Windows
Analysis Report
MuUeMZphCk.docx
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 764 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Doc_WordXMLRels_May22 | Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard, Wojciech Cieslak |
| |
INDICATOR_OLE_RemoteTemplate | Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
Click to see the 4 entries |
Timestamp: | 195.201.110.47192.168.2.22443491762036726 01/30/23-16:38:59.237228 |
SID: | 2036726 |
Source Port: | 443 |
Destination Port: | 49176 |
Protocol: | TCP |
Classtype: | Attempted User Privilege Gain |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Extracted files from sample: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Networking |
---|
Source: | Snort IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Key opened: | Jump to behavior |
Source: | LNK file: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | Extracted files from sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 13 Exploitation for Client Execution | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 2 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 13 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
46% | ReversingLabs | Document-Word.Exploit.CVE-2022-30190 | ||
51% | Virustotal | Browse | ||
100% | Avira | W97M/Dldr.Agent.G1 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | JS/CVE-2022-30190.G | ||
100% | Avira | JS/CVE-2022-30190.G | ||
100% | Avira | JS/CVE-2022-30190.G |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
3% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
baza-novostei.name | 195.201.110.47 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
195.201.110.47 | baza-novostei.name | Germany | 24940 | HETZNER-ASDE | true |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 794514 |
Start date and time: | 2023-01-30 16:38:00 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | MuUeMZphCk.docx |
Detection: | MAL |
Classification: | mal96.expl.evad.winDOCX@1/20@7/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe
- Report size getting too big, too many NtQueryAttributesFile calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HETZNER-ASDE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.28831879813621564 |
Encrypted: | false |
SSDEEP: | 96:KZLivvuJm3keI4sae13v9JvOvZeALMrgbHDrXJH/Xy329pkpBZcJvHa329pkpBZo:S4pOdvmRK4s4x |
MD5: | DA62F69125924684FAA121DBB4DE4FC2 |
SHA1: | 58CACD8128E436F9908644DD1BA81F0D16C30C8A |
SHA-256: | 13320D9D526F1D39E73C126AD3906F85B3E1554D04EE6D7901026CA129AE021C |
SHA-512: | 3066A9ECCD1E881A4CAEC41E34548A69B01F4536E4119A7C4FF2CEB51E7C26FBBAA80DC9566FC30FA9032182D91D5CB8BD8D82272DD15D0F8A5A7C2E9B50A391 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{74303997-B657-49E3-86A3-CDB672B97C40}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.6723917104927228 |
Encrypted: | false |
SSDEEP: | 96:KACy8ohW4YPse21a5clDIVaoGjmmoEbAUoEbAOv52klKcEmA3ot5AA0bPn33//9n:PRhlYPse9KyV/GVRDRH52khWEYf9 |
MD5: | 5D3DB6D5B5E852B5E80860BF6C58C559 |
SHA1: | 302701752ED873B41D65156F690F837CF282F21E |
SHA-256: | 42EBD2452242BBB9053666C9886A5154DE7AB0BD89060E96ECDF32268566A8FC |
SHA-512: | ACA8DA284F967D161A2F39823694C7D7F5A60AEDA93E149428ABBCE2BD91085164232EDD15D081AF3E449A90128C2EDB90E480990D90B95437DF86479B6C8C31 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.961797847617582 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlz8UW9HTXYD7WclkkLxHmRjl276:yPblzVW9k+UkqcRZ22 |
MD5: | CC66ED109FF8BF7F936B0164A1E2984F |
SHA1: | 789E0409A59BBD55E0A1BFEB522BA1B049D87A79 |
SHA-256: | 14F8B6013287B8AA0E919902E41D30115F915BF846F5ADCCC9D84F84BACC1E13 |
SHA-512: | 7C189C603BF1B94EABA9D9F8360D589EC4DFE283BB1E7ADC170E02A6368F3E2E7052C44E34122364C6932F8B825BA3D4D5F8F3698084ECE6F66D160B0E49C563 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.28788979401335124 |
Encrypted: | false |
SSDEEP: | 48:I30fRBeLt97J5ltcMd56YKxwXPdlbxch7ruD52OjT456ivqB456ivq5H:K0fLg7jjqwXlNylITVmyVmuH |
MD5: | 698E6185D766EEAF0AA6306D4C2EA62A |
SHA1: | E8D99C070FB24914A9CBE59C5758C267B5182687 |
SHA-256: | 93B45BDED2216BAE615D02806108C2B64D4DC86B7F3CFA05E14105DF0BE7CF7C |
SHA-512: | 6C1A102BA7D608392CFCEE100C5D1AC5F450FBE8D62749B6348646F4E1829E43C0DA2A4722DA2518A1B930CBB25A054B656C48F06B83F474A6B8A32312B1595D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{DAAEA1DB-A9D3-4BCE-A00E-241717FE421B}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.22210892012795055 |
Encrypted: | false |
SSDEEP: | 48:I3Sg3UrBjpzyF2ChhvPiRE0O3CFTAtkhDvLtM7JOeM7JO2:Kz3CjRydhAE0WkvXtoJOeoJO2 |
MD5: | 72A9F24FA21B0038AEB713CB6120691A |
SHA1: | E5E04F213DC78D81E20E38828257809FDD6C2847 |
SHA-256: | BB1CF9146FDE49E20F49A3675C0F40D73A50FE382E1CD803238424CAA80C3CB9 |
SHA-512: | 1C15DB398DC9659CADC1845A07BBFA26968E68A39734C4B38C4E27ABBC21A0246ABAA44625817952389F531899A632F8AACF809F62CD2E870D3F87E97CEC86E5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.901668435580097 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlz2bzGhkIe3kdV6s8TOaXOHYlLlZ276:yPblzCKne3kqs8TFeHYDZ22 |
MD5: | 85FE3E54F9BEAA55887F2553E20757A4 |
SHA1: | C04256BDD0C66CCB3588A9CA31C81AEF0B9D8B3A |
SHA-256: | 4B0C62EFA9EA80AE96E1F0703705400E339A590368747C89738A60940EFC2B95 |
SHA-512: | 9349BA612345F1CA913C7F1EF613FA10EEC8A5ADF90C4A1B6802B20FB9B725202DCF4F7E5BCC00FD7541D1EC170BD124B5AE9362F1AB7531A6EBB63FE4C1532B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\t[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 4.43530643106624 |
Encrypted: | false |
SSDEEP: | 3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu |
MD5: | 4F8E702CC244EC5D4DE32740C0ECBD97 |
SHA1: | 3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF |
SHA-256: | 9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A |
SHA-512: | 21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F |
Malicious: | false |
Yara Hits: |
|
Antivirus: |
|
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\t[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 6336 |
Entropy (8bit): | 5.021080934873899 |
Encrypted: | false |
SSDEEP: | 192:/KiSe+1GPw6utZ7UPg9N2EFWeBKBZOJiQjtz:5U7/UPgP2Eb6IJZ |
MD5: | 12B73F8BAE89EB92C8CDA74269C2F69F |
SHA1: | EF4647A4DA8B76494E9F5CCC105D034134EBB419 |
SHA-256: | 5AB0198CE6E52F0691A5424278A549E5D4257BCD67735AD5EC2D2B273E6E6400 |
SHA-512: | D46D68E4AB253AC45046E7549D208B37EDAB31BC975906D7759A4DDEA7F2209C487E15CDC6C622785F0011A8DFBACBF3E7BFEA95585A20611C75D23472CCC536 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\t[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 4.43530643106624 |
Encrypted: | false |
SSDEEP: | 3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu |
MD5: | 4F8E702CC244EC5D4DE32740C0ECBD97 |
SHA1: | 3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF |
SHA-256: | 9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A |
SHA-512: | 21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B0C92CD5.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 6336 |
Entropy (8bit): | 5.021080934873899 |
Encrypted: | false |
SSDEEP: | 192:/KiSe+1GPw6utZ7UPg9N2EFWeBKBZOJiQjtz:5U7/UPgP2Eb6IJZ |
MD5: | 12B73F8BAE89EB92C8CDA74269C2F69F |
SHA1: | EF4647A4DA8B76494E9F5CCC105D034134EBB419 |
SHA-256: | 5AB0198CE6E52F0691A5424278A549E5D4257BCD67735AD5EC2D2B273E6E6400 |
SHA-512: | D46D68E4AB253AC45046E7549D208B37EDAB31BC975906D7759A4DDEA7F2209C487E15CDC6C622785F0011A8DFBACBF3E7BFEA95585A20611C75D23472CCC536 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F29C8AAB.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 6336 |
Entropy (8bit): | 5.021080934873899 |
Encrypted: | false |
SSDEEP: | 192:/KiSe+1GPw6utZ7UPg9N2EFWeBKBZOJiQjtz:5U7/UPgP2Eb6IJZ |
MD5: | 12B73F8BAE89EB92C8CDA74269C2F69F |
SHA1: | EF4647A4DA8B76494E9F5CCC105D034134EBB419 |
SHA-256: | 5AB0198CE6E52F0691A5424278A549E5D4257BCD67735AD5EC2D2B273E6E6400 |
SHA-512: | D46D68E4AB253AC45046E7549D208B37EDAB31BC975906D7759A4DDEA7F2209C487E15CDC6C622785F0011A8DFBACBF3E7BFEA95585A20611C75D23472CCC536 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{FBAA5654-5D14-4878-BCFB-2CE5C11EE2EA}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5632 |
Entropy (8bit): | 2.0883867069142816 |
Encrypted: | false |
SSDEEP: | 24:ruNK//zjb7FwNYg1Ky1KqiDE2/8u2oUFwNYg1Kg1KqZi7:ru4veNYvtqit7v5NYvvqZ |
MD5: | 590B07601415F1D20B9D8DF1F3290207 |
SHA1: | 385D509E9B8B490D23927752A84CF9BCE328B017 |
SHA-256: | 584220FA7DF12F57A3EE4E5602DD11ACA994B8BB3EF46FA819D258908691C9A3 |
SHA-512: | DD6CCE4121F0E0137440DEEBF52D4D7CC9A48B118C75A13A7C17765E52B494EDFE64B2B8B9F280E63411421E43C8016130F95307E02A752D3B368A242042F779 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{611D617C-89DE-47F7-979F-596893CFACC4}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 0.8333364598047724 |
Encrypted: | false |
SSDEEP: | 6:olgI5lNUJW9/O1KKKWkujJcPYB4PxZUtLimN:4tG1KKltJEZ4 |
MD5: | C9998821F542F790130D4250654012FE |
SHA1: | AB4CA8443BD5535C5C3FB64599299C2635EC394A |
SHA-256: | 3A6465A9158E9F0B51F150701110F8F9C639494FBA10A19466142AC5E4CDAF76 |
SHA-512: | FC7FBD1702A707033C5A2C5C2414767F6CC54B3FF7237FC59B314B26F86860247B6C89F6A6A3CE3F1BD0A0CD3D0DF0CE697510C11B97171897D65859CDE19AD5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{87D8FFE7-04E6-4C98-8E49-7EEE49FEBDC8}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025566439551804574 |
Encrypted: | false |
SSDEEP: | 6:I3DPcwz9C0/3FvxggLRnW8ctVEz3RXv//4tfnRujlw//+GtluJ/eRuj:I3DPj9CIZLW0zRvYg3J/ |
MD5: | D8541EE8209C0790C7DB7D752993B728 |
SHA1: | 867905DB02054B4DB2514EBF6F57AE0E8EB345F0 |
SHA-256: | 22BAEA64A5FD08FC1D62B19F72BB8AEABED58A9A89FD57CE84DE2315C33FB6F1 |
SHA-512: | 83624927D95E795EB3AA2F0A6960C588C1E748F78CFC5403BAD9416FA9B5A0D8E18EE70B106B20CC99CB871E16753335DA6CB7671B89944C9B7BBDDD15833E31 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025440811431057704 |
Encrypted: | false |
SSDEEP: | 6:I3DPcV+w9HvxggLRrgsO+FRXv//4tfnRujlw//+GtluJ/eRuj:I3DPYp9PHTvYg3J/ |
MD5: | 661520ABBD6F539F4F1078C88FBE0FE4 |
SHA1: | D543A83CCD0CF2C3879F30CD2A632F3502EB2A23 |
SHA-256: | C920CE90D8D88B9CFDC096072F1102D1EC0C333182EAD1C688B4957CFDEFC83F |
SHA-512: | D90AF1C0A98E7FEB19E25E9C92A6C6D8354FADF119370B6F3D5F9B8D66AB404EEDE30EC37C439846F88740F5B41AA98AA3357EBD2CE819C536E16BDF44FB1447 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1019 |
Entropy (8bit): | 4.548181582713359 |
Encrypted: | false |
SSDEEP: | 12:8UN80gXg/XAlCPCHaXNBQtB/SxXX+WcY5itW0juicvbOdllz54qqVmNDtZ3YilMy:85k/XT9SUiZXNeq5zsUDv3q/u7D |
MD5: | 79E172BFC53379DE07E8580D55EEF81B |
SHA1: | CBD123829BA037B2EE561D4CC49DA58767D8ACE8 |
SHA-256: | 48313F54888B36603325A55956DB0E28C92AA56239AF94CC1AFEA91213A23530 |
SHA-512: | 8D2AE4963E0E51ED27890CDB03714DA14DED3EC55C29A2681FE0021CB899B396FD422E2EB7C58884BD10A13F2959E515606197499B81FD1FED2A03279326831B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 4.768980259211503 |
Encrypted: | false |
SSDEEP: | 3:bDuMJlwQwtV0O9VomxWjDV0O9Vov:bC/59VQD59Vy |
MD5: | 3B4F0D70AFFDA7569F0C30A6B8CE8437 |
SHA1: | 9D183DF509C1C16E7665DD6D535269D63BF452A1 |
SHA-256: | CAB652AB0416F9CF4830AB4D0D81FB512466F6C53D2BC46712B4F234BAF85E5A |
SHA-512: | 1A6384392152B89D0B069E9734C4802A3C7FC776F219F1F23E3A4693FE75FEB09B58A50D72C5D19A47AD246461A9DC5E8AC89357D912EDFBA1355140A541B540 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll |
MD5: | D9C8F93ADB8834E5883B5A8AAAC0D8D9 |
SHA1: | 23684CCAA587C442181A92E722E15A685B2407B1 |
SHA-256: | 116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11 |
SHA-512: | 7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.711564536070913 |
TrID: |
|
File name: | MuUeMZphCk.docx |
File size: | 11537 |
MD5: | cda4155d33b715f31315a9247d56ed3d |
SHA1: | 7a495ae1b4c9132d0afb9b058e049cc71c5a5a55 |
SHA256: | 62243a041c28b5f98f0d29780250bf83e61a85523ddce855745f94d381006615 |
SHA512: | 6002e4fc8fab8178f49e30635fb7926326b516f56b3123e9b6e689231c25cb98486ac9367095ea32d45367d74f5401a2ce5ce934f324aa0ef209348e7273dcfc |
SSDEEP: | 192:bhM1fkUU8hdb8d9264wpl7Z/c+8poF1d3jvvtlhoGheNrGxjPOuaj81s:1mfkz8hdbg92hwRcfa7pr1laGANyxjPK |
TLSH: | 13325C37852A1C3CD61F4B34E23CC686E49A8647B11BBD9BB60097A2C6C39C82D79F45 |
File Content Preview: | PK.........A=V...lT... .......[Content_Types].xmlUT....o.c.o.cux................j.0.E.....6.J.(.....e.h...4NDeIh&...8NC)i.M.1.3..3...x].l..m....}....X?+...9.....F.....@1.]_.......c).D.^J.s...!..J.R.._.LF.?...M..+u...rj<.h...Z8.....%I.Pd.mc.U....Z....._).. |
Icon Hash: | e4e6a2a2a4b4b4a4 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
195.201.110.47192.168.2.22443491762036726 01/30/23-16:38:59.237228 | TCP | 2036726 | ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190) | 443 | 49176 | 195.201.110.47 | 192.168.2.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 30, 2023 16:38:53.394267082 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:53.417531967 CET | 80 | 49171 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:53.417711973 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:53.417987108 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:53.441041946 CET | 80 | 49171 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:53.441082954 CET | 80 | 49171 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:53.441215992 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:54.687328100 CET | 49172 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:54.710592031 CET | 80 | 49172 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:54.710834980 CET | 49172 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:54.711050987 CET | 49172 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:54.734273911 CET | 80 | 49172 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:54.734345913 CET | 80 | 49172 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:54.735491037 CET | 49173 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:54.735562086 CET | 443 | 49173 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:54.735647917 CET | 49173 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:54.747786045 CET | 49173 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:54.747834921 CET | 443 | 49173 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:54.852899075 CET | 443 | 49173 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:54.853111029 CET | 49173 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:54.864320993 CET | 49173 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:54.864340067 CET | 443 | 49173 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:54.864917040 CET | 443 | 49173 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:54.939670086 CET | 49172 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:54.957336903 CET | 80 | 49172 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:54.957565069 CET | 49172 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:55.070719957 CET | 443 | 49173 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:55.070919991 CET | 49173 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:55.119185925 CET | 49173 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:55.119219065 CET | 443 | 49173 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:55.142942905 CET | 443 | 49173 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:55.143026114 CET | 443 | 49173 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:55.143157005 CET | 49173 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:55.143218994 CET | 49173 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:55.143240929 CET | 443 | 49173 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:58.790441036 CET | 49174 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:58.813038111 CET | 80 | 49174 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:58.813203096 CET | 49174 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:58.813340902 CET | 49174 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:58.836319923 CET | 80 | 49174 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:58.836354017 CET | 80 | 49174 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:58.836942911 CET | 49175 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:58.836999893 CET | 443 | 49175 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:58.837066889 CET | 49175 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:58.838871956 CET | 49175 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:58.838891983 CET | 443 | 49175 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:58.902235031 CET | 443 | 49175 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:58.902399063 CET | 49175 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:58.914844036 CET | 49175 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:58.914865017 CET | 443 | 49175 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:58.915324926 CET | 443 | 49175 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:58.952275038 CET | 49175 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:58.952305079 CET | 443 | 49175 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.003062010 CET | 443 | 49175 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.003206968 CET | 443 | 49175 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.003424883 CET | 49175 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.003900051 CET | 49175 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.003942013 CET | 443 | 49175 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.042727947 CET | 49174 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.045788050 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.064165115 CET | 80 | 49174 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.064320087 CET | 49174 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.078620911 CET | 80 | 49171 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.078855991 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.096642971 CET | 49176 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.096708059 CET | 443 | 49176 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.096796036 CET | 49176 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.101285934 CET | 49176 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.101311922 CET | 443 | 49176 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.152400017 CET | 443 | 49176 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.152554035 CET | 49176 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.173438072 CET | 49176 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.173465014 CET | 443 | 49176 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.173885107 CET | 443 | 49176 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.173948050 CET | 49176 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.204113960 CET | 49176 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.204132080 CET | 443 | 49176 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.237323046 CET | 443 | 49176 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.237380981 CET | 443 | 49176 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.237494946 CET | 443 | 49176 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.237567902 CET | 49176 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.237596989 CET | 49176 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.239999056 CET | 49176 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.240031958 CET | 443 | 49176 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.282567024 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.309516907 CET | 80 | 49171 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.309597969 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.310352087 CET | 49177 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.310408115 CET | 443 | 49177 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.310482979 CET | 49177 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.310832024 CET | 49177 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.310851097 CET | 443 | 49177 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.363852024 CET | 443 | 49177 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.363992929 CET | 49177 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.380295038 CET | 49177 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.380322933 CET | 443 | 49177 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.382600069 CET | 49177 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.382625103 CET | 443 | 49177 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.445380926 CET | 443 | 49177 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.445483923 CET | 443 | 49177 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.445532084 CET | 49177 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.445555925 CET | 49177 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.445729017 CET | 49177 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.445749998 CET | 443 | 49177 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.445766926 CET | 49177 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.445866108 CET | 49177 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.451215029 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.474328041 CET | 80 | 49171 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.474759102 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.507991076 CET | 49172 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.531220913 CET | 80 | 49172 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.594481945 CET | 49178 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.594549894 CET | 443 | 49178 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.594628096 CET | 49178 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.594997883 CET | 49178 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.595019102 CET | 443 | 49178 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.647547960 CET | 443 | 49178 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.647838116 CET | 49178 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.659027100 CET | 49178 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.659054995 CET | 443 | 49178 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.659461975 CET | 443 | 49178 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.667355061 CET | 49178 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.667392969 CET | 443 | 49178 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.731343985 CET | 443 | 49178 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.731437922 CET | 443 | 49178 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.731558084 CET | 49178 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.731702089 CET | 49178 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.731734991 CET | 443 | 49178 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.743798971 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.744723082 CET | 49172 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.754143000 CET | 80 | 49172 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.754194021 CET | 49172 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.767016888 CET | 80 | 49171 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.767083883 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.776711941 CET | 49179 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.776756048 CET | 443 | 49179 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.776813984 CET | 49179 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.777148962 CET | 49179 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.777163982 CET | 443 | 49179 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.827615023 CET | 443 | 49179 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.827708960 CET | 49179 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.834014893 CET | 49179 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.834029913 CET | 443 | 49179 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.836464882 CET | 49179 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.836476088 CET | 443 | 49179 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.912241936 CET | 443 | 49179 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.912323952 CET | 443 | 49179 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.912378073 CET | 49179 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.912414074 CET | 49179 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.936047077 CET | 49179 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.936075926 CET | 443 | 49179 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.936090946 CET | 49179 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.936152935 CET | 49179 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.948847055 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.972712994 CET | 80 | 49171 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.972831011 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.973640919 CET | 49180 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.973690033 CET | 443 | 49180 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:38:59.973751068 CET | 49180 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.974122047 CET | 49180 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:38:59.974136114 CET | 443 | 49180 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:39:00.023353100 CET | 443 | 49180 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:39:00.023550987 CET | 49180 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:39:00.041801929 CET | 49180 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:39:00.041843891 CET | 443 | 49180 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:39:00.044647932 CET | 49180 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:39:00.044682026 CET | 443 | 49180 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:39:00.107234001 CET | 443 | 49180 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:39:00.107333899 CET | 443 | 49180 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:39:00.107419968 CET | 49180 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:39:00.107458115 CET | 49180 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:39:00.107640982 CET | 49180 | 443 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:39:00.107657909 CET | 443 | 49180 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:39:08.835865974 CET | 80 | 49174 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:39:08.835974932 CET | 49174 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:39:08.836060047 CET | 49174 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:39:08.858820915 CET | 80 | 49174 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:39:09.531290054 CET | 80 | 49172 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:39:09.531488895 CET | 49172 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:39:09.531533003 CET | 49172 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:39:09.554629087 CET | 80 | 49172 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:39:09.972986937 CET | 80 | 49171 | 195.201.110.47 | 192.168.2.22 |
Jan 30, 2023 16:39:09.973182917 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Jan 30, 2023 16:40:50.137192965 CET | 49171 | 80 | 192.168.2.22 | 195.201.110.47 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 30, 2023 16:38:53.323796034 CET | 55868 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 30, 2023 16:38:53.352087021 CET | 53 | 55868 | 8.8.8.8 | 192.168.2.22 |
Jan 30, 2023 16:38:54.603615999 CET | 49688 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 30, 2023 16:38:54.626416922 CET | 53 | 49688 | 8.8.8.8 | 192.168.2.22 |
Jan 30, 2023 16:38:54.631133080 CET | 58836 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 30, 2023 16:38:54.685975075 CET | 53 | 58836 | 8.8.8.8 | 192.168.2.22 |
Jan 30, 2023 16:38:58.725426912 CET | 50134 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 30, 2023 16:38:58.769660950 CET | 53 | 50134 | 8.8.8.8 | 192.168.2.22 |
Jan 30, 2023 16:38:58.772041082 CET | 55275 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 30, 2023 16:38:58.789683104 CET | 53 | 55275 | 8.8.8.8 | 192.168.2.22 |
Jan 30, 2023 16:38:59.534842968 CET | 59915 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 30, 2023 16:38:59.557145119 CET | 53 | 59915 | 8.8.8.8 | 192.168.2.22 |
Jan 30, 2023 16:38:59.561460018 CET | 54408 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 30, 2023 16:38:59.584151030 CET | 53 | 54408 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jan 30, 2023 16:38:53.323796034 CET | 192.168.2.22 | 8.8.8.8 | 0x271 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 30, 2023 16:38:54.603615999 CET | 192.168.2.22 | 8.8.8.8 | 0x7509 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 30, 2023 16:38:54.631133080 CET | 192.168.2.22 | 8.8.8.8 | 0xdc0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 30, 2023 16:38:58.725426912 CET | 192.168.2.22 | 8.8.8.8 | 0xf2ca | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 30, 2023 16:38:58.772041082 CET | 192.168.2.22 | 8.8.8.8 | 0xdc64 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 30, 2023 16:38:59.534842968 CET | 192.168.2.22 | 8.8.8.8 | 0xd768 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 30, 2023 16:38:59.561460018 CET | 192.168.2.22 | 8.8.8.8 | 0xe2ab | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jan 30, 2023 16:38:53.352087021 CET | 8.8.8.8 | 192.168.2.22 | 0x271 | No error (0) | 195.201.110.47 | A (IP address) | IN (0x0001) | false | ||
Jan 30, 2023 16:38:54.626416922 CET | 8.8.8.8 | 192.168.2.22 | 0x7509 | No error (0) | 195.201.110.47 | A (IP address) | IN (0x0001) | false | ||
Jan 30, 2023 16:38:54.685975075 CET | 8.8.8.8 | 192.168.2.22 | 0xdc0 | No error (0) | 195.201.110.47 | A (IP address) | IN (0x0001) | false | ||
Jan 30, 2023 16:38:58.769660950 CET | 8.8.8.8 | 192.168.2.22 | 0xf2ca | No error (0) | 195.201.110.47 | A (IP address) | IN (0x0001) | false | ||
Jan 30, 2023 16:38:58.789683104 CET | 8.8.8.8 | 192.168.2.22 | 0xdc64 | No error (0) | 195.201.110.47 | A (IP address) | IN (0x0001) | false | ||
Jan 30, 2023 16:38:59.557145119 CET | 8.8.8.8 | 192.168.2.22 | 0xd768 | No error (0) | 195.201.110.47 | A (IP address) | IN (0x0001) | false | ||
Jan 30, 2023 16:38:59.584151030 CET | 8.8.8.8 | 192.168.2.22 | 0xe2ab | No error (0) | 195.201.110.47 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49173 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49175 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49176 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49177 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.22 | 49178 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.22 | 49179 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.22 | 49180 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.22 | 49171 | 195.201.110.47 | 80 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 30, 2023 16:38:53.417987108 CET | 0 | OUT | |
Jan 30, 2023 16:38:53.441082954 CET | 1 | IN | |
Jan 30, 2023 16:38:59.045788050 CET | 14 | OUT | |
Jan 30, 2023 16:38:59.078620911 CET | 15 | IN | |
Jan 30, 2023 16:38:59.282567024 CET | 28 | OUT | |
Jan 30, 2023 16:38:59.309516907 CET | 28 | IN | |
Jan 30, 2023 16:38:59.451215029 CET | 31 | OUT | |
Jan 30, 2023 16:38:59.474328041 CET | 31 | IN | |
Jan 30, 2023 16:38:59.743798971 CET | 37 | OUT | |
Jan 30, 2023 16:38:59.767016888 CET | 38 | IN | |
Jan 30, 2023 16:38:59.948847055 CET | 41 | OUT | |
Jan 30, 2023 16:38:59.972712994 CET | 41 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.22 | 49172 | 195.201.110.47 | 80 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 30, 2023 16:38:54.711050987 CET | 1 | OUT | |
Jan 30, 2023 16:38:54.734345913 CET | 2 | IN | |
Jan 30, 2023 16:38:54.957336903 CET | 6 | IN | |
Jan 30, 2023 16:38:59.507991076 CET | 31 | OUT | |
Jan 30, 2023 16:38:59.531220913 CET | 31 | IN | |
Jan 30, 2023 16:38:59.754143000 CET | 38 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.22 | 49174 | 195.201.110.47 | 80 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 30, 2023 16:38:58.813340902 CET | 8 | OUT | |
Jan 30, 2023 16:38:58.836354017 CET | 9 | IN | |
Jan 30, 2023 16:38:59.064165115 CET | 15 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49173 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-01-30 15:38:55 UTC | 0 | OUT | |
2023-01-30 15:38:55 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49175 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-01-30 15:38:58 UTC | 0 | OUT | |
2023-01-30 15:38:58 UTC | 0 | IN | |
2023-01-30 15:38:58 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49176 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-01-30 15:38:59 UTC | 1 | OUT | |
2023-01-30 15:38:59 UTC | 1 | IN | |
2023-01-30 15:38:59 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49177 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-01-30 15:38:59 UTC | 7 | OUT | |
2023-01-30 15:38:59 UTC | 8 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.22 | 49178 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-01-30 15:38:59 UTC | 8 | OUT | |
2023-01-30 15:38:59 UTC | 8 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.22 | 49179 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-01-30 15:38:59 UTC | 8 | OUT | |
2023-01-30 15:38:59 UTC | 9 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.22 | 49180 | 195.201.110.47 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-01-30 15:39:00 UTC | 9 | OUT | |
2023-01-30 15:39:00 UTC | 9 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 16:38:13 |
Start date: | 30/01/2023 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13fe30000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |