Windows
Analysis Report
Shipping Document.docx.doc
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 3260 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Source: | Author: X__Junior (Nextron Systems): |
Source: | Author: frack113: |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | LNK file: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | File opened: | Jump to behavior |
Source: | Extracted files from sample: |
Source: | Section loaded: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path '_1788917966/Package' entropy: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Obfuscated Files or Information | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 14 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 4 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
a8s.app | 34.93.135.146 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
34.93.135.146 | a8s.app | United States | 15169 | GOOGLEUS | false | |
104.168.32.148 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1520408 |
Start date and time: | 2024-09-27 10:52:16 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Shipping Document.docx.doc |
Detection: | MAL |
Classification: | mal56.evad.winDOC@1/17@7/2 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe, WMIADAP.exe
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: Shipping Document.docx.doc
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.168.32.148 | Get hash | malicious | Cobalt Strike, Remcos, PureLog Stealer | Browse |
| |
Get hash | malicious | Remcos, PureLog Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AS-COLOCROSSINGUS | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.02548736447874091 |
Encrypted: | false |
SSDEEP: | 6:I3DPcuyavxggLR/eIFOgXmY/RXv//4tfnRujlw//+GtluJ/eRuj:I3DP+cSetRvYg3J/ |
MD5: | ED820DBA4CB1B47F858652B4627047F1 |
SHA1: | 5F0528FE37D7B6BB83F17C9660B13721FE90E705 |
SHA-256: | F2FA34E6E2DA47F7265DCEA9EC6AF4BA45E1FF3989B7F89D581C618D09222A97 |
SHA-512: | 149E0372C331D293772AC34DFA7607AD1DFA21F6A53726068449580884283FA3A694BB63FE7D60EBF40214AD085A0B89CCA561B03D5B64BE789D7B356F6B447A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4E4FA525.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 349384 |
Entropy (8bit): | 3.7205669439027447 |
Encrypted: | false |
SSDEEP: | 1536:6VPpZD+Jb5qGYJ6OoG+RJ2dB9eJb85eKJBFgcxSoigiP/l5K:kPpZD+JbBYJhkRJiTeJI8KJcs/ibY |
MD5: | B26BA61E488C67CF430B2BD98AB68F35 |
SHA1: | 7505989C3DC3C0687607B83EEBB87299A5C6E134 |
SHA-256: | BCE0A286BCED2FBEFF65E8AC01C417689E1053DACBA3BA473A3350ACC3AFDE01 |
SHA-512: | 1925F250855CFBAF9012D3A0DB5A2EBD810A115BEF2350EC6BE69B5F8FD83525A36A73243B26003CEDADF1A818B1AD832B2C6A1E53F59030A6253A198E5FEB28 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A35D55BF.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131176 |
Entropy (8bit): | 5.204306047983803 |
Encrypted: | false |
SSDEEP: | 1536:xUdPLy2SBWhpEwBurp2TaSDzXDED27JDbkPPnPPJ994wpvPPftOrPWjTPlfo5Z8W:y1Ly2SWhpnB+p2BEf9hpHf4 |
MD5: | 3A8DA5B76D6B5312D055CAF09F894D6C |
SHA1: | F045D2B3B4A87C48AD1FF3A79D15B536FA8DA863 |
SHA-256: | 601C0BD78909A01152A7A697AF54EA37B90D893DDAD21CDC55B5D7DE12ED156C |
SHA-512: | 875EFE26D32189FDDA5CFB491CA021D55BE00879DB150F0CFF18ED5C15F8EC5EF61B0B3A56D68469940A347CEF8D731AD99DBFC7DE562E3740F18E23AAE9153A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D67520E2.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 29568 |
Entropy (8bit): | 2.694730513877487 |
Encrypted: | false |
SSDEEP: | 192:TV4bOGk6x9A3Yk2rxkZ+PpEdCuhcvf/H+EJ8jQ7TpisUJ5cXu:TaSGk6x9A3Yk2r/O0z/Du |
MD5: | 3661FC2009882CD720EAD67DF45EFF03 |
SHA1: | BC65677C7DEC5624D95B25E65A2933A0C73541F6 |
SHA-256: | C475A3541E4CA355AE7329D826A5F9635B5ECC7B7A3A8A5476E16C24E83F1D1C |
SHA-512: | 9C1D163F366E512C499187CE31EA5CBBEB2467DE80BAD417A8B38870D5B368165E8A36DC1456B030504057FF174ECF88CFCFEC600A75398EFA3898F71B92DDE3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DB8E74B4.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 38272 |
Entropy (8bit): | 2.8972116743873406 |
Encrypted: | false |
SSDEEP: | 384:6/pfn/MU21l14GtX2MQsRCNa6gz5XOyJ1/:Ufn/MU2lCMQZeb |
MD5: | 6406F6DAC2E95FB4970C4F9BF5A95EBF |
SHA1: | 6332B1626377DF9B712AD997AB5A8C6C440442C8 |
SHA-256: | 2A29434A2B22B9BEB23F1E1F4146F8F400CFDEF8C2799AC8D328B20D7A1B0D00 |
SHA-512: | A2123510E53D4F4AF0CAF15F21F5917A82FB6F6A672082A993C43A0D943EDDE02769DE564C4A1946D83EFAF008F9CAAECCBB0D90594C77BBC99A60A379CBE335 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{F999A813-F242-43C2-AE8B-2164A426237D}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 342016 |
Entropy (8bit): | 5.661376162495788 |
Encrypted: | false |
SSDEEP: | 6144:YDq46SR3W/bqyY3PuARW8KgEdzZ+RwPONXoRjDhIcp0fDlavx+W26n7:8q4ZRmTc328ZEdj |
MD5: | A234B4AD9D370F2B42D17097DE27CE42 |
SHA1: | 00C3A173BFA7F254818DF706F1DF8288AC171AB6 |
SHA-256: | 9E466E9A99622DD43D999748774637C1BE19DE9B99DE513F097A09373FA5E3E4 |
SHA-512: | EE74CC24229A3DE4373100CD55770E1B11AEDDF7920595B34EE3C81230D755B7B2C7A27DADC077684DC054EC176E5217D0BB333D6FDB7151343E0BF678D4C7EC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4FE2B8A1-7A31-4D8B-80B3-3560F3E0FB88}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 3.425390699073594 |
Encrypted: | false |
SSDEEP: | 24:In3slMb8j9jK+KAGG/gk6Pp0p+lUU/L4DZO1:Icl48jT/t6xYa3zG8 |
MD5: | 182E9DDF85D79FA12C12281637013BBA |
SHA1: | DCDA29CADA94D1E0A967D48157A55069BF4C2ED0 |
SHA-256: | 772C7559679E95A04CE9146EABB6B20E3EBBF51CDADDFDEDFA25969960E99750 |
SHA-512: | 65F1AF683D5DE6F2F867A06961C578DD79CFBCE18B1149C4F9098F3D08E5B089A6EAD01311E25B47A4CD842BC63590C4E37F1A87A7A9E910B8D006D9877ECFB8 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{79F8DF0A-CDD6-46CE-B8C0-3C3580ADD1C2}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.02548736447874091 |
Encrypted: | false |
SSDEEP: | 6:I3DPcuyavxggLR/eIFOgXmY/RXv//4tfnRujlw//+GtluJ/eRuj:I3DP+cSetRvYg3J/ |
MD5: | ED820DBA4CB1B47F858652B4627047F1 |
SHA1: | 5F0528FE37D7B6BB83F17C9660B13721FE90E705 |
SHA-256: | F2FA34E6E2DA47F7265DCEA9EC6AF4BA45E1FF3989B7F89D581C618D09222A97 |
SHA-512: | 149E0372C331D293772AC34DFA7607AD1DFA21F6A53726068449580884283FA3A694BB63FE7D60EBF40214AD085A0B89CCA561B03D5B64BE789D7B356F6B447A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025631017748877247 |
Encrypted: | false |
SSDEEP: | 6:I3DPcHhi9vxggLRRGP1NlY7a+DRXv//4tfnRujlw//+GtluJ/eRuj:I3DPwhiRMtNlYZ1vYg3J/ |
MD5: | C9093CF3A83C04C263DB029011258B43 |
SHA1: | 738E387BFFA2CE74EA76F1143C032B8778C08A8B |
SHA-256: | 502DC77468E512E4DF3D882F3E700674BB88F96FD9E9412B0FC1227B6D421778 |
SHA-512: | 55CE9C848A41C2248D456DF30083ABF71213E75A4D32998591AE4D07BB866553EA9DD0C63611A30E1A25ACDA1C0C60F171046621713CDD277F1DE1C2E096BF60 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1074 |
Entropy (8bit): | 4.585776429106233 |
Encrypted: | false |
SSDEEP: | 12:8e7X7wC9gXg/XAlCPCHaXJBkB/qPX+WEGbZIcNXXZ6icvbriZ11WDtZ3YilMMEpY:8e7X7wG/XTZm4NbZpZRevaWDv3qV57u |
MD5: | 7A67857596D0F48B59DEE009413F6C8E |
SHA1: | 1752015B0DD3A7C61BCA4696E7425BC962C12F71 |
SHA-256: | BB7320A0FBD633AD284F7B3D5F7932416F87AF815DD1EED03A9C761510F9ABBC |
SHA-512: | A95D6F2C702ADCAFBA75D5AE791039FBAEB2D73326CD693C46247F090B4FEAC5AEAFFE1F78828424982FC2235A352B4CE8ED35D77D68551A0F12CAC432F34EA9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 78 |
Entropy (8bit): | 4.748552180645232 |
Encrypted: | false |
SSDEEP: | 3:M1qME2F3Cl1fpSm4CN2F3Cl1fpSv:McNrnfpvNrnfpc |
MD5: | 6CD2AEF29AE6DE1ED72F3BE650A315CA |
SHA1: | 53409F29C0C46DB68BC3C958D9723116729DDACC |
SHA-256: | 03C1C89061CAE4674DD7FF4F4CE79331B76DDC97516E865FED98611356874C85 |
SHA-512: | 5502D1081FDA24D5C2271126EB196BA22340C92FDAFBE968C41746D3FE837B2AF49743EC8C2993A7697864A25782576176C421BA7A0B8361846008730688D591 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020307 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l |
MD5: | 2CF7D3B8DED3F1D5CE1AC92F3E51D4ED |
SHA1: | 95E13378EA9CACA068B2687F01E9EF13F56627C2 |
SHA-256: | 60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1 |
SHA-512: | 2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 283345 |
Entropy (8bit): | 7.937102107342555 |
Encrypted: | false |
SSDEEP: | 6144:a5f/nwsFZDq46SR3W/bqPa9Mnz+16taGQH8LW8KgEdDn:yHwsFBq4ZRmTRUiUtaGQHMZEdj |
MD5: | DEAE5AAA4319B5E1F3F036F982D7E118 |
SHA1: | A997D269F2F1B49798DD711E251FADCCF61BF4CB |
SHA-256: | DCFFA1B3AD6121AAAE524374A48909F88290B01AEE1A234BF47923D568B3B70B |
SHA-512: | 425175E1943EC8A428ABBBDA5F0C4002869CFEC2A8CD4F5C3FCD359107AC36B0D0A09298D8FA9F9FDA7B6464167B9DFC40D06BCD2941C056D927B218D9DF834C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020307 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l |
MD5: | 2CF7D3B8DED3F1D5CE1AC92F3E51D4ED |
SHA1: | 95E13378EA9CACA068B2687F01E9EF13F56627C2 |
SHA-256: | 60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1 |
SHA-512: | 2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 283345 |
Entropy (8bit): | 7.937102107342555 |
Encrypted: | false |
SSDEEP: | 6144:a5f/nwsFZDq46SR3W/bqPa9Mnz+16taGQH8LW8KgEdDn:yHwsFBq4ZRmTRUiUtaGQHMZEdj |
MD5: | DEAE5AAA4319B5E1F3F036F982D7E118 |
SHA1: | A997D269F2F1B49798DD711E251FADCCF61BF4CB |
SHA-256: | DCFFA1B3AD6121AAAE524374A48909F88290B01AEE1A234BF47923D568B3B70B |
SHA-512: | 425175E1943EC8A428ABBBDA5F0C4002869CFEC2A8CD4F5C3FCD359107AC36B0D0A09298D8FA9F9FDA7B6464167B9DFC40D06BCD2941C056D927B218D9DF834C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.992080836401171 |
TrID: |
|
File name: | Shipping Document.docx.doc |
File size: | 245'915 bytes |
MD5: | 0aa21e3880e6016cf48e0c0c38c5f753 |
SHA1: | 0a36f40ff304c0450b8ae22a0444fa8e5e70dd18 |
SHA256: | 0b8b68f159995d4c24fd93e6f3f8efc5ab6716e99219a248b44e92e15af393d6 |
SHA512: | 01797f1f42686a16545830f8cf5b5cba83aa140c6869a844f751fceda3cef47295b555baf44979796143eb1832bc33e784208a47eab1b637ba89aa79e93907d5 |
SSDEEP: | 6144:0OzxXgnq4jvMt8sn2gOQGpMTdgPxB3oYL+kI:fxyqrtt2FBep++kI |
TLSH: | 553422FD9660C01DD20719F660DB5A3CF3242D43E213AE9586BDCB5AE9FE36B0293641 |
File Content Preview: | PK........,U:Y+..0............[Content_Types].xmlUT...B:.fB:.fB:.f.V.j.@.}/.....i..J)....c.h.....%.7v&......SL".../.bu.3s4hu.;[<A...Z,..(..`:.....o.GQ )o...j.......V...X0.c-Z..IJ.-8.U......)....Q..j..z.. u...J..b....Rg..S..+.:.9$#.......N...\.....vZ...O.. |
Icon Hash: | 2764a3aaaeb7bdbf |
Document Type: | OpenXML |
Number of OLE Files: | 2 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Code Page: | 1252 |
Title: | |
Subject: | |
Author: | 91974 |
Keywords: | |
Template: | |
Last Saved By: | 91974 |
Revion Number: | 3 |
Total Edit Time: | 2 |
Create Time: | 2024-09-26T01:48:00Z |
Last Saved Time: | 2024-09-26T05:09:00Z |
Number of Pages: | 1 |
Number of Words: | 0 |
Number of Characters: | 0 |
Thumbnail: | HH&&" WMFC 4lr EMF48X?F, EMF+@xxF\PEMF+"@@$@0@?!@@!"!"!"!s"!s"!s'%&%"6"%Ld"""!??%6#%Ld""!??%.6#.%Ld.".."!??%F6#F%LdF"FF"!??%^6#^%Ld^"^^"!??%v6#v%Ldv"vv"!??%6#%Ld""!??%6#%Ld""!??%6#%Ld""!??%6#%Ld""!??%"6s%Ld"r"Q!??%"6"%Ld"""!??%6%Ld!??%r6r%Ldrrr!??'%Ld!!!??%%6"%Ld!!!??%6%Ld!??'%(&%6"%Ld! !??%6%Ld!??'%(&%6"%Ld! !??%!6!%Ld!!!!??!bK!;$$==V(X(($$AA<C%'%%V0%%('%%V0%%('%%V0%%('%%V0%%('%%V0%%('%%V0%%('%%V0%%('%%V0%%('%%V0%%('%%V0%%('%%V0%%('%%V0%%('%%V0%%('%%V0%%(%""RpArialvX\lu-aQ:lu@\`QX\~/^l\~/^0_|\{~/^luO/^d^I/ ^)YI/&`&/^9\+v9]ux]udv%'A>TT,UUA&ALP1TT2DUUA&A2LP2, TTJ\UUA&AJLP3(TTbtUUA&AbLP4TTzUUA&AzLP5sTTUUA&ALP63-TTUUA&ALP7fTTUUA&ALP8(TT_iUUA&A_LPAUeTTUUA&ALPB%%"!%'A>#sRp Calibriv#lu aQ:luX5#`Q#~/X5%X5#~/%X5&#{~/%u#O/%%I/ %I/%`%a#/$9D$+v9T%`$X5u$X5dv%T4H]UUA&A4HLhBill of Lading&WMFC4TH[]UUA&AHLtContainer Number(s)0Rp Calibriv#luaQ:lu\#`Q#~/\%\#~/%\&#{~/%u#O/%%I/ %lI/$`$a#/L]ru9D$+v9T%`$\u$\dv%T&`vuUUA&A&`L`2445719004T&xvUUA&A&xL`244572528{%%"!%#s.TLUUA&A&LL%"!%#/sFT0rEUUA&A0LpReference Numbersb%"!%#s%"!%s'%(&%"6"%Ld"""!??'%Ld##!??Ld#-.#-!??%(%6%Ld!??%r6r%Ldrrr!??'%Ld!"!z!??LdGGH!??LdqGrqGH!??%(%"6"%Ld"""C!??%6%LdC!??%r6r%LdrrrC!??'%Ldr!??Ld-r.-!??Ld#ErF#EQ!??Ld#]r^#]Q!??Ld#urv#uQ!??Ld#r#Q!??%(%"6t%Ld"r"R!??%"6t%Ld"r"R!??%"6t%Ld"r"R!??%%"!%#s%"!%s'%(&%6s%Ldrs!??%6%Ld!??%"Q|rP(xs( F4(EMF+*@$??FEMF+@s''',s',s',s--""-@!"-#-@!"-..#-@!".-FF#-@!"F-^^#-@!"^-vv#-@!"v-#-@!"-#-@!"-#-@!"-#-@!"-"s-@!Q"-""-@!"--@!-rr-@!r-@!!--"-@!!--@!--"-@! --@!--"-@! -!!-@!!,---$----$----$----$----$----$----$----$----$----$----$----$----$----$---''Arial-'A>212222J32b42z52627282_A2B-"System-'-'A>,s# Calibri-2H4Bill of Lading$2HContainer Number(s) Calibri-2`&2445719002x&244572528--'-,.s#2&-'-,Fs/#!20Reference Numbers-'-,s#-'-,s--""-@!"-@!#@!-#---@!-rr-@!r-@!z!@!HG@!HGq--""-@!C"--@!C-rr-@!Cr-@!@!-@!QE#@!Q]#@!Qu#@!Q#--"t-@!R"-"t-@!R"-"t-@!R"--'-,s#-'-,s--s-@!s--@!-'#As( |
Creating Application: | |
Security: | 0 |
Document Code Page: | 1252 |
Number of Lines: | 1 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.5689955935892812 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x3EPRINT |
CLSID: | |
File Type: | Windows Enhanced Metafile (EMF) image data version 0x10000 |
Stream Size: | 21580 |
Entropy: | 3.0393032842947503 |
Base64 Encoded: | False |
Data ASCII: | . . . . l . . . . . . . . . . . . d . . 7 . . . . . . . . . . . . . . a . . . E M F . . . . L T . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ K . . h C . . F . . . , . . . . . . E M F + . @ . . . . . . . . . . . . . . . . X . . . X . . . F . . . \\ . . . P . . . E M F + " @ . . . . . . . . . . . @ . . . . . . . . . . $ @ . . . . . . . . . . 0 @ . . . . . . . . . . . . ? ! @ . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 00 6c 00 00 00 00 00 00 00 00 00 00 00 0e 64 00 00 37 02 00 00 00 00 00 00 00 00 00 00 c7 a7 01 00 61 09 00 00 20 45 4d 46 00 00 01 00 4c 54 00 00 60 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 13 00 00 c8 19 00 00 d8 00 00 00 17 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5c 4b 03 00 68 43 04 00 46 00 00 00 2c 00 00 00 20 00 00 00 45 4d 46 2b 01 40 01 00 |
General | |
Stream Path: | \x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 01 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 232 |
Entropy: | 2.9685690292673397 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E x c e l a t t a c h m e n t . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 b8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 95 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 19764 |
Entropy: | 2.996429694336596 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . M . . . . . . . . . . 0 . . . . . . . 8 . . . . . . . H . . . . . . . T . . . . . . . \\ . . . . . . . . . . . . . . . . . . 9 1 9 7 4 . . . @ . . . . L Q . . . . . . . . . . G . . . L . . . . . . . . . H . . . . . . . . . H & . . . . . . . . . . . . . . & . . . " W M F C . . . . . . . . . . . . . . . . . . . . . . . 4 . . . . . . l . . . . . . . . . . . r . . . . . . . . . . . . . . . . . . . . E M F . . . . 4 . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 04 4d 00 00 05 00 00 00 01 00 00 00 30 00 00 00 08 00 00 00 38 00 00 00 0d 00 00 00 48 00 00 00 13 00 00 00 54 00 00 00 11 00 00 00 5c 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 08 00 00 00 39 31 39 37 34 00 00 00 40 00 00 00 00 97 4c 51 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 14441 |
Entropy: | 4.452733703590153 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . h . . . \\ : # 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c9 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Code Page: | 1252 |
Title: | |
Subject: | |
Author: | 91974 |
Keywords: | |
Template: | |
Last Saved By: | 91974 |
Revion Number: | 3 |
Total Edit Time: | 2 |
Last Printed: | 2024-06-09 14:15:36 |
Create Time: | 2024-09-26T01:48:00Z |
Last Saved Time: | 2024-09-26T05:09:00Z |
Number of Pages: | 1 |
Number of Words: | 0 |
Number of Characters: | 0 |
Thumbnail: | ? |&&" WMFC 3lL EMF38X?F, EMF+@xxF\PEMF+"@@$@0@?!@@!"!"!"!"!"!'%&%(6(%Ld(((!??%6)%Ld((!??%A6)A%LdA(AA(!??%[6)[%Ld[([[(!??%m6)m%Ldm(mm(!??%6)%Ld((!??%6)%Ld((!??%6)%Ld((!??%(6%Ld((^!??%(6(%Ld(((!??%6%Ld!??%6%Ld!??'%Ld''!??%%6(%Ld''!??%6%Ld!??'%(&%6(%Ld'&!??%6%Ld!??'%(&%6(%Ld'&!??%'6'%Ld'''!??!bK!;$$==V(8X8h(h$$AA<C%'%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%('%%V0#$$%%(%""Rp[SO1//%!%E$%N/y/0/%0%h!/%@/%_oudv%'A>TT(;UUA&A(LP1TTFYUUA&AFLP2TT\kUUA&AXL\(mP3TT{UUA&A{LP4TTUUA&ALP5TTUUA&ALP6TTvUUA&AvLPATT$-UUA&A$LPB%%"!%'A>)'%Ld)(!??Rp Calibri@//E$N/y/0/0h/@/Calbri&WMFC3udv%Rp Calibri@4//E$N/y/0/0h/@/[SOudv%%%%"!%%)TUUA&ALpCOMMERCIAL INVOICE%%"!%%)nTLUUA&A-oLL%%%%%%%%"!%%)AT[@UUA&A["LSUZHOU SHENGCHENG TEXTILE CO.,LTD.%%%%%%%"!%%)BmTWCZUUA&AWC<L79 Xiushui Road,South Third Ring,Group 12,Shengtang Village,TE]lUUA&AE]@LShengze Town,Wujiang District,Suzhou City,Jiangsu Province,China%%%%"!%%)%%"!%%'%((&%%Ld(!??%%Ld!??%%Ld!??'%(&%(6(%Ld(((A!??%)6%Ld))^!??%)6%Ld))^!??%(%"!%)'%Ld)'!??Ld))'!??%(%"!%'%%6%Ld!??%6%Ld!??%"Q|P(x( F4(EMF+*@$??FEMF+@''',',',--((-@!(-)-@!(-AA)-@!(A-[[)-@!([-mm)-@!(m-)-@!(-)-@!(-)-@!(-(-@!^(-((-@!(--@!--@!-@!'--(-@!'--@!--(-@!&--@!--(-@!&-''-@!',$#"! ---$$$----$$$----$$$----$$$----$$$----$$$----$$$----$$$----$$$----$$$----$$$----$$$----$$$----$$$----$$$----$$$----$$$----$$$---''??-'A>2(12F22X\(m32{425262vA2$B-"System-'-'A>,)-@!( Calibri- Calibri----'--,)"2COMMERCIAL INVOICE--'--,n)2o---------'--,A):2["SUZHOU SHENGCHENG TEXTILE CO.,LTD.-------'--,mB)a2CW<79 Xiushui Road,South Third Ring,Group 12,Shengtang Village,g2]E@Shengze Town,Wujiang District,Suzhou City,Jiangsu Province,China----'--,)--'--,---@!(--@!--@!--((-@!A(-)-@!^)-)-@!^)--'-,)-@!'@!'--'-,---@!--@!-'#A( |
Creating Application: | |
Security: | 0 |
Document Code Page: | 1252 |
Number of Lines: | 1 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.5689955935892812 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x3EPRINT |
CLSID: | |
File Type: | Windows Enhanced Metafile (EMF) image data version 0x10000 |
Stream Size: | 31524 |
Entropy: | 3.192763011057055 |
Base64 Encoded: | False |
Data ASCII: | . . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . ] . . F . . E M F . . . . $ { . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ K . . h C . . F . . . , . . . . . . E M F + . @ . . . . . . . . . . . . . . . . X . . . X . . . F . . . \\ . . . P . . . E M F + " @ . . . . . . . . . . . @ . . . . . . . . . . $ @ . . . . . . . . . . 0 @ . . . . . . . . . . . . ? ! @ . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 00 6c 00 00 00 00 00 00 00 08 00 00 00 f6 15 00 00 be 10 00 00 00 00 00 00 00 00 00 00 07 5d 00 00 ca 46 00 00 20 45 4d 46 00 00 01 00 24 7b 00 00 bf 03 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 13 00 00 c8 19 00 00 d8 00 00 00 17 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5c 4b 03 00 68 43 04 00 46 00 00 00 2c 00 00 00 20 00 00 00 45 4d 46 2b 01 40 01 00 |
General | |
Stream Path: | \x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 01 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 484 |
Entropy: | 3.922883556049869 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , D . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I N V . . . . . P L . . . . . D P L - 1 . . . . . I N V ! P r i n t _ A r e a . . . . . P L ! P r i n t _ A r e a . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 01 00 00 00 01 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 19956 |
Entropy: | 3.0439685664493332 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . M . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y d t . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . W P S O f f i c e . . @ . . . . E . w . @ . . . . . 2 . @ . . . . @ . . . . . . . . . . G . . . . M . . . . . . . . ? . . . . . . . . . | & . . . . . . . . . . . . . . & . . . " W M F C . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 c4 4d 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 64 00 00 00 12 00 00 00 74 00 00 00 0b 00 00 00 88 00 00 00 0c 00 00 00 94 00 00 00 0d 00 00 00 a0 00 00 00 13 00 00 00 ac 00 00 00 11 00 00 00 b4 00 00 00 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 95624 |
Entropy: | 3.884322021970485 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . Q | 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c9 00 02 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 10:53:17.657480001 CEST | 49161 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:17.657515049 CEST | 443 | 49161 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:17.657757998 CEST | 49161 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:17.665853977 CEST | 49161 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:17.665870905 CEST | 443 | 49161 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:18.630374908 CEST | 443 | 49161 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:18.630841970 CEST | 49161 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:18.636562109 CEST | 49161 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:18.636574984 CEST | 443 | 49161 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:18.636878967 CEST | 443 | 49161 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:18.637861013 CEST | 49161 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:18.739989996 CEST | 49161 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:18.783413887 CEST | 443 | 49161 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:19.222306013 CEST | 443 | 49161 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:19.222408056 CEST | 49161 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:19.222448111 CEST | 443 | 49161 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:19.222515106 CEST | 443 | 49161 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:19.222522020 CEST | 49161 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:19.222575903 CEST | 49161 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:19.691209078 CEST | 49161 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:19.691231966 CEST | 443 | 49161 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:20.208811998 CEST | 49162 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:20.208839893 CEST | 443 | 49162 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:20.208903074 CEST | 49162 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:20.209321976 CEST | 49162 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:20.209337950 CEST | 443 | 49162 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:21.168277025 CEST | 443 | 49162 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:21.168417931 CEST | 49162 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:21.174189091 CEST | 49162 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:21.174197912 CEST | 443 | 49162 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:21.174619913 CEST | 443 | 49162 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:21.180382013 CEST | 49162 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:21.223421097 CEST | 443 | 49162 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:22.592037916 CEST | 443 | 49162 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:22.592201948 CEST | 443 | 49162 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:22.592284918 CEST | 49162 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:22.592284918 CEST | 49162 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:22.592333078 CEST | 49162 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:22.592348099 CEST | 443 | 49162 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:26.239485025 CEST | 49163 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:26.239535093 CEST | 443 | 49163 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:26.239623070 CEST | 49163 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:26.240647078 CEST | 49163 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:26.240664959 CEST | 443 | 49163 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:27.210285902 CEST | 443 | 49163 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:27.210388899 CEST | 49163 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:27.214715004 CEST | 49163 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:27.214734077 CEST | 443 | 49163 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:27.215095997 CEST | 443 | 49163 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:27.232877016 CEST | 49163 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:27.279426098 CEST | 443 | 49163 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:27.813416004 CEST | 443 | 49163 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:27.813488007 CEST | 443 | 49163 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:27.813570976 CEST | 49163 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:27.834525108 CEST | 49163 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:27.834561110 CEST | 443 | 49163 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:28.006474018 CEST | 49164 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:28.006508112 CEST | 443 | 49164 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:28.006578922 CEST | 49164 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:28.006906986 CEST | 49164 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:28.006921053 CEST | 443 | 49164 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:28.963682890 CEST | 443 | 49164 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:28.963757992 CEST | 49164 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:28.971409082 CEST | 49164 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:28.971443892 CEST | 443 | 49164 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:28.971961021 CEST | 443 | 49164 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:28.973422050 CEST | 49164 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:29.019423008 CEST | 443 | 49164 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:29.563065052 CEST | 443 | 49164 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:29.563144922 CEST | 443 | 49164 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:29.563241005 CEST | 49164 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:29.563779116 CEST | 49164 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:29.563802958 CEST | 443 | 49164 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:29.577003956 CEST | 49165 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:29.577048063 CEST | 443 | 49165 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:29.577169895 CEST | 49165 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:29.577346087 CEST | 49165 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:29.577363968 CEST | 443 | 49165 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:30.582015038 CEST | 443 | 49165 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:30.582478046 CEST | 49165 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:30.582506895 CEST | 443 | 49165 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:30.583625078 CEST | 49165 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:30.583641052 CEST | 443 | 49165 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:31.203444958 CEST | 443 | 49165 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:31.203634977 CEST | 443 | 49165 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:31.203743935 CEST | 49165 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:31.203798056 CEST | 49165 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:31.203819990 CEST | 443 | 49165 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:31.243513107 CEST | 49166 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:31.243549109 CEST | 443 | 49166 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:31.243614912 CEST | 49166 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:31.243997097 CEST | 49166 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:31.244014025 CEST | 443 | 49166 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:32.204408884 CEST | 443 | 49166 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:32.204536915 CEST | 49166 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:32.206127882 CEST | 49166 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:32.206137896 CEST | 443 | 49166 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:32.207752943 CEST | 49166 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:32.207758904 CEST | 443 | 49166 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:33.445363045 CEST | 443 | 49166 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:33.445514917 CEST | 49166 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:33.445542097 CEST | 443 | 49166 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:33.445561886 CEST | 443 | 49166 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:33.445611954 CEST | 49166 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:33.445717096 CEST | 49166 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:33.459681034 CEST | 49166 | 443 | 192.168.2.22 | 34.93.135.146 |
Sep 27, 2024 10:53:33.459709883 CEST | 443 | 49166 | 34.93.135.146 | 192.168.2.22 |
Sep 27, 2024 10:53:33.496623039 CEST | 49167 | 80 | 192.168.2.22 | 104.168.32.148 |
Sep 27, 2024 10:53:33.501461983 CEST | 80 | 49167 | 104.168.32.148 | 192.168.2.22 |
Sep 27, 2024 10:53:33.501569986 CEST | 49167 | 80 | 192.168.2.22 | 104.168.32.148 |
Sep 27, 2024 10:53:33.501691103 CEST | 49167 | 80 | 192.168.2.22 | 104.168.32.148 |
Sep 27, 2024 10:53:33.506459951 CEST | 80 | 49167 | 104.168.32.148 | 192.168.2.22 |
Sep 27, 2024 10:53:34.923116922 CEST | 80 | 49167 | 104.168.32.148 | 192.168.2.22 |
Sep 27, 2024 10:53:34.923266888 CEST | 49167 | 80 | 192.168.2.22 | 104.168.32.148 |
Sep 27, 2024 10:53:34.923347950 CEST | 49167 | 80 | 192.168.2.22 | 104.168.32.148 |
Sep 27, 2024 10:53:34.928242922 CEST | 80 | 49167 | 104.168.32.148 | 192.168.2.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 10:53:17.604465008 CEST | 54562 | 53 | 192.168.2.22 | 8.8.8.8 |
Sep 27, 2024 10:53:17.653201103 CEST | 53 | 54562 | 8.8.8.8 | 192.168.2.22 |
Sep 27, 2024 10:53:20.182425976 CEST | 52917 | 53 | 192.168.2.22 | 8.8.8.8 |
Sep 27, 2024 10:53:20.198740005 CEST | 53 | 52917 | 8.8.8.8 | 192.168.2.22 |
Sep 27, 2024 10:53:20.201121092 CEST | 62751 | 53 | 192.168.2.22 | 8.8.8.8 |
Sep 27, 2024 10:53:20.208441973 CEST | 53 | 62751 | 8.8.8.8 | 192.168.2.22 |
Sep 27, 2024 10:53:26.194506884 CEST | 57893 | 53 | 192.168.2.22 | 8.8.8.8 |
Sep 27, 2024 10:53:26.210872889 CEST | 53 | 57893 | 8.8.8.8 | 192.168.2.22 |
Sep 27, 2024 10:53:26.213289022 CEST | 54821 | 53 | 192.168.2.22 | 8.8.8.8 |
Sep 27, 2024 10:53:26.238771915 CEST | 53 | 54821 | 8.8.8.8 | 192.168.2.22 |
Sep 27, 2024 10:53:27.990192890 CEST | 54719 | 53 | 192.168.2.22 | 8.8.8.8 |
Sep 27, 2024 10:53:27.997323990 CEST | 53 | 54719 | 8.8.8.8 | 192.168.2.22 |
Sep 27, 2024 10:53:27.998363018 CEST | 49881 | 53 | 192.168.2.22 | 8.8.8.8 |
Sep 27, 2024 10:53:28.006170034 CEST | 53 | 49881 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 27, 2024 10:53:17.604465008 CEST | 192.168.2.22 | 8.8.8.8 | 0xf2df | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 10:53:20.182425976 CEST | 192.168.2.22 | 8.8.8.8 | 0x7c92 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 10:53:20.201121092 CEST | 192.168.2.22 | 8.8.8.8 | 0x2547 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 10:53:26.194506884 CEST | 192.168.2.22 | 8.8.8.8 | 0x1100 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 10:53:26.213289022 CEST | 192.168.2.22 | 8.8.8.8 | 0x2664 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 10:53:27.990192890 CEST | 192.168.2.22 | 8.8.8.8 | 0xd97e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 10:53:27.998363018 CEST | 192.168.2.22 | 8.8.8.8 | 0x9c5b | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 27, 2024 10:53:17.653201103 CEST | 8.8.8.8 | 192.168.2.22 | 0xf2df | No error (0) | 34.93.135.146 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 10:53:20.198740005 CEST | 8.8.8.8 | 192.168.2.22 | 0x7c92 | No error (0) | 34.93.135.146 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 10:53:20.208441973 CEST | 8.8.8.8 | 192.168.2.22 | 0x2547 | No error (0) | 34.93.135.146 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 10:53:26.210872889 CEST | 8.8.8.8 | 192.168.2.22 | 0x1100 | No error (0) | 34.93.135.146 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 10:53:26.238771915 CEST | 8.8.8.8 | 192.168.2.22 | 0x2664 | No error (0) | 34.93.135.146 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 10:53:27.997323990 CEST | 8.8.8.8 | 192.168.2.22 | 0xd97e | No error (0) | 34.93.135.146 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 10:53:28.006170034 CEST | 8.8.8.8 | 192.168.2.22 | 0x9c5b | No error (0) | 34.93.135.146 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49167 | 104.168.32.148 | 80 | 3260 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2024 10:53:33.501691103 CEST | 516 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49161 | 34.93.135.146 | 443 | 3260 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 08:53:18 UTC | 129 | OUT | |
2024-09-27 08:53:19 UTC | 504 | IN | |
2024-09-27 08:53:19 UTC | 8 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.22 | 49162 | 34.93.135.146 | 443 | 3260 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 08:53:21 UTC | 114 | OUT | |
2024-09-27 08:53:22 UTC | 671 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
2 | 192.168.2.22 | 49163 | 34.93.135.146 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 08:53:27 UTC | 124 | OUT | |
2024-09-27 08:53:27 UTC | 504 | IN | |
2024-09-27 08:53:27 UTC | 8 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
3 | 192.168.2.22 | 49164 | 34.93.135.146 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 08:53:28 UTC | 154 | OUT | |
2024-09-27 08:53:29 UTC | 455 | IN | |
2024-09-27 08:53:29 UTC | 144 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
4 | 192.168.2.22 | 49165 | 34.93.135.146 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 08:53:30 UTC | 154 | OUT | |
2024-09-27 08:53:31 UTC | 455 | IN | |
2024-09-27 08:53:31 UTC | 144 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.22 | 49166 | 34.93.135.146 | 443 | 3260 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 08:53:32 UTC | 344 | OUT | |
2024-09-27 08:53:33 UTC | 659 | IN | |
2024-09-27 08:53:33 UTC | 215 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 04:53:13 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13fa40000 |
File size: | 1'423'704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |