Play interactive tourEdit tour
Analysis Report document-933340782.xlsm
Overview
General Information
Detection
Hidden Macro 4.0
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Found abnormal large hidden Excel 4.0 Macro sheet
Excel documents contains an embedded macro which executes code when the document is opened
IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: |
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Source: | Binary string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: |
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting21 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol3 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution23 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol13 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Rundll321 | Security Account Manager | System Information Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting21 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
37% | Virustotal | Browse | ||
19% | Metadefender | Browse | ||
48% | ReversingLabs | Document-Excel.Spyware.Ymacco |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse | ||
7% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
4% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
kristen.sbddev.com | 50.23.112.133 | true | false |
| unknown |
holmesservices.mobiledevsite.co | 103.68.166.129 | true | true |
| unknown |
tienda.ventadigital.com.ar | 31.170.166.139 | true | false |
| unknown |
nellaimasthanbiryani.com | 66.36.231.40 | true | false |
| unknown |
thirdstringcalifornia.com | 143.95.33.96 | true | false |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
143.95.33.96 | thirdstringcalifornia.com | United States | 62729 | ASMALLORANGE1US | false | |
66.36.231.40 | nellaimasthanbiryani.com | United States | 14361 | HOPONE-GLOBALUS | false | |
50.23.112.133 | kristen.sbddev.com | United States | 36351 | SOFTLAYERUS | false | |
31.170.166.139 | tienda.ventadigital.com.ar | United States | 47583 | AS-HOSTINGERLT | false | |
103.68.166.129 | holmesservices.mobiledevsite.co | Singapore | 38719 | DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 383151 |
Start date: | 07.04.2021 |
Start time: | 10:53:28 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | document-933340782.xlsm |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 32 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal88.expl.evad.winXLSM@11/13@5/5 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
143.95.33.96 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
66.36.231.40 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
holmesservices.mobiledevsite.co | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
tienda.ventadigital.com.ar | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
kristen.sbddev.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ASMALLORANGE1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
HOPONE-GLOBALUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
SOFTLAYERUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 133170 |
Entropy (8bit): | 5.371012913587198 |
Encrypted: | false |
SSDEEP: | 1536:+cQIeNquBXA3gBwqpQ9DQW+zAM34ZldpKWXboOilXNErLdME9:OVQ9DQW+zTXiJ |
MD5: | 9FA2A9C85C7F5D9B978C8C1DD766F6AC |
SHA1: | E21841DE6D57448731E5E71D6C3B9B5FF59C8858 |
SHA-256: | 2C15F126346384721925F6BCBA17ECAA43CB8BEA985CD042E33CA2FBDF50952A |
SHA-512: | 2D06E87BA9B263C4721549201BA42433F06DBD67719EDA249851126187CB9FA79809292774F7D74F28D0C75B8F51866D0E319ADDEDC95F21E74E5D04BBC6402D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 848 |
Entropy (8bit): | 7.595467031611744 |
Encrypted: | false |
SSDEEP: | 24:NLJZbn0jL5Q3H/hbqzej+0C3Yi6yyuq53q:JIjm3pQCLWYi67lc |
MD5: | 02DB1068B56D3FD907241C2F3240F849 |
SHA1: | 58EC338C879DDBDF02265CBEFA9A2FB08C569D20 |
SHA-256: | D58FF94F5BB5D49236C138DC109CE83E82879D0D44BE387B0EA3773D908DD25F |
SHA-512: | 9057CE6FA62F83BB3F3EFAB2E5142ABC41190C08846B90492C37A51F07489F69EDA1D1CA6235C2C8510473E8EA443ECC5694E415AEAF3C7BD07F864212064678 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 557 |
Entropy (8bit): | 7.343009301479381 |
Encrypted: | false |
SSDEEP: | 12:6v/7aLMZ5I9TvSb5Lr6U7+uHK2yJtNJTNSB0qNMQCvGEvfvqVFsSq6ixPT3Zf:Ng8SdCU7+uqF20qNM1dvfSviNd |
MD5: | A516B6CB784827C6BDE58BC9D341C1BD |
SHA1: | 9D602E7248E06FF639E6437A0A16EA7A4F9E6C73 |
SHA-256: | EF8F7EDB6BA0B5ACEC64543A0AF1B133539FFD439F8324634C3F970112997074 |
SHA-512: | C297A61DA1D7E7F247E14D188C425D43184139991B15A5F932403EE68C356B01879B90B7F96D55B0C9B02F6B9BFAF4E915191683126183E49E668B6049048D35 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 34789 |
Entropy (8bit): | 7.988267796017535 |
Encrypted: | false |
SSDEEP: | 768:+D5XH0YsPc/wBfkpz/srsnYlCO20quHVkKAPH+leFbMLezAIt:+D5XUYz/wBf8orsEwHKynWLmAQ |
MD5: | 13CE435F07ADD2BEABD4A860755B489D |
SHA1: | 6CB356E6EA48633D56B49E578039818E493D364F |
SHA-256: | AA2172D7F8454BEF43575C8877FCA816254D49BE7A9AF420B0C7FEE0169058E4 |
SHA-512: | E3E0C4541C1299494E8BC5C597E5913B06A1D481E125241C538D634CE2119BFCED14424C2E537A9EE036927E9955688D914DC56550E83B683B2D065E67FA037C |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8301 |
Entropy (8bit): | 7.970711494690041 |
Encrypted: | false |
SSDEEP: | 192:BzNWXTPmjktA8BddiGGwjNHOQRud4JTTOFPY4:B8aoVT0QNuzWKPh |
MD5: | D8574C9CC4123EF67C8B600850BE52EE |
SHA1: | 5547AC473B3523BA2410E04B75E37B1944EE0CCC |
SHA-256: | ADD8156BAA01E6A9DE10132E57A2E4659B1A8027A8850B8937E57D56A4FC204B |
SHA-512: | 20D29AF016ED2115C210F4F21C65195F026AAEA14AA16E36FD705482CC31CD26AB78C4C7A344FD11D4E673742E458C2A104A392B28187F2ECCE988B0612DBACF |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 7295 |
Entropy (8bit): | 5.637267147483986 |
Encrypted: | false |
SSDEEP: | 192:ElVZHCkA26xd3Qk/uTtMy47R/Ga0kVhFuPwf8Pn9wHHyJS:EJ8VGaRF8I8K |
MD5: | AFC83AE7C4EA82B533D9B8731AAB3E80 |
SHA1: | A77EB9C6E5472FE4A17385ACB32BF96C9F69A65F |
SHA-256: | FDF900267092BC67BD7786B86C462E69F9ED52BED838809B6BA28B298BE879F6 |
SHA-512: | 5CF249AFF46D7B7C1BE5F2F2CA3D771E6EEB9B85EF8D6CE8BB93DFEEB0957F9E8BF15FC4B57D98A19F76E49C51A68C957EDC6CB98CCC15AE3215BC326D968CF7 |
Malicious: | false |
IE Cache URL: | http://kristen.sbddev.com/cgi-sys/suspendedpage.cgi |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 106839 |
Entropy (8bit): | 7.913373653249158 |
Encrypted: | false |
SSDEEP: | 1536:Kt411S28FXDhD5XUYz/wBf8orsEwHKynWLmA90Qk7Z1lvlEdx8fSK:KtA1S28FXDDDzPjEwqtDi1vKdx8/ |
MD5: | A306995A19FB41961ADF43C246C70AE6 |
SHA1: | 90E3718C1BCB6BDF047AA6E5FDB0668D92EB0DB2 |
SHA-256: | E556E208C5BBE9C5D2E47AE995B985411D72C0C6A4144E764473C44236658322 |
SHA-512: | 49D11CDC3340CCAE271B74005B77F9D0E7B9592DC081461B274109A81A84962A085C9E72F29C6028BB5FD4853FE7EE0D5A0739A8590A8727267AADC860F49D76 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 904 |
Entropy (8bit): | 4.6458037272807085 |
Encrypted: | false |
SSDEEP: | 12:8SCXUBuElPCH2YgY7sY3t+WrjAZ/2bDQdLC5Lu4t2Y+xIBjKZm:8SwgY7fAZiDD87aB6m |
MD5: | E0C65D18BE88B4A812FF1F229BCA69D1 |
SHA1: | 7D2406A10C31D7A020DD4990BAAB9B5D857DD5CE |
SHA-256: | 1D6B1E87F2036B3A1C94CDB466A561F33EFBB5F6ECFB160D401D207E2F9FC073 |
SHA-512: | 9338CDF6BE8CDEDD2AF071DE2A75106EABF8570FE54EB547D5B4086C7879300B62529A063C7767BC54E19EF5EEA0C99971A11A2B419A023AF8F3C1F90B83B767 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2200 |
Entropy (8bit): | 4.736351324868558 |
Encrypted: | false |
SSDEEP: | 24:8HXgY7bDUARgBtDat7aB6myHXgY7bDUARgBtDat7aB6m:83JDjRgBIgB6p3JDjRgBIgB6 |
MD5: | 1EB270DC4DCE3EC5B6A6C5D85775B4FD |
SHA1: | 5654FC72F412E70D526D351F62B9E8210C5CC11A |
SHA-256: | 5DDB986530E02CC02B476E2DA5EF74445F444358A5787F7D5F86CD88E46B4EC0 |
SHA-512: | 81CF36AC26633E1F1F5451BBEB2D89263EC1D9CC3AB88AC54E3F5C7E9D50B9F17C71B65F2079DAEA6F558A40F2649DA044A110E44F56CCBF6B205B38A7666E7D |
Malicious: | true |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 124 |
Entropy (8bit): | 4.822946133507819 |
Encrypted: | false |
SSDEEP: | 3:oyBVomxWKS9LRzSShdSZELRzSShdSmxWKS9LRzSShdSv:dj49LdhhdwELdhhdy9Ldhhdc |
MD5: | 1F48A78C341C113F2DE2A2B9A8B8BAE9 |
SHA1: | 4A26888FE9D329E97E21F94E6758490C91867FED |
SHA-256: | A46C9E7CF708E6957BA16EE9AA93A5CE65F5559040DCC0F5E6C833365A4D9C69 |
SHA-512: | 7EFCECA0AE0192FC9744C8C73D9ECEBB9B85C235A2968DEB1255B722532A2A64EFAAF58B9B620B903759AA80152B1148E91802CE652B430C3DCE9C1358F15174 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 106839 |
Entropy (8bit): | 7.913373653249158 |
Encrypted: | false |
SSDEEP: | 1536:Kt411S28FXDhD5XUYz/wBf8orsEwHKynWLmA90Qk7Z1lvlEdx8fSK:KtA1S28FXDDDzPjEwqtDi1vKdx8/ |
MD5: | A306995A19FB41961ADF43C246C70AE6 |
SHA1: | 90E3718C1BCB6BDF047AA6E5FDB0668D92EB0DB2 |
SHA-256: | E556E208C5BBE9C5D2E47AE995B985411D72C0C6A4144E764473C44236658322 |
SHA-512: | 49D11CDC3340CCAE271B74005B77F9D0E7B9592DC081461B274109A81A84962A085C9E72F29C6028BB5FD4853FE7EE0D5A0739A8590A8727267AADC860F49D76 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtBhFXI6dtt:RJZhJ1 |
MD5: | 836727206447D2C6B98C973E058460C9 |
SHA1: | D83351CF6DE78FEDE0142DE5434F9217C4F285D2 |
SHA-256: | D9BECB14EECC877F0FA39B6B6F856365CADF730B64E7FA2163965D181CC5EB41 |
SHA-512: | 7F843EDD7DC6230BF0E05BF988D25AE6188F8B22808F2C990A1E8039C0CECC25D1D101E0FDD952722FEAD538F7C7C14EEF9FD7F4B31036C3E7F79DE570CD0607 |
Malicious: | true |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7295 |
Entropy (8bit): | 5.637267147483986 |
Encrypted: | false |
SSDEEP: | 192:ElVZHCkA26xd3Qk/uTtMy47R/Ga0kVhFuPwf8Pn9wHHyJS:EJ8VGaRF8I8K |
MD5: | AFC83AE7C4EA82B533D9B8731AAB3E80 |
SHA1: | A77EB9C6E5472FE4A17385ACB32BF96C9F69A65F |
SHA-256: | FDF900267092BC67BD7786B86C462E69F9ED52BED838809B6BA28B298BE879F6 |
SHA-512: | 5CF249AFF46D7B7C1BE5F2F2CA3D771E6EEB9B85EF8D6CE8BB93DFEEB0957F9E8BF15FC4B57D98A19F76E49C51A68C957EDC6CB98CCC15AE3215BC326D968CF7 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.912414325558474 |
TrID: |
|
File name: | document-933340782.xlsm |
File size: | 108510 |
MD5: | 766f5bb363db9a966b613a42a118798a |
SHA1: | 57e67742fd7e7fa0badddca5b2cceb4cf09048a7 |
SHA256: | 9952ce93009bb9fe2b687053da8db61f551cd524ca2691669257c35aaba18832 |
SHA512: | 3157b083902de46d1aaf75ac978537b479350c145a667c16965936f3ec9c84f08768604abbb4b54a12d37b8ce6b89136651b8083032887e730e6078b49cdaae9 |
SSDEEP: | 3072:Q26TGqT+dY7EDzPjEwqtDlko+bJ99K7meX7pD3:QLTGa084jYDv+d9imeX7pD3 |
File Content Preview: | PK..........!...`.............[Content_Types].xml ...(..............................................................................................................................................................................................##......... |
File Icon |
---|
Icon Hash: | 74ecd0e2f696908c |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "document-933340782.xlsm" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 7, 2021 10:54:27.818837881 CEST | 49716 | 80 | 192.168.2.3 | 50.23.112.133 |
Apr 7, 2021 10:54:27.988500118 CEST | 80 | 49716 | 50.23.112.133 | 192.168.2.3 |
Apr 7, 2021 10:54:27.988646984 CEST | 49716 | 80 | 192.168.2.3 | 50.23.112.133 |
Apr 7, 2021 10:54:27.989140034 CEST | 49716 | 80 | 192.168.2.3 | 50.23.112.133 |
Apr 7, 2021 10:54:28.159871101 CEST | 80 | 49716 | 50.23.112.133 | 192.168.2.3 |
Apr 7, 2021 10:54:28.165939093 CEST | 80 | 49716 | 50.23.112.133 | 192.168.2.3 |
Apr 7, 2021 10:54:28.166029930 CEST | 49716 | 80 | 192.168.2.3 | 50.23.112.133 |
Apr 7, 2021 10:54:28.168826103 CEST | 49716 | 80 | 192.168.2.3 | 50.23.112.133 |
Apr 7, 2021 10:54:28.377834082 CEST | 80 | 49716 | 50.23.112.133 | 192.168.2.3 |
Apr 7, 2021 10:54:28.377886057 CEST | 80 | 49716 | 50.23.112.133 | 192.168.2.3 |
Apr 7, 2021 10:54:28.377923965 CEST | 80 | 49716 | 50.23.112.133 | 192.168.2.3 |
Apr 7, 2021 10:54:28.377937078 CEST | 49716 | 80 | 192.168.2.3 | 50.23.112.133 |
Apr 7, 2021 10:54:28.377955914 CEST | 80 | 49716 | 50.23.112.133 | 192.168.2.3 |
Apr 7, 2021 10:54:28.377979994 CEST | 80 | 49716 | 50.23.112.133 | 192.168.2.3 |
Apr 7, 2021 10:54:28.377981901 CEST | 49716 | 80 | 192.168.2.3 | 50.23.112.133 |
Apr 7, 2021 10:54:28.378010035 CEST | 49716 | 80 | 192.168.2.3 | 50.23.112.133 |
Apr 7, 2021 10:54:28.378035069 CEST | 49716 | 80 | 192.168.2.3 | 50.23.112.133 |
Apr 7, 2021 10:54:28.460464001 CEST | 49718 | 80 | 192.168.2.3 | 31.170.166.139 |
Apr 7, 2021 10:54:28.577563047 CEST | 80 | 49718 | 31.170.166.139 | 192.168.2.3 |
Apr 7, 2021 10:54:28.577732086 CEST | 49718 | 80 | 192.168.2.3 | 31.170.166.139 |
Apr 7, 2021 10:54:28.578239918 CEST | 49718 | 80 | 192.168.2.3 | 31.170.166.139 |
Apr 7, 2021 10:54:28.764045000 CEST | 80 | 49718 | 31.170.166.139 | 192.168.2.3 |
Apr 7, 2021 10:54:28.764532089 CEST | 80 | 49718 | 31.170.166.139 | 192.168.2.3 |
Apr 7, 2021 10:54:28.764615059 CEST | 49718 | 80 | 192.168.2.3 | 31.170.166.139 |
Apr 7, 2021 10:54:28.789834023 CEST | 49719 | 80 | 192.168.2.3 | 143.95.33.96 |
Apr 7, 2021 10:54:28.930922031 CEST | 80 | 49719 | 143.95.33.96 | 192.168.2.3 |
Apr 7, 2021 10:54:28.931312084 CEST | 49719 | 80 | 192.168.2.3 | 143.95.33.96 |
Apr 7, 2021 10:54:28.931786060 CEST | 49719 | 80 | 192.168.2.3 | 143.95.33.96 |
Apr 7, 2021 10:54:29.074198961 CEST | 80 | 49719 | 143.95.33.96 | 192.168.2.3 |
Apr 7, 2021 10:54:29.202903986 CEST | 80 | 49719 | 143.95.33.96 | 192.168.2.3 |
Apr 7, 2021 10:54:29.202995062 CEST | 49719 | 80 | 192.168.2.3 | 143.95.33.96 |
Apr 7, 2021 10:54:29.203284979 CEST | 49719 | 80 | 192.168.2.3 | 143.95.33.96 |
Apr 7, 2021 10:54:29.212160110 CEST | 80 | 49719 | 143.95.33.96 | 192.168.2.3 |
Apr 7, 2021 10:54:29.212250948 CEST | 49719 | 80 | 192.168.2.3 | 143.95.33.96 |
Apr 7, 2021 10:54:29.233047962 CEST | 49720 | 80 | 192.168.2.3 | 103.68.166.129 |
Apr 7, 2021 10:54:29.344377995 CEST | 80 | 49719 | 143.95.33.96 | 192.168.2.3 |
Apr 7, 2021 10:54:29.344537020 CEST | 49719 | 80 | 192.168.2.3 | 143.95.33.96 |
Apr 7, 2021 10:54:29.348789930 CEST | 80 | 49720 | 103.68.166.129 | 192.168.2.3 |
Apr 7, 2021 10:54:29.348958969 CEST | 49720 | 80 | 192.168.2.3 | 103.68.166.129 |
Apr 7, 2021 10:54:29.349452972 CEST | 49720 | 80 | 192.168.2.3 | 103.68.166.129 |
Apr 7, 2021 10:54:29.468934059 CEST | 80 | 49720 | 103.68.166.129 | 192.168.2.3 |
Apr 7, 2021 10:54:29.469305038 CEST | 49720 | 80 | 192.168.2.3 | 103.68.166.129 |
Apr 7, 2021 10:54:29.712867022 CEST | 49721 | 80 | 192.168.2.3 | 66.36.231.40 |
Apr 7, 2021 10:54:29.815011978 CEST | 80 | 49721 | 66.36.231.40 | 192.168.2.3 |
Apr 7, 2021 10:54:29.815123081 CEST | 49721 | 80 | 192.168.2.3 | 66.36.231.40 |
Apr 7, 2021 10:54:29.954829931 CEST | 49721 | 80 | 192.168.2.3 | 66.36.231.40 |
Apr 7, 2021 10:54:30.055684090 CEST | 80 | 49721 | 66.36.231.40 | 192.168.2.3 |
Apr 7, 2021 10:54:30.190201044 CEST | 80 | 49721 | 66.36.231.40 | 192.168.2.3 |
Apr 7, 2021 10:54:30.190320969 CEST | 49721 | 80 | 192.168.2.3 | 66.36.231.40 |
Apr 7, 2021 10:54:34.651412964 CEST | 80 | 49718 | 31.170.166.139 | 192.168.2.3 |
Apr 7, 2021 10:54:34.651509047 CEST | 49718 | 80 | 192.168.2.3 | 31.170.166.139 |
Apr 7, 2021 10:55:33.376879930 CEST | 80 | 49716 | 50.23.112.133 | 192.168.2.3 |
Apr 7, 2021 10:55:33.380654097 CEST | 49716 | 80 | 192.168.2.3 | 50.23.112.133 |
Apr 7, 2021 10:55:35.187030077 CEST | 80 | 49721 | 66.36.231.40 | 192.168.2.3 |
Apr 7, 2021 10:55:35.187181950 CEST | 49721 | 80 | 192.168.2.3 | 66.36.231.40 |
Apr 7, 2021 10:56:11.224277020 CEST | 49721 | 80 | 192.168.2.3 | 66.36.231.40 |
Apr 7, 2021 10:56:11.224570036 CEST | 49720 | 80 | 192.168.2.3 | 103.68.166.129 |
Apr 7, 2021 10:56:11.224834919 CEST | 49718 | 80 | 192.168.2.3 | 31.170.166.139 |
Apr 7, 2021 10:56:11.225089073 CEST | 49716 | 80 | 192.168.2.3 | 50.23.112.133 |
Apr 7, 2021 10:56:11.327830076 CEST | 80 | 49721 | 66.36.231.40 | 192.168.2.3 |
Apr 7, 2021 10:56:11.341547012 CEST | 80 | 49720 | 103.68.166.129 | 192.168.2.3 |
Apr 7, 2021 10:56:11.341680050 CEST | 49720 | 80 | 192.168.2.3 | 103.68.166.129 |
Apr 7, 2021 10:56:11.394319057 CEST | 80 | 49716 | 50.23.112.133 | 192.168.2.3 |
Apr 7, 2021 10:56:11.832699060 CEST | 49718 | 80 | 192.168.2.3 | 31.170.166.139 |
Apr 7, 2021 10:56:12.629451990 CEST | 49718 | 80 | 192.168.2.3 | 31.170.166.139 |
Apr 7, 2021 10:56:14.113991022 CEST | 49718 | 80 | 192.168.2.3 | 31.170.166.139 |
Apr 7, 2021 10:56:17.067526102 CEST | 49718 | 80 | 192.168.2.3 | 31.170.166.139 |
Apr 7, 2021 10:56:22.958570004 CEST | 49718 | 80 | 192.168.2.3 | 31.170.166.139 |
Apr 7, 2021 10:56:34.741175890 CEST | 49718 | 80 | 192.168.2.3 | 31.170.166.139 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 7, 2021 10:54:08.851427078 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:08.879002094 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:10.030735970 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:10.048919916 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:20.238209963 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:20.251343966 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:21.318222046 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:21.359891891 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:21.748034000 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:21.792227030 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:22.761344910 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:22.776024103 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:23.761457920 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:23.774910927 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:25.371280909 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:25.384087086 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:25.777767897 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:25.793598890 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:26.401696920 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:26.416608095 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:27.658488989 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:27.817121983 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:27.997641087 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:28.028727055 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:28.405116081 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:28.458214998 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:28.773979902 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:28.787633896 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:29.217278957 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:29.231086016 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:29.476845980 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:29.710992098 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:29.793474913 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:29.806250095 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:34.351454973 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:34.363965034 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:35.308590889 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:35.320533037 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:36.171590090 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:36.184676886 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:37.208235979 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:37.223392963 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:38.306572914 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:38.319659948 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:39.414742947 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:39.429163933 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:43.065715075 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:43.079837084 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:44.826901913 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:44.840830088 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:45.216815948 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:45.257790089 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:54:50.836108923 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:54:50.856108904 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:55:05.004584074 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:55:05.015727043 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:55:05.018690109 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:55:05.033185005 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:55:05.100249052 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:55:05.113058090 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:55:12.672323942 CEST | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:55:12.685903072 CEST | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:55:16.887343884 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:55:16.900373936 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:55:20.845536947 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:55:20.860405922 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:55:22.390536070 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:55:22.411360979 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:55:28.970843077 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:55:28.983927011 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:55:33.942992926 CEST | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:55:33.956640959 CEST | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:55:44.146440983 CEST | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:55:44.159651041 CEST | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:55:46.309123039 CEST | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:55:46.323446035 CEST | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:55:47.310566902 CEST | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:55:47.326127052 CEST | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
Apr 7, 2021 10:55:55.443114996 CEST | 56338 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 7, 2021 10:55:55.468806028 CEST | 53 | 56338 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 7, 2021 10:54:27.658488989 CEST | 192.168.2.3 | 8.8.8.8 | 0xd33 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 7, 2021 10:54:28.405116081 CEST | 192.168.2.3 | 8.8.8.8 | 0x2abd | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 7, 2021 10:54:28.773979902 CEST | 192.168.2.3 | 8.8.8.8 | 0x19b7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 7, 2021 10:54:29.217278957 CEST | 192.168.2.3 | 8.8.8.8 | 0xeff0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 7, 2021 10:54:29.476845980 CEST | 192.168.2.3 | 8.8.8.8 | 0xb815 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 7, 2021 10:54:27.817121983 CEST | 8.8.8.8 | 192.168.2.3 | 0xd33 | No error (0) | 50.23.112.133 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:54:28.458214998 CEST | 8.8.8.8 | 192.168.2.3 | 0x2abd | No error (0) | 31.170.166.139 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:54:28.787633896 CEST | 8.8.8.8 | 192.168.2.3 | 0x19b7 | No error (0) | 143.95.33.96 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:54:29.231086016 CEST | 8.8.8.8 | 192.168.2.3 | 0xeff0 | No error (0) | 103.68.166.129 | A (IP address) | IN (0x0001) | ||
Apr 7, 2021 10:54:29.710992098 CEST | 8.8.8.8 | 192.168.2.3 | 0xb815 | No error (0) | 66.36.231.40 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49716 | 50.23.112.133 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 7, 2021 10:54:27.989140034 CEST | 1298 | OUT | |
Apr 7, 2021 10:54:28.165939093 CEST | 1300 | IN | |
Apr 7, 2021 10:54:28.168826103 CEST | 1300 | OUT | |
Apr 7, 2021 10:54:28.377834082 CEST | 1308 | IN |