Windows Analysis Report plan-515372324.xlsb
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | JA3 fingerprint: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: |
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: |
Source: | File opened: |
Source: | Process created: |
Source: | Registry key monitored for changes: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Window / User API: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting1 | DLL Side-Loading1 | Process Injection1 | Masquerading1 | OS Credential Dumping | Query Registry1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution23 | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Disable or Modify Tools1 | LSASS Memory | Security Software Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion1 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Regsvr321 | Cached Domain Credentials | System Information Discovery2 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | DLL Side-Loading1 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
15% | Virustotal | Browse | ||
22% | ReversingLabs | Document-Office.Backdoor.Quakbot |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
khangland.pro | 103.28.39.29 | true | false |
| unknown |
jaipurbynite.com | 104.244.121.13 | true | false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.244.121.13 | jaipurbynite.com | United States | 22611 | IMH-WESTUS | false | |
103.28.39.29 | khangland.pro | Viet Nam | 131353 | NHANHOA-AS-VNNhanHoaSoftwarecompanyVN | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 442112 |
Start date: | 30.06.2021 |
Start time: | 00:07:35 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 24s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | plan-515372324.xlsb |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal72.expl.evad.winXLSB@7/10@2/2 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
00:08:25 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
103.28.39.29 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
khangland.pro | Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
IMH-WESTUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
NHANHOA-AS-VNNhanHoaSoftwarecompanyVN | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 135209 |
Entropy (8bit): | 5.363066402926994 |
Encrypted: | false |
SSDEEP: | 1536:RcQIKNgeBTA3gBwlpQ9DQW+zoY34ZliKWXboOidX5E6LWME9:lEQ9DQW+zwXO1 |
MD5: | 57CE0440BA2348963E599DB7CC6D4E70 |
SHA1: | 9DC6386C0EFC19B9E88725D079F1561C74D3B672 |
SHA-256: | EF58DE4D929D2D78D172CFE4DCB94D8815D2447D6A7482670CC4E0CAB3C5283B |
SHA-512: | B09ED0537E02581F7BF417E73D07A26F42AA40E2E7457D5E67FAA61033A653844939EA5FF6CEEA08158469A70F0690A92454F57523D8DE05A263CD6B78C1AE65 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 848 |
Entropy (8bit): | 7.595467031611744 |
Encrypted: | false |
SSDEEP: | 24:NLJZbn0jL5Q3H/hbqzej+0C3Yi6yyuq53q:JIjm3pQCLWYi67lc |
MD5: | 02DB1068B56D3FD907241C2F3240F849 |
SHA1: | 58EC338C879DDBDF02265CBEFA9A2FB08C569D20 |
SHA-256: | D58FF94F5BB5D49236C138DC109CE83E82879D0D44BE387B0EA3773D908DD25F |
SHA-512: | 9057CE6FA62F83BB3F3EFAB2E5142ABC41190C08846B90492C37A51F07489F69EDA1D1CA6235C2C8510473E8EA443ECC5694E415AEAF3C7BD07F864212064678 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10270 |
Entropy (8bit): | 7.975714699744477 |
Encrypted: | false |
SSDEEP: | 192:3sXvKLMbye/PEXiKTUgCto9h4F6NwfU6vGDpdYNbcQZgkbd4cgc:3iLh/gJ59CDfU6LocbGK |
MD5: | 9C4F09E387EA7B36C8149EA7C5F8876E |
SHA1: | FF83384288EB89964C3872367E43F25FAFF007CC |
SHA-256: | A51C1D65092272DAEB2541D64A10539F0D04BC2F51B281C7A3296500CFCA56DE |
SHA-512: | 0FDDE22CFDDE8BB1C04842D2810D0FD6D42192594E0D6120DE401B08B7E2CFFB5333792BC748E93CD70FA14734CC7D950620CB977DDBBDB52D92BDA8F35521F8 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 42557 |
Entropy (8bit): | 7.992800895943226 |
Encrypted: | true |
SSDEEP: | 768:Pfsq4UmepRdblCFcXhw9KnRTRews6xD0FvBlwAS1A8x7BcS0OvD230:PR3ZblCF28KRsws6CFv0AYx7Bl3b230 |
MD5: | B1F262A694930ADB699FA94E3394887F |
SHA1: | 9C9B66D3A3F09AECA45DB94304CDD6FB3C5BD4C9 |
SHA-256: | 9C99EC61392B9022A38C1354124360147E8185065095BD2EC92B1416CF9F4B68 |
SHA-512: | 1CA7E6750178B88EC3AA7A0B83348EA389E26C27E0D7E919D807BE470714E5B4F04ACEB69D391F0498D4E465E6620E9449CA2F40755B5CE8196E683502EBF5F4 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 557 |
Entropy (8bit): | 7.343009301479381 |
Encrypted: | false |
SSDEEP: | 12:6v/7aLMZ5I9TvSb5Lr6U7+uHK2yJtNJTNSB0qNMQCvGEvfvqVFsSq6ixPT3Zf:Ng8SdCU7+uqF20qNM1dvfSviNd |
MD5: | A516B6CB784827C6BDE58BC9D341C1BD |
SHA1: | 9D602E7248E06FF639E6437A0A16EA7A4F9E6C73 |
SHA-256: | EF8F7EDB6BA0B5ACEC64543A0AF1B133539FFD439F8324634C3F970112997074 |
SHA-512: | C297A61DA1D7E7F247E14D188C425D43184139991B15A5F932403EE68C356B01879B90B7F96D55B0C9B02F6B9BFAF4E915191683126183E49E668B6049048D35 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32996 |
Entropy (8bit): | 7.975478139053759 |
Encrypted: | false |
SSDEEP: | 768:N4k48AnTViUidx37OODgvnrxtxAudMN1VTRVHdB4K7K:NE8m+L37OOwrCXN1VTR1PK |
MD5: | 4E69B72B0CE87CC7EE30AA1A062147FE |
SHA1: | 09B0AA5414E08756E0AE53E1BE5C70DB4DEAF2E8 |
SHA-256: | 77A1F749389CBF771D5197FF0FF17113FCA1D91989ADCADF2852876A6CC14988 |
SHA-512: | 6246AF2137E773F7719033AFE75F0B00FF3A4B5543DBA53737FC8D33EE42478E3D8A5CF166E9EFD2F54A2F3E0D62417BDDC1CB824642305B59AB1229313D2D79 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 18547 |
Entropy (8bit): | 7.9850486438978985 |
Encrypted: | false |
SSDEEP: | 384:kBCIQCloAwCZDy0xOTn6/g6l4NpWfw9nHk6Ka01f7Y/H:kBCIQpAwODPMT6/gfOUKN70 |
MD5: | ED31C7053D581EDC4C98D222CE02EDEF |
SHA1: | 6BA7A49CC6FF8FE00E9C5BC75F48AB7E679536DD |
SHA-256: | 0FCF61397154DF01CFAECA362BD643D88AAD5FEDD07B52DC8A921CC0D7236534 |
SHA-512: | 929BF13F2A050B33D0EABDAC97CAAFDDE612AD521027FEE4DD51E28A3CF61198D6C045E00AB85223C73D74D18BB4EAA1681C7AFA917946DC08A3C75FB2AB4935 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 160685 |
Entropy (8bit): | 7.960590987645444 |
Encrypted: | false |
SSDEEP: | 3072:AL289VlUBWA6CFvA7brCxAVIKW1xVymd1xXPfZTkdm3bGeAxiYbX:/83liWA6FiYW1xVyWxffZTkeGKa |
MD5: | 7E75F03941F240AA7190A08B60F3DD64 |
SHA1: | D35A9AF59DE7669A5B834E47C8152434297A594F |
SHA-256: | CD196E167E0BBC1054D6DA19E4D9392CC88A8DCE9FADF080E133350703B3318D |
SHA-512: | 8DD02F7956125D799B40A5EA3E26D985CEB9AC7D5B0415BC2EE93D1E23F421E6F81112B3F52B33FDF1541D03F805648C40438EA1F93EBC38C9BC3BE9C3D20856 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 22 |
Entropy (8bit): | 2.9808259362290785 |
Encrypted: | false |
SSDEEP: | 3:QAlX0Gn:QKn |
MD5: | 7962B839183642D3CDC2F9CEBDBF85CE |
SHA1: | 2BE8F6F309962ED367866F6E70668508BC814C2D |
SHA-256: | 5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6 |
SHA-512: | 2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtt:RJ1 |
MD5: | 7AB76C81182111AC93ACF915CA8331D5 |
SHA1: | 68B94B5D4C83A6FB415C8026AF61F3F8745E2559 |
SHA-256: | 6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF |
SHA-512: | A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7 |
Malicious: | true |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.950442215459519 |
TrID: |
|
File name: | plan-515372324.xlsb |
File size: | 159199 |
MD5: | 08e52afbefa423fb9f1ea0af88a4880e |
SHA1: | 2d688dfee28f75553bc1d3633f891d2e70e0408b |
SHA256: | aaa32ff3e41c61fe828f0850e702f5ed7ffd6177c4bf80ed15324525537f44cd |
SHA512: | 7a5400ec826ecaa0fa6a8beb9022bd9e918f11cf97e57d747477720889f7203af983620e2f7b543fb1ff5cc5a9eff13447d6353506c862dfe2ebd23b7a63dee8 |
SSDEEP: | 3072:q9VlUBWA6CFvA7bpKCxAVIKa8d/p4DqLdb1luxVymd1xXPtLrC/:q3liWA6FVNYa8dh4exQxVyWxfta |
File Content Preview: | PK..........!.d/.}............[Content_Types].xml ...(.......................................................................................................................................................((................................................ |
File Icon |
---|
Icon Hash: | 74f0d0d2c6d6d0f4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "plan-515372324.xlsb" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=HALT(),,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,EXE,,,R,J,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,LM,JC,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,on,CB,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,wnl,,oadT,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,""")",Fil,,LDo,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,&,,,o,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"(""r",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,eg,,0,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,svr32 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=,=,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,CAL,"""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,",",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"(""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,",0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,khangland.pro/v8gEDeSB/sun.html ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,jaipurbynite.com/stLdQs9R53/sun.htm,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
"=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=FORMULA('Doc2'!BA3,'Doc3'!AO18)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=ABS(8.74526348672131E+100)=ACOS(7.89475612348768E+58)=ACOSH(8.76976979789786E+39)=FORMULA(""U""&'Doc3'!AO18&'Doc2'!BA4&'Doc2'!BA5,'Doc3'!AP13)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=FORMULA('Doc2'!AX24,'Doc3'!AP16)",,,,,,,,,,,,,,,,"=FORMULA('Doc2'!BB3&'Doc2'!BB4&'Doc2'!BB5&""B"",'Doc3'!AP15)",,,,,,,,,,,,,,,,"=FORMULA(before.6.17.50.sheet!AY47,'Doc3'!AO19)",,,,,,,,,,,,,,,,"=FORMULA('Doc2'!AX25,'Doc3'!AP17)",,,,,,,,,,,,,,,,"=FORMULA('Doc2'!AZ14,'Doc3'!AO20)",,,,,,,,,,,,,,,,"=FORMULA(""U""&'Doc3'!AO18&'Doc2'!BA7&'Doc2'!AY6&'Doc2'!BA6&'Doc2'!BA9&'Doc2'!AY7&""eA"",'Doc3'!AP14)",,,,,,,,,,,,,,,,"=FORMULA('Doc2'!AY14&'Doc2'!AX16&'Doc3'!AO19&'Doc2'!AY18&'Doc3'!AP13&'Doc2'!AY16&'Doc2'!AY17&'Doc2'!AY16&'Doc3'!AP14&'Doc2'!AY16&'Doc2'!AY17&'Doc2'!AY16&'Doc3'!AP15&'Doc2'!AY16&'Doc2'!AY20&'Doc2'!AY17&'Doc2'!AY16&""https://""&'Doc3'!AP17&'Doc2'!AY16&'Doc2'!AY17&'Doc2'!AY16&before.6.17.50.sheet!AY41&'Doc2'!AY16&'Doc2'!AY20&'Doc2'!AY20&'Doc2'!AY19,'Doc3'!AN14)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=FORMULA('Doc3'!AO20&'Doc2'!AX3&""C""&'Doc2'!AX10&'Doc2'!AX11&'Doc2'!AX12&'Doc2'!AX8&'Doc2'!AX9&'Doc2'!AX8&before.6.17.50.sheet!AY40&'Doc2'!AX7,'Doc3'!AN17)",,,,,,,,,,,,,,,,"=FORMULA('Doc3'!AO20&'Doc2'!AX3&""C""&'Doc2'!AX10&'Doc2'!AX11&'Doc2'!AX12&'Doc2'!AX8&'Doc2'!AX9&'Doc2'!AX8&before.6.17.50.sheet!AY41&'Doc2'!AX7,'Doc3'!AN18)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=FORMULA('Doc2'!AY14&'Doc2'!AX16&'Doc3'!AO19&'Doc2'!AY18&'Doc3'!AP13&'Doc2'!AY16&'Doc2'!AY17&'Doc2'!AY16&'Doc3'!AP14&'Doc2'!AY16&'Doc2'!AY17&'Doc2'!AY16&'Doc3'!AP15&'Doc2'!AY16&'Doc2'!AY20&'Doc2'!AY17&'Doc2'!AY16&""https://""&'Doc3'!AP16&'Doc2'!AY16&'Doc2'!AY17&'Doc2'!AY16&before.6.17.50.sheet!AY40&'Doc2'!AY16&'Doc2'!AY20&'Doc2'!AY20&'Doc2'!AY19,'Doc3'!AN13)=SUMXMY2(452354,45245)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=""""&""""&""""&""""&""""&""""&""""&""""&""""&RUN('Doc3'!AN10)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=""..\palpy1.dll""",,,,,,,,,,,,,,,,"=""..\palpy2.dll""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=RIGHT(""LdecvsbgvrsxLxrgxgL"",1)",,,,,,,,,,,,,,,,"=LEFT(""LdecvsbgvrsxLxrgxg"",1)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 30, 2021 00:08:32.935113907 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:33.164993048 CEST | 443 | 49739 | 103.28.39.29 | 192.168.2.4 |
Jun 30, 2021 00:08:33.165199041 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:33.167490005 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:33.396576881 CEST | 443 | 49739 | 103.28.39.29 | 192.168.2.4 |
Jun 30, 2021 00:08:33.397178888 CEST | 443 | 49739 | 103.28.39.29 | 192.168.2.4 |
Jun 30, 2021 00:08:33.397212982 CEST | 443 | 49739 | 103.28.39.29 | 192.168.2.4 |
Jun 30, 2021 00:08:33.397241116 CEST | 443 | 49739 | 103.28.39.29 | 192.168.2.4 |
Jun 30, 2021 00:08:33.397260904 CEST | 443 | 49739 | 103.28.39.29 | 192.168.2.4 |
Jun 30, 2021 00:08:33.397259951 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:33.397304058 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:33.397315979 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:33.397321939 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:33.399928093 CEST | 443 | 49739 | 103.28.39.29 | 192.168.2.4 |
Jun 30, 2021 00:08:33.400088072 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:33.443725109 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:33.674485922 CEST | 443 | 49739 | 103.28.39.29 | 192.168.2.4 |
Jun 30, 2021 00:08:33.674612999 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:33.675638914 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:33.907320023 CEST | 443 | 49739 | 103.28.39.29 | 192.168.2.4 |
Jun 30, 2021 00:08:33.907463074 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:33.907469988 CEST | 443 | 49739 | 103.28.39.29 | 192.168.2.4 |
Jun 30, 2021 00:08:33.907556057 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:33.995299101 CEST | 49739 | 443 | 192.168.2.4 | 103.28.39.29 |
Jun 30, 2021 00:08:34.158024073 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:34.226876974 CEST | 443 | 49739 | 103.28.39.29 | 192.168.2.4 |
Jun 30, 2021 00:08:34.359838963 CEST | 443 | 49741 | 104.244.121.13 | 192.168.2.4 |
Jun 30, 2021 00:08:34.360023975 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:34.360469103 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:34.561994076 CEST | 443 | 49741 | 104.244.121.13 | 192.168.2.4 |
Jun 30, 2021 00:08:34.562361002 CEST | 443 | 49741 | 104.244.121.13 | 192.168.2.4 |
Jun 30, 2021 00:08:34.562401056 CEST | 443 | 49741 | 104.244.121.13 | 192.168.2.4 |
Jun 30, 2021 00:08:34.562439919 CEST | 443 | 49741 | 104.244.121.13 | 192.168.2.4 |
Jun 30, 2021 00:08:34.562465906 CEST | 443 | 49741 | 104.244.121.13 | 192.168.2.4 |
Jun 30, 2021 00:08:34.562503099 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:34.562563896 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:34.562578917 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:34.562586069 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:34.565370083 CEST | 443 | 49741 | 104.244.121.13 | 192.168.2.4 |
Jun 30, 2021 00:08:34.565521002 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:34.580204964 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:34.781984091 CEST | 443 | 49741 | 104.244.121.13 | 192.168.2.4 |
Jun 30, 2021 00:08:34.782138109 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:35.131728888 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:35.348674059 CEST | 443 | 49741 | 104.244.121.13 | 192.168.2.4 |
Jun 30, 2021 00:08:35.348721981 CEST | 443 | 49741 | 104.244.121.13 | 192.168.2.4 |
Jun 30, 2021 00:08:35.348805904 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:35.348855972 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:35.348942995 CEST | 49741 | 443 | 192.168.2.4 | 104.244.121.13 |
Jun 30, 2021 00:08:35.550203085 CEST | 443 | 49741 | 104.244.121.13 | 192.168.2.4 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 30, 2021 00:08:14.069195032 CEST | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:14.126266956 CEST | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:15.603213072 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:15.652334929 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:16.699806929 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:16.751743078 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:17.589102983 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:17.637955904 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:18.373897076 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:18.425875902 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:21.156306982 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:21.207030058 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:24.122312069 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:24.181847095 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:25.144474030 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:25.203140974 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:25.559120893 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:25.578457117 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:25.633059025 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:25.642832994 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:26.561460972 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:26.666496992 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:27.150618076 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:27.207700968 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:27.573991060 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:27.634004116 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:27.994618893 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:28.048089027 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:28.957083941 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:29.012979984 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:29.592685938 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:29.654587030 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:30.804543018 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:30.862236977 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:32.216578007 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:32.277559996 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:32.504199982 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:32.930166960 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:33.058595896 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:33.116991997 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:33.574688911 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:33.634762049 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:34.005776882 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:34.156178951 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:34.163774967 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:34.222609043 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:35.320266962 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:35.371395111 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:37.111701965 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:37.162477016 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:37.921618938 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:37.974533081 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:42.183860064 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:42.245068073 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:58.589673996 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:58.821022987 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:59.405081034 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:59.463294983 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:08:59.585522890 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:08:59.642749071 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:00.106282949 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:00.244215965 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:00.794054031 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:00.853260994 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:01.461981058 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:01.522326946 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:02.154788017 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:02.216150045 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:02.726349115 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:02.785042048 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:03.697858095 CEST | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:03.757582903 CEST | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:04.794964075 CEST | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:04.849899054 CEST | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:05.431109905 CEST | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:05.493837118 CEST | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:08.118124962 CEST | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:08.170874119 CEST | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:17.812447071 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:17.817260027 CEST | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:17.876132965 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:17.878622055 CEST | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:20.819437981 CEST | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:20.884032011 CEST | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:51.871857882 CEST | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:51.930027008 CEST | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Jun 30, 2021 00:09:53.658200026 CEST | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 30, 2021 00:09:53.731904030 CEST | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jun 30, 2021 00:08:32.504199982 CEST | 192.168.2.4 | 8.8.8.8 | 0x74e2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 30, 2021 00:08:34.005776882 CEST | 192.168.2.4 | 8.8.8.8 | 0xc7a2 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jun 30, 2021 00:08:32.930166960 CEST | 8.8.8.8 | 192.168.2.4 | 0x74e2 | No error (0) | 103.28.39.29 | A (IP address) | IN (0x0001) | ||
Jun 30, 2021 00:08:34.156178951 CEST | 8.8.8.8 | 192.168.2.4 | 0xc7a2 | No error (0) | 104.244.121.13 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Jun 30, 2021 00:08:33.399928093 CEST | 103.28.39.29 | 443 | 192.168.2.4 | 49739 | CN=khangland.pro CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB | Fri Jun 11 02:00:00 CEST 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004 | Fri Sep 10 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US | CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | Mon May 18 02:00:00 CEST 2015 | Sun May 18 01:59:59 CEST 2025 | |||||||
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB | Thu Jan 01 01:00:00 CET 2004 | Mon Jan 01 00:59:59 CET 2029 | |||||||
Jun 30, 2021 00:08:34.565370083 CEST | 104.244.121.13 | 443 | 192.168.2.4 | 49741 | CN=jaipurbynite.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB | Wed Mar 31 02:00:00 CEST 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004 | Wed Jun 30 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US | CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | Mon May 18 02:00:00 CEST 2015 | Sun May 18 01:59:59 CEST 2025 | |||||||
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB | Thu Jan 01 01:00:00 CET 2004 | Mon Jan 01 00:59:59 CET 2029 |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 00:08:23 |
Start date: | 30/06/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xba0000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 00:08:25 |
Start date: | 30/06/2021 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ec6a0000 |
File size: | 130560 bytes |
MD5 hash: | 8D59B31FF375059E3C32B17BF31A76D5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 00:08:34 |
Start date: | 30/06/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd60000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 00:08:35 |
Start date: | 30/06/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd60000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|