982 CEST | 49171 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:03.009675026 CEST | 49172 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:03.009707928 CEST | 443 | 49172 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:03.009780884 CEST | 49172 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:03.010154009 CEST | 49172 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:03.010165930 CEST | 443 | 49172 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:03.070147038 CEST | 443 | 49172 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:03.070317030 CEST | 49172 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:03.082806110 CEST | 49172 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:03.082834959 CEST | 443 | 49172 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:03.083210945 CEST | 443 | 49172 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:03.106344938 CEST | 49172 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:03.147375107 CEST | 443 | 49172 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:03.312668085 CEST | 443 | 49172 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:03.312817097 CEST | 443 | 49172 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:03.312953949 CEST | 49172 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:03.313256025 CEST | 49172 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:03.313282013 CEST | 443 | 49172 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:03.313358068 CEST | 49172 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:03.313371897 CEST | 443 | 49172 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.559432030 CEST | 49173 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.559464931 CEST | 443 | 49173 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.559551954 CEST | 49173 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.562249899 CEST | 49173 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.562268019 CEST | 443 | 49173 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.620413065 CEST | 443 | 49173 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.620532990 CEST | 49173 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.630100012 CEST | 49173 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.630115032 CEST | 443 | 49173 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.631015062 CEST | 443 | 49173 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.659550905 CEST | 49173 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.703385115 CEST | 443 | 49173 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.936106920 CEST | 443 | 49173 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.936254025 CEST | 443 | 49173 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.936328888 CEST | 49173 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.938308954 CEST | 49173 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.938348055 CEST | 443 | 49173 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.938364029 CEST | 49173 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.938375950 CEST | 443 | 49173 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.938580990 CEST | 49174 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.938620090 CEST | 443 | 49174 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.938694000 CEST | 49174 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.938838959 CEST | 49174 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.938848972 CEST | 443 | 49174 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.997056007 CEST | 443 | 49174 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.997695923 CEST | 49174 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.997721910 CEST | 443 | 49174 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:08.999399900 CEST | 49174 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:08.999416113 CEST | 443 | 49174 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.222035885 CEST | 443 | 49174 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.222213984 CEST | 443 | 49174 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.222305059 CEST | 49174 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.222534895 CEST | 49174 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.222562075 CEST | 443 | 49174 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.222976923 CEST | 49175 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.223023891 CEST | 443 | 49175 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.223114967 CEST | 49175 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.223396063 CEST | 49175 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.223412991 CEST | 443 | 49175 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.281143904 CEST | 443 | 49175 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.282186031 CEST | 49175 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.282212973 CEST | 443 | 49175 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.283631086 CEST | 49175 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.283643007 CEST | 443 | 49175 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.489491940 CEST | 443 | 49175 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.489728928 CEST | 443 | 49175 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.489875078 CEST | 49175 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.490319967 CEST | 49175 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.490341902 CEST | 443 | 49175 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.490752935 CEST | 49176 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.490807056 CEST | 443 | 49176 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.490891933 CEST | 49176 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.491179943 CEST | 49176 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.491202116 CEST | 443 | 49176 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.548535109 CEST | 443 | 49176 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.548935890 CEST | 49176 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.548962116 CEST | 443 | 49176 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.549851894 CEST | 49176 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.549870968 CEST | 443 | 49176 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.734992027 CEST | 443 | 49176 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.735234022 CEST | 443 | 49176 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.735497952 CEST | 49176 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.736270905 CEST | 49176 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.736301899 CEST | 443 | 49176 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.779505014 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.779555082 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.779746056 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.780205011 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.780221939 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.836461067 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.836708069 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.850028992 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.850055933 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:09.853773117 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:09.853797913 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.074111938 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.074199915 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.074202061 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.074220896 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.074284077 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.074294090 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.074309111 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.074337959 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.074347019 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.074354887 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.074388981 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.075748920 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.075824976 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.075858116 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.075969934 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.077833891 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.077857018 CEST | 443 | 49177 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.077864885 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.077967882 CEST | 49177 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.293340921 CEST | 49178 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.293385983 CEST | 443 | 49178 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.293483973 CEST | 49178 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.294291973 CEST | 49178 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.294312954 CEST | 443 | 49178 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.349548101 CEST | 443 | 49178 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.349668980 CEST | 49178 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.357033968 CEST | 49178 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.357053995 CEST | 443 | 49178 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.360637903 CEST | 49178 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.360646009 CEST | 443 | 49178 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.573194981 CEST | 443 | 49178 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.573323965 CEST | 443 | 49178 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.573463917 CEST | 49178 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.573813915 CEST | 49178 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.573843956 CEST | 49178 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.573865891 CEST | 443 | 49178 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.573914051 CEST | 49178 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.573940992 CEST | 49178 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.785244942 CEST | 49179 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.785288095 CEST | 443 | 49179 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.785352945 CEST | 49179 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.785614014 CEST | 49179 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.785624981 CEST | 443 | 49179 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.839936972 CEST | 443 | 49179 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.840070009 CEST | 49179 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.847382069 CEST | 49179 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.847408056 CEST | 443 | 49179 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:10.851104021 CEST | 49179 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:10.851126909 CEST | 443 | 49179 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.139723063 CEST | 443 | 49179 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.139847040 CEST | 443 | 49179 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.139909983 CEST | 49179 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.139930964 CEST | 49179 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.140275955 CEST | 49179 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.140295029 CEST | 443 | 49179 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.140311956 CEST | 49179 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.140391111 CEST | 49179 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.147294998 CEST | 49180 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.147339106 CEST | 443 | 49180 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.147430897 CEST | 49180 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.147699118 CEST | 49180 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.147721052 CEST | 443 | 49180 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.203635931 CEST | 443 | 49180 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.203808069 CEST | 49180 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.222867966 CEST | 49180 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.222898006 CEST | 443 | 49180 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.226602077 CEST | 49180 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.226632118 CEST | 443 | 49180 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.402895927 CEST | 443 | 49180 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.403162956 CEST | 49180 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.403194904 CEST | 443 | 49180 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.403280020 CEST | 49180 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.403753042 CEST | 49180 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.403806925 CEST | 49180 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.535923004 CEST | 49181 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.535960913 CEST | 443 | 49181 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.536061049 CEST | 49181 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.549046040 CEST | 49181 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.549067974 CEST | 443 | 49181 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.608119011 CEST | 443 | 49181 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.608243942 CEST | 49181 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.617646933 CEST | 49181 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.617681026 CEST | 443 | 49181 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.618109941 CEST | 443 | 49181 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.629355907 CEST | 49181 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.671389103 CEST | 443 | 49181 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.812930107 CEST | 443 | 49181 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.813029051 CEST | 443 | 49181 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.813158989 CEST | 49181 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.814188957 CEST | 49181 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.814218998 CEST | 443 | 49181 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.827459097 CEST | 49182 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.827512980 CEST | 443 | 49182 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.827588081 CEST | 49182 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.827975988 CEST | 49182 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.828001022 CEST | 443 | 49182 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.883140087 CEST | 443 | 49182 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.883291960 CEST | 49182 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.889851093 CEST | 49182 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.889878035 CEST | 443 | 49182 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:11.892756939 CEST | 49182 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:11.892781019 CEST | 443 | 49182 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.125530005 CEST | 443 | 49182 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.125669003 CEST | 443 | 49182 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.125725031 CEST | 49182 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.125912905 CEST | 49182 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.126020908 CEST | 49182 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.126049042 CEST | 443 | 49182 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.126058102 CEST | 49182 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.126116991 CEST | 49182 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.130564928 CEST | 49183 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.130620956 CEST | 443 | 49183 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.130691051 CEST | 49183 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.130939007 CEST | 49183 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.130955935 CEST | 443 | 49183 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.185605049 CEST | 443 | 49183 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.185710907 CEST | 49183 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.200522900 CEST | 49183 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.200556993 CEST | 443 | 49183 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.203906059 CEST | 49183 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.203924894 CEST | 443 | 49183 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.408741951 CEST | 443 | 49183 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.408860922 CEST | 49183 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.408888102 CEST | 443 | 49183 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.408911943 CEST | 443 | 49183 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.408940077 CEST | 49183 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.408955097 CEST | 49183 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.416229963 CEST | 49183 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.416265965 CEST | 443 | 49183 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.416281939 CEST | 49183 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.416322947 CEST | 49183 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.638792038 CEST | 49184 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.638837099 CEST | 443 | 49184 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.638919115 CEST | 49184 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.639153957 CEST | 49184 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.639172077 CEST | 443 | 49184 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.695440054 CEST | 443 | 49184 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.695642948 CEST | 49184 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.709549904 CEST | 49184 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.709578037 CEST | 443 | 49184 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.712866068 CEST | 49184 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.712899923 CEST | 443 | 49184 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.907793045 CEST | 443 | 49184 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.907877922 CEST | 443 | 49184 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.907974958 CEST | 49184 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.907994032 CEST | 49184 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.908360958 CEST | 49184 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.908380032 CEST | 443 | 49184 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.908426046 CEST | 49184 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.908452988 CEST | 49184 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.920595884 CEST | 49185 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.920650959 CEST | 443 | 49185 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.920737028 CEST | 49185 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.921029091 CEST | 49185 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.921046972 CEST | 443 | 49185 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.976026058 CEST | 443 | 49185 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.976150036 CEST | 49185 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.983681917 CEST | 49185 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.983710051 CEST | 443 | 49185 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:12.987410069 CEST | 49185 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:12.987433910 CEST | 443 | 49185 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:13.285599947 CEST | 443 | 49185 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:13.285693884 CEST | 443 | 49185 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:13.285736084 CEST | 49185 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:13.285753965 CEST | 49185 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:13.289699078 CEST | 49185 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:13.289721966 CEST | 443 | 49185 | 50.31.246.2 | 192.168.2.22 |
Aug 18, 2022 10:45:13.289757013 CEST | 49185 | 443 | 192.168.2.22 | 50.31.246.2 |
Aug 18, 2022 10:45:13.289781094 CEST | 49185 | 443 | 192.168.2.22 | 50.31.246.2 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 18, 2022 10:44:56.070009947 CEST | 55868 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:44:56.098654032 CEST | 53 | 55868 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:45:02.957827091 CEST | 49688 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:45:02.976468086 CEST | 53 | 49688 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:45:02.979785919 CEST | 58836 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:45:03.008815050 CEST | 53 | 58836 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:45:08.507638931 CEST | 50134 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:45:08.536362886 CEST | 53 | 50134 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:45:08.539170980 CEST | 55275 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:45:08.558255911 CEST | 53 | 55275 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:45:11.469767094 CEST | 59915 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:45:11.503859043 CEST | 53 | 59915 | 8.8.8.8 | 192.168.2.22 |
Aug 18, 2022 10:45:11.508650064 CEST | 54408 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 18, 2022 10:45:11.534944057 CEST | 53 | 54408 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 18, 2022 10:44:56.070009947 CEST | 192.168.2.22 | 8.8.8.8 | 0x245a | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:45:02.957827091 CEST | 192.168.2.22 | 8.8.8.8 | 0xdf20 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:45:02.979785919 CEST | 192.168.2.22 | 8.8.8.8 | 0x25b4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:45:08.507638931 CEST | 192.168.2.22 | 8.8.8.8 | 0xf2ca | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:45:08.539170980 CEST | 192.168.2.22 | 8.8.8.8 | 0xdc64 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:45:11.469767094 CEST | 192.168.2.22 | 8.8.8.8 | 0xc2a1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 18, 2022 10:45:11.508650064 CEST | 192.168.2.22 | 8.8.8.8 | 0xcdf9 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 18, 2022 10:44:56.098654032 CEST | 8.8.8.8 | 192.168.2.22 | 0x245a | No error (0) | 50.31.246.2 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:45:02.976468086 CEST | 8.8.8.8 | 192.168.2.22 | 0xdf20 | No error (0) | 50.31.246.2 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:45:03.008815050 CEST | 8.8.8.8 | 192.168.2.22 | 0x25b4 | No error (0) | 50.31.246.2 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:45:08.536362886 CEST | 8.8.8.8 | 192.168.2.22 | 0xf2ca | No error (0) | 50.31.246.2 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:45:08.558255911 CEST | 8.8.8.8 | 192.168.2.22 | 0xdc64 | No error (0) | 50.31.246.2 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:45:11.503859043 CEST | 8.8.8.8 | 192.168.2.22 | 0xc2a1 | No error (0) | 50.31.246.2 | A (IP address) | IN (0x0001) | ||
Aug 18, 2022 10:45:11.534944057 CEST | 8.8.8.8 | 192.168.2.22 | 0xcdf9 | No error (0) | 50.31.246.2 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49171 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:44:56 UTC | 0 | OUT | |
2022-08-18 08:44:56 UTC | 0 | IN | |
2022-08-18 08:44:56 UTC | 0 | IN | |
2022-08-18 08:44:56 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49172 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:03 UTC | 0 | OUT | |
2022-08-18 08:45:03 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.22 | 49181 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:11 UTC | 16 | OUT | |
2022-08-18 08:45:11 UTC | 16 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.22 | 49182 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:11 UTC | 17 | OUT | |
2022-08-18 08:45:12 UTC | 17 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.22 | 49183 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:12 UTC | 18 | OUT | |
2022-08-18 08:45:12 UTC | 18 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.22 | 49184 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:12 UTC | 18 | OUT | |
2022-08-18 08:45:12 UTC | 18 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.22 | 49185 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:12 UTC | 19 | OUT | |
2022-08-18 08:45:13 UTC | 19 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49173 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:08 UTC | 1 | OUT | |
2022-08-18 08:45:08 UTC | 1 | IN | |
2022-08-18 08:45:08 UTC | 1 | IN | |
2022-08-18 08:45:08 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49174 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:08 UTC | 2 | OUT | |
2022-08-18 08:45:09 UTC | 2 | IN | |
2022-08-18 08:45:09 UTC | 2 | IN | |
2022-08-18 08:45:09 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.22 | 49175 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:09 UTC | 2 | OUT | |
2022-08-18 08:45:09 UTC | 3 | IN | |
2022-08-18 08:45:09 UTC | 3 | IN | |
2022-08-18 08:45:09 UTC | 3 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.22 | 49176 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:09 UTC | 3 | OUT | |
2022-08-18 08:45:09 UTC | 3 | IN | |
2022-08-18 08:45:09 UTC | 4 | IN | |
2022-08-18 08:45:09 UTC | 4 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.22 | 49177 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:09 UTC | 4 | OUT | |
2022-08-18 08:45:10 UTC | 4 | IN | |
2022-08-18 08:45:10 UTC | 5 | IN | |
2022-08-18 08:45:10 UTC | 12 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.22 | 49178 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:10 UTC | 14 | OUT | |
2022-08-18 08:45:10 UTC | 14 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.22 | 49179 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:10 UTC | 15 | OUT | |
2022-08-18 08:45:11 UTC | 15 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.22 | 49180 | 50.31.246.2 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-18 08:45:11 UTC | 15 | OUT | |
2022-08-18 08:45:11 UTC | 15 | IN | |
2022-08-18 08:45:11 UTC | 16 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 10:44:15 |
Start date: | 18/08/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f8e0000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |