Analysis Report
Overview
General Information |
---|
Analysis ID: | 103312 |
Start time: | 12:52:15 |
Start date: | 17/02/2016 |
Overall analysis duration: | 0h 4m 34s |
Report type: | full |
Sample file name: | invoice_J-98148270.doc |
Cookbook file name: | defaultwindowsdocumentcookbook.jbs |
Analysis system description: | Windows 7 (Office 2003 SP1, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 41, Firefox 36) |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 2 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies |
|
Detection: | MAL |
Classification: | mal88.evad.expl.rans.winDOC@6/46@8/6 |
HCA Informations: |
|
EGA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 88 | 0 - 100 | Report FP / FN |
Classification |
---|
Analysis Advice |
---|
Sample sleeps for a long time, analyze it with the fake sleep cookbook |
Signature Overview |
---|
Click to jump to signature section
Cryptography: |
---|
Uses Microsoft's Enhanced Cryptographic Provider | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00406F53 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_004014FF | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00402808 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00405FF4 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_004028F3 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_004065C7 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_0040102A | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_004027BD | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_004012D0 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_004065B9 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00402C97 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00401000 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00406607 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_0040F7F4 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_004064BE | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_004010F1 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_0040121F | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00401BE3 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_004027DA | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00405FF4 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00405D1F | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00403139 |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Contains functionality to import cryptographic keys (often used in ransomware) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_0040121F |
Deletes shadow drive data (may be related to ransomware) | Show sources |
Source: ladybi.exe | Binary or memory string: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Process created: | ||
Source: ladybi.exe | Binary or memory string: | ||
Source: vssadmin.exe | Binary or memory string: | ||
Source: vssadmin.exe | Binary or memory string: | ||
Source: vssadmin.exe | Binary or memory string: | ||
Source: vssadmin.exe | Binary or memory string: | ||
Source: vssadmin.exe | Binary or memory string: | ||
Source: vssadmin.exe | Binary or memory string: | ||
Source: vssadmin.exe | Binary or memory string: | ||
Source: vssadmin.exe | Binary or memory string: | ||
Source: vssadmin.exe | Binary or memory string: |
Writes a notice file (html or txt) to demand a ransom | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | File dropped: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | File dropped: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | File dropped: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | File dropped: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | File dropped: |
Protection of GUI: |
---|
Contains functionality to create a new desktop | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00405D1F |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality for read data from the clipboard | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00405D1F |
Software Vulnerablities: |
---|
Potential document exploit detected (Application instantly terminates) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process terminated: |
Potential document exploit detected (performs DNS queries) | Show sources |
Source: global traffic | DNS query: |
Potential document exploit detected (performs HTTP gets) | Show sources |
Source: global traffic | TCP traffic: |
Potential document exploit detected (unknown TCP traffic) | Show sources |
Source: global traffic | TCP traffic: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process created: |
Document exploit detected (creates forbidden files) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File created: |
Document exploit detected (dops PE files) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File created: |
Networking: |
---|
Urls found in memory or binary data | Show sources |
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE, ladybi.exe | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: ladybi.exe, _Locky_recover_instructions.txt2.936.dr, _Locky_recover_instructions.txt1.936.dr, _Locky_recover_instructions.txt.936.dr, _Locky_recover_instructions.txt0.936.dr, _Locky_recover_instructions.txt3.936.dr | String found in binary or memory: | ||
Source: ladybi.exe, _Locky_recover_instructions.txt2.936.dr, _Locky_recover_instructions.txt1.936.dr, _Locky_recover_instructions.txt.936.dr, _Locky_recover_instructions.txt0.936.dr, _Locky_recover_instructions.txt3.936.dr | String found in binary or memory: | ||
Source: ladybi.exe, _Locky_recover_instructions.txt2.936.dr, _Locky_recover_instructions.txt1.936.dr, _Locky_recover_instructions.txt.936.dr, _Locky_recover_instructions.txt0.936.dr, _Locky_recover_instructions.txt3.936.dr | String found in binary or memory: | ||
Source: ladybi.exe, _Locky_recover_instructions.txt2.936.dr, _Locky_recover_instructions.txt1.936.dr, _Locky_recover_instructions.txt.936.dr, _Locky_recover_instructions.txt0.936.dr, _Locky_recover_instructions.txt3.936.dr | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: ladybi.exe | String found in binary or memory: | ||
Source: ladybi.exe, _Locky_recover_instructions.txt2.936.dr, _Locky_recover_instructions.txt1.936.dr, _Locky_recover_instructions.txt.936.dr, _Locky_recover_instructions.txt0.936.dr, _Locky_recover_instructions.txt3.936.dr | String found in binary or memory: | ||
Source: ladybi.exe, _Locky_recover_instructions.txt2.936.dr, _Locky_recover_instructions.txt1.936.dr, _Locky_recover_instructions.txt.936.dr, _Locky_recover_instructions.txt0.936.dr, _Locky_recover_instructions.txt3.936.dr | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: ladybi.exe | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: invoice_J-98148270.doc, theme1.xml | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: ladybi.exe, _Locky_recover_instructions.txt2.936.dr, _Locky_recover_instructions.txt1.936.dr, _Locky_recover_instructions.txt.936.dr, _Locky_recover_instructions.txt0.936.dr, _Locky_recover_instructions.txt3.936.dr | String found in binary or memory: |
Contains functionality to download additional files from the internet | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_004068F1 |
Downloads files | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File created: |
Downloads files from webservers via HTTP | Show sources |
Source: global traffic | HTTP traffic detected: |
Found strings which match to known social media urls | Show sources |
Source: WINWORD.EXE | String found in binary or memory: |
Performs DNS lookups | Show sources |
Source: unknown | DNS traffic detected: |
Posts data to webserver | Show sources |
Source: unknown | HTTP traffic detected: |
Downloads executable code via HTTP | Show sources |
Source: global traffic | HTTP traffic detected: |
HTTP GET or POST without a user agent | Show sources |
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: |
Uses a known web browser user agent for HTTP communication | Show sources |
Source: global traffic | HTTP traffic detected: |
Boot Survival: |
---|
Creates an autostart registry key | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Registry value created or modified: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Registry value created or modified: |
Stealing of Sensitive Information: |
---|
Searches for user specific document files | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Key value created or modified: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Key value created or modified: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Key value created or modified: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Key value created or modified: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Key value created or modified: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Key value created or modified: |
Persistence and Installation Behavior: |
---|
Drops PE files | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File created: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File created: |
Data Obfuscation: |
---|
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_0040D530 |
Generates new code (likely due to unpacking of malware or shellcode) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code execution: |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00407CC4 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00405D6E | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00405D1F |
System Summary: |
---|
Executable creates window controls seldom found in malware | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Window found: |
Checks if Microsoft Office is installed | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Key opened: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Binary contains paths to development resources | Show sources |
Source: WINWORD.EXE | Binary or memory string: |
Classification label | Show sources |
Source: classification engine | Classification label: |
Creates files inside the user directory | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File created: |
Creates temporary files | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File created: |
Document contains an OLE Word Document stream indicating a Microsoft Word file | Show sources |
Source: invoice_J-98148270.doc | OLE indicator, Word Document stream: |
Found command line output | Show sources |
Source: C:\Windows\System32\vssadmin.exe | Console Write: |
Reads ini files | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File read: |
Reads software policies | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Key opened: |
SQL strings found in memory and binary data | Show sources |
Source: WINWORD.EXE | Binary or memory string: |
Spawns processes | Show sources |
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process created: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Process created: |
Uses an in-process (OLE) Automation server | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Key value queried: |
Contains functionality to launch a process as a different user | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00405D1F |
Document contains embedded VBA macros | Show sources |
Source: invoice_J-98148270.doc | OLE indicator, VBA macros: |
Document contains summary information with irregular field values | Show sources |
Source: invoice_J-98148270.doc | OLE document summary: | ||
Source: invoice_J-98148270.doc | OLE document summary: |
Found potential string decryption / allocating functions | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: |
Reads the hosts file | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File read: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | File read: |
Document contains an embedded VBA macro which executes code when the document is opened / closed | Show sources |
Source: invoice_J-98148270.doc | OLE, VBA macro line: |
Document contains an embedded VBA macro with suspicious strings | Show sources |
Source: invoice_J-98148270.doc | OLE, VBA macro line: | ||
Source: invoice_J-98148270.doc | OLE, VBA macro line: | ||
Source: invoice_J-98148270.doc | OLE, VBA macro line: | ||
Source: invoice_J-98148270.doc | OLE, VBA macro line: | ||
Source: invoice_J-98148270.doc | OLE, VBA macro line: |
HIPS / PFW / Operating System Protection Evasion: |
---|
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: ladybi.exe | Binary or memory string: | ||
Source: ladybi.exe | Binary or memory string: | ||
Source: ladybi.exe | Binary or memory string: | ||
Source: ladybi.exe | Binary or memory string: |
Contains functionality to simulate mouse events | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00405D1F |
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00403BF5 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00403BF5 |
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Network Connect: |
Anti Debugging: |
---|
Contains functionality to register its own exception handler | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00403BF5 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_0040B6B3 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00403BF5 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_0040C7BC | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_0040B1C1 |
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | System information queried: |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00406F53 |
Contains functionality to check if a debugger is running (IsDebuggerPresent) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_0040C7BC |
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_0040D530 |
Malware Analysis System Evasion: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00407CC4 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00405D6E | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00405D1F |
Checks the free space of harddrives | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | File Volume queried: | ||
Source: C:\Windows\System32\svchost.exe | File Volume queried: | ||
Source: C:\Windows\System32\svchost.exe | File Volume queried: |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00406F53 |
Found evasive API chain (may stop execution after checking a module file name) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Evasive API call chain: | graph_3-8196 |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE TID: 740 | Thread sleep time: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE TID: 740 | Thread sleep time: | ||
Source: C:\Windows\System32\vssadmin.exe TID: 3784 | Thread sleep time: | ||
Source: C:\Windows\System32\svchost.exe TID: 3580 | Thread sleep time: |
Hooking and other Techniques for Hiding and Protection: |
---|
Contains functionality to check if a window is minimized (may be used to check if an application is visible) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00405D1F | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00405D1F | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00403139 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00403139 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00403139 | |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00403139 |
Disables application error messsages (SetErrorMode) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Process information set: |
Monitors certain registry keys / values for changes (often done to protect autostart functionality) | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Registry key monitored for changes: |
Stores large binary data to the registry | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Key value created or modified: |
Language, Device and Operating System Detection: |
---|
Contains functionality to query local / system time | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_004014FF |
Contains functionality to query the account / user name | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_1_00405D1F |
Contains functionality to query windows version | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00402FE5 |
Contains functionality locales information (e.g. system language) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\ladybi.exe | Code function: | 3_2_00405F5B |
Queries the cryptographic machine GUID | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Key value queried: |
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE | Queries volume information: |
Behavior Graph |
---|
Yara Overview |
---|
No Yara matches |
---|
Screenshot |
---|
Startup |
---|
|
Created / dropped Files |
---|
File Path | Type and Hashes |
---|---|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
Contacted Domains/Contacted IPs |
---|
Contacted Domains |
---|
Name | IP | Active |
---|---|---|
kpybuhnosdrm.in | 195.22.28.198 | true |
dkoipg.pw | 85.25.149.246 | true |
xfyubqmldwvuyar.yt | 104.238.173.18 | true |
luvenxj.uk | 69.195.129.70 | true |
www.jesusdenazaret.com.ve | 190.9.32.8 | true |
sdwempsovemtr.yt | unknown | unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Country | Flag | ASN | ASN Name |
---|---|---|---|---|
190.9.32.8 | Panama | 16626 | GlobalNetAccessLLC | |
8.8.8.8 | United States | 15169 | GoogleInc | |
104.238.173.18 | United States | 20473 | ChoopaLLC | |
69.195.129.70 | United States | 19969 | JoesDatacenterLLC | |
195.22.28.198 | Portugal | 8426 | ClaraNETLTD | |
85.25.149.246 | Germany | 8972 | intergeniaAG |
Static File Info |
---|
General | |
---|---|
File type: | 0 |
TrID: |
|
File name: | invoice_J-98148270.doc |
File size: | 66048 |
MD5: | f205a9e8f1be8b8a5f75ac9e9be2b399 |
SHA1: | 7188b32756dee187cd0831a01fa2cfad63987717 |
SHA256: | 97b13680d6c6e5d8fff655fe99700486cbdd097cfa9250a066d247609f85b9b9 |
SHA512: | eefbbc16b39908426a31a3d76b3a607beac8eeddd70e2b77b250c2ff4a168b47499fb4370c7b284e44af9b5105ac23f3931b50532b27fb25203035f95b8e1bc3 |
File Icon |
---|
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Office Word |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Title: | |
Subject: | |
Author: | Microsoft Office |
Keywords: | |
Template: | Normal.dotm |
Last Saved By: | alex |
Revion Number: | 2 |
Total Edit Time: | 0 |
Create Time: | 2016-02-16 09:35:00 |
Last Saved Time: | 2016-02-16 09:35:00 |
Number of Pages: | 1 |
Number of Words: | 0 |
Number of Characters: | 0 |
Creating Application: | Microsoft Office Word |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Number of Lines: | 1 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | False |
Company: | Microsoft Corporation |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
Streams with VBA |
---|
VBA File Name: Module1.bas, Stream Size: 6451 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/Module1 |
VBA File Name: | Module1.bas |
Stream Size: | 6451 |
Data ASCII: | . . . . . . . . . . . . . . . . . ( . . . . . . . p . . . . . . . . . . . . . . . . . { N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . |
Data Raw: | 01 16 01 00 06 f0 00 00 00 b4 0c 00 00 d4 00 00 00 28 02 00 00 ff ff ff ff 70 0e 00 00 dc 15 00 00 00 00 00 00 01 00 00 00 ac 94 7b 4e 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 28 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code with Deobfuscations |
---|
|
VBA Code |
---|
|
VBA File Name: Module2.bas, Stream Size: 11343 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/Module2 |
VBA File Name: | Module2.bas |
Stream Size: | 11343 |
Data ASCII: | . . . . . . . . . 4 . . . . . . . . . . . . . . . . . . . . % . . . . . . . . . . . . . ; . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 06 f0 00 00 00 34 14 00 00 d4 00 00 00 d8 01 00 00 ff ff ff ff f7 15 00 00 e7 25 00 00 02 00 00 00 01 00 00 00 ac 94 f7 3b 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 04 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code with Deobfuscations |
---|
|
VBA Code |
---|
|
VBA File Name: ThisDocument.cls, Stream Size: 1608 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/ThisDocument |
VBA File Name: | ThisDocument.cls |
Stream Size: | 1608 |
Data ASCII: | . . . . . . . . . v . . . . . . . . . . . . . . . . . . . u . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . < . . . . . . 4 . . . . . @ . . . w . . . . . . e # . . < K . . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . L . . . 4 . J . . . k . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . L . . . 4 . J . . . k . } . . . 4 . . . . . @ . . . w . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 06 00 01 00 00 76 04 00 00 e4 00 00 00 12 02 00 00 cb 04 00 00 d9 04 00 00 75 05 00 00 00 00 00 00 01 00 00 00 ac 94 a8 d8 00 00 ff ff a3 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 3c 00 ff ff 00 00 8f 34 08 82 d3 dd ea 40 9b 8e 9e 77 8c 16 92 2e dd ef 65 23 d0 8f 3c 4b 82 c6 96 30 cd ec 98 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code with Deobfuscations |
---|
|
VBA Code |
---|
|
VBA File Name: UserForm1.frm, Stream Size: 1384 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/UserForm1 |
VBA File Name: | UserForm1.frm |
Stream Size: | 1384 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . 0 . D . . . . X . t m . } . . . p . E . . . * . % # { . % . . . . @ . x B . . . > d . . . . . . E . . @ . K . . b . . . } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . E . . @ . K . . b . . . } . . . . . . 0 . D . . . . X . t m . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 06 00 01 00 00 e0 03 00 00 e4 00 00 00 84 02 00 00 0e 04 00 00 28 04 00 00 7c 04 00 00 00 00 00 00 01 00 00 00 ac 94 8a b1 00 00 ff ff 01 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 40 00 ff ff 00 00 b0 99 97 90 de 30 8e 44 a9 c5 e7 af 58 0e 74 6d d4 7d ed cf b3 70 00 45 99 1e 8d 2a 9e 25 23 7b cf 20 25 90 fe eb d2 40 a4 78 42 d7 f0 |
VBA Code with Deobfuscations |
---|
|
VBA Code |
---|
|
Streams |
---|
Stream Path: \x1CompObj, File Type: data, Stream Size: 121 |
---|
General | |
---|---|
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 121 |
Entropy: | 4.54740015507 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . F ' . . . . . . . . . . . M i c r o s o f t O f f i c e W o r d 9 7 - 2 0 0 3 . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 27 00 00 00 c4 ee ea f3 ec e5 ed f2 20 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 57 6f 72 64 20 39 37 2d 32 30 30 33 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.314006545359 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t C o r p o r a t i o n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 00 01 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 90 00 00 00 06 00 00 00 98 00 00 00 11 00 00 00 a0 00 00 00 17 00 00 00 a8 00 00 00 0b 00 00 00 b0 00 00 00 10 00 00 00 b8 00 00 00 13 00 00 00 c0 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.458279815326 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . 8 . . . . . . . D . . . . . . . L . . . . . . . T . . . . . . . \\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t O f f i c e . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 64 01 00 00 10 00 00 00 01 00 00 00 88 00 00 00 02 00 00 00 90 00 00 00 03 00 00 00 9c 00 00 00 04 00 00 00 a8 00 00 00 05 00 00 00 c4 00 00 00 07 00 00 00 d0 00 00 00 08 00 00 00 e4 00 00 00 09 00 00 00 f4 00 00 00 12 00 00 00 00 01 00 00 |
Stream Path: 1Table, File Type: data, Stream Size: 7397 |
---|
General | |
---|---|
Stream Path: | 1Table |
File Type: | data |
Stream Size: | 7397 |
Entropy: | 5.6798114074 |
Base64 Encoded: | True |
Data ASCII: | ^ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 5e 04 0f 00 12 00 01 00 0b 01 0f 00 07 00 00 00 00 00 00 00 00 00 04 00 08 00 00 00 08 00 00 00 0e 00 00 00 0e 00 00 00 0e 00 00 00 0e 00 00 00 0e 00 00 00 0e 00 00 00 0e 00 00 00 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 582 |
---|
General | |
---|---|
Stream Path: | Macros/PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 582 |
Entropy: | 5.36056375919 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 8 E 8 7 F 1 6 A - 0 2 6 6 - 4 F C 3 - B 4 8 8 - 3 3 5 6 1 5 2 F A 4 9 1 } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . P a c k a g e = { A C 9 F 2 F 9 0 - E 8 7 7 - 1 1 C E - 9 F 6 8 - 0 0 A A 0 0 5 7 4 A 4 F } . . B a s e C l a s s = U s e r F o r m 1 . . M o d u l e = M o d u l e 1 . . M o d u l e = M o d u l e 2 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 8 D 8 |
Data Raw: | 49 44 3d 22 7b 38 45 38 37 46 31 36 41 2d 30 32 36 36 2d 34 46 43 33 2d 42 34 38 38 2d 33 33 35 36 31 35 32 46 41 34 39 31 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 50 61 63 6b 61 67 65 3d 7b 41 43 39 46 32 46 39 30 2d 45 38 37 37 2d 31 31 43 45 2d 39 46 36 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 0d 0a 42 |
Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 119 |
---|
General | |
---|---|
Stream Path: | Macros/PROJECTwm |
File Type: | data |
Stream Size: | 119 |
Entropy: | 3.41052736527 |
Base64 Encoded: | False |
Data ASCII: | T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . U s e r F o r m 1 . U . s . e . r . F . o . r . m . 1 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . M o d u l e 2 . M . o . d . u . l . e . 2 . . . . . |
Data Raw: | 54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 55 73 65 72 46 6f 72 6d 31 00 55 00 73 00 65 00 72 00 46 00 6f 00 72 00 6d 00 31 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 4d 6f 64 75 6c 65 32 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 32 00 00 00 00 00 |
Stream Path: Macros/UserForm1/\x1CompObj, File Type: data, Stream Size: 97 |
---|
General | |
---|---|
Stream Path: | Macros/UserForm1/\x1CompObj |
File Type: | data |
Stream Size: | 97 |
Entropy: | 3.61064918306 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: Macros/UserForm1/\x3VBFrame, File Type: ASCII text, with CRLF line terminators, Stream Size: 290 |
---|
General | |
---|---|
Stream Path: | Macros/UserForm1/\x3VBFrame |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 290 |
Entropy: | 4.59742813674 |
Base64 Encoded: | True |
Data ASCII: | V E R S I O N 5 . 0 0 . . B e g i n { C 6 2 A 6 9 F 0 - 1 6 D C - 1 1 C E - 9 E 9 8 - 0 0 A A 0 0 5 7 4 A 4 F } U s e r F o r m 1 . . C a p t i o n = " U s e r F o r m 1 " . . C l i e n t H e i g h t = 5 1 8 . . C l i e n t L e f t = 2 1 . . C l i e n t T o p = 3 3 6 . . C l i e n t W i d t h = 1 7 6 4 . . S t a r t U p P o s i t i o n = 1 ' C e n t e r O w n e |
Data Raw: | 56 45 52 53 49 4f 4e 20 35 2e 30 30 0d 0a 42 65 67 69 6e 20 7b 43 36 32 41 36 39 46 30 2d 31 36 44 43 2d 31 31 43 45 2d 39 45 39 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 20 55 73 65 72 46 6f 72 6d 31 20 0d 0a 20 20 20 43 61 70 74 69 6f 6e 20 20 20 20 20 20 20 20 20 3d 20 20 20 22 55 73 65 72 46 6f 72 6d 31 22 0d 0a 20 20 20 43 6c 69 65 6e 74 48 65 69 67 68 74 20 20 20 20 3d 20 |
Stream Path: Macros/UserForm1/f, File Type: data, Stream Size: 131 |
---|
General | |
---|---|
Stream Path: | Macros/UserForm1/f |
File Type: | data |
Stream Size: | 131 |
Entropy: | 3.73541460446 |
Base64 Encoded: | False |
Data ASCII: | . . $ . . . . . . . . . . . . . . . . . . } . . ' . . . . . . . . . . . . . . . . R . . . . . . . . . . . K . Q . . . . . . . 3 . . . T a h o m a . . . . . . 0 . . . . . . . . . ( . . . . . . . . . . . . . 2 . . . . . . . . . . . L a b e l 1 2 . . . . . . . . . |
Data Raw: | 00 04 24 00 08 0c 10 0c 01 00 00 00 ff ff 00 00 01 00 00 00 00 7d 00 00 27 0c 00 00 92 03 00 00 00 00 00 00 00 00 00 00 03 52 e3 0b 91 8f ce 11 9d e3 00 aa 00 4b b8 51 01 cc 00 00 90 01 9e 33 01 00 06 54 61 68 6f 6d 61 00 00 01 00 00 00 30 00 00 00 00 01 14 05 00 00 28 00 f5 01 00 00 06 00 00 80 01 00 00 00 32 00 00 00 b4 00 00 00 00 00 15 00 4c 61 62 65 6c 31 32 00 e2 0e 00 00 d4 |
Stream Path: Macros/UserForm1/o, File Type: data, Stream Size: 180 |
---|
General | |
---|---|
Stream Path: | Macros/UserForm1/o |
File Type: | data |
Stream Size: | 180 |
Entropy: | 5.01443671029 |
Base64 Encoded: | False |
Data ASCII: | . . . . ( . . . . . . . M i c r o s o f t . X M L H T T P / A d o d b . S t r e a m / S h e l l . A p p l i c a t i o n / W S c r i p t . S h e l l / P r o c e s s / G E T / T E M P / T y p e / O p e n / w r i t e / r e s p o n s e B o d y / s a v e t o f i l e / \\ l a d y b i . t x t . . . . . { . . . . . . . 5 . . . . . . . . . . . . . . . T a h o m a 2 . |
Data Raw: | 00 02 94 00 28 00 00 00 83 00 00 80 4d 69 63 72 6f 73 6f 66 74 2e 58 4d 4c 48 54 54 50 2f 41 64 6f 64 62 2e 53 74 72 65 61 6d 2f 53 68 65 6c 6c 2e 41 70 70 6c 69 63 61 74 69 6f 6e 2f 57 53 63 72 69 70 74 2e 53 68 65 6c 6c 2f 50 72 6f 63 65 73 73 2f 47 45 54 2f 54 45 4d 50 2f 54 79 70 65 2f 4f 70 65 6e 2f 77 72 69 74 65 2f 72 65 73 70 6f 6e 73 65 42 6f 64 79 2f 73 61 76 65 74 6f 66 |
Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 5864 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 5864 |
Entropy: | 5.13592510048 |
Base64 Encoded: | False |
Data ASCII: | . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . |
Data Raw: | cc 61 85 00 00 01 00 ff 19 04 00 00 09 04 00 00 e3 04 01 00 00 00 00 00 00 00 00 00 01 00 06 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
Stream Path: Macros/VBA/__SRP_0, File Type: data, Stream Size: 3682 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_0 |
File Type: | data |
Stream Size: | 3682 |
Entropy: | 4.29436019326 |
Base64 Encoded: | False |
Data ASCII: | . K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * \\ C N o r m a l r U . . . . . . . . . . . . . . . . . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ 3 . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 93 4b 2a 85 01 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 01 00 02 00 02 00 00 00 00 00 01 00 00 00 03 00 00 00 00 00 01 00 02 00 03 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 01 00 02 00 01 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 01 00 09 00 00 00 2a 5c |
Stream Path: Macros/VBA/__SRP_1, File Type: data, Stream Size: 190 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_1 |
File Type: | data |
Stream Size: | 190 |
Entropy: | 2.20425022948 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . ~ . . . ~ . . . ~ y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . . . . . . . ( . . . . . . . h . . . . . . . |
Data Raw: | 72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 01 00 00 7e 01 00 00 7e 01 00 00 7e 79 00 00 7f 00 00 00 00 0a 00 00 00 09 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 09 00 00 00 00 00 03 00 09 00 00 00 00 00 09 00 09 00 00 00 00 00 05 00 09 00 00 00 00 00 07 00 03 00 00 09 01 03 00 00 00 00 00 00 e1 03 00 00 00 00 00 00 08 00 00 00 00 00 01 00 03 00 |
Stream Path: Macros/VBA/__SRP_2, File Type: data, Stream Size: 312 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_2 |
File Type: | data |
Stream Size: | 312 |
Entropy: | 2.25607936974 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . 4 . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . < . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 1e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 03 00 30 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 a9 00 00 00 00 00 04 00 01 00 01 00 00 00 01 00 89 07 00 00 00 00 00 00 b1 07 00 00 00 00 00 00 d9 07 00 00 00 00 00 00 09 00 00 00 01 00 02 00 61 07 00 00 00 00 00 00 08 00 0d 00 34 00 00 00 e1 03 00 00 00 00 |
Stream Path: Macros/VBA/__SRP_3, File Type: data, Stream Size: 103 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_3 |
File Type: | data |
Stream Size: | 103 |
Entropy: | 2.12520404633 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . $ . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . n . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff 00 00 00 00 40 00 00 00 04 00 24 00 01 01 00 00 00 00 02 00 00 00 04 60 00 00 b9 06 ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 1e 00 00 00 00 00 00 6e 00 00 7f 00 00 00 00 |
Stream Path: Macros/VBA/__SRP_4, File Type: data, Stream Size: 1482 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_4 |
File Type: | data |
Stream Size: | 1482 |
Entropy: | 4.55922093618 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . ~ | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 . . . . . . . Y . . . . . . . y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . A . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 02 00 00 7e 7c 00 00 7f 00 00 00 00 0e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 05 00 08 00 00 00 00 00 04 00 02 00 00 00 20 00 00 00 19 09 00 00 00 00 00 00 39 09 00 00 00 00 00 00 59 09 00 00 00 00 00 00 79 09 00 00 00 00 00 00 91 09 00 00 00 00 00 00 b1 09 00 00 00 00 00 00 c9 09 00 00 00 00 00 00 e1 09 00 00 00 00 |
Stream Path: Macros/VBA/__SRP_5, File Type: data, Stream Size: 160 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_5 |
File Type: | data |
Stream Size: | 160 |
Entropy: | 1.82742076017 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . $ . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . n . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 04 00 ff ff ff ff ff ff ff ff 00 00 00 00 2c 00 00 00 04 00 24 00 81 00 00 00 00 00 04 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 24 00 a9 00 00 00 00 00 04 00 01 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 0a 00 |
Stream Path: Macros/VBA/__SRP_6, File Type: data, Stream Size: 2324 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_6 |
File Type: | data |
Stream Size: | 2324 |
Entropy: | 4.50699428538 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . ~ | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . y . . . . . . . . . . . . . . . Y . . . . . . . Y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . Y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ) . . . . . . . I . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 02 00 00 7e 7c 00 00 7f 00 00 00 00 0e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 07 00 08 00 00 00 00 00 06 00 04 00 02 00 38 00 00 00 08 01 00 00 00 00 00 00 79 10 00 00 00 00 00 00 e0 00 00 00 00 00 00 00 59 11 00 00 00 00 00 00 59 09 00 00 00 00 00 00 81 11 00 00 00 00 00 00 b1 11 00 00 00 00 00 00 d9 11 00 00 00 00 |
Stream Path: Macros/VBA/__SRP_7, File Type: data, Stream Size: 214 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_7 |
File Type: | data |
Stream Size: | 214 |
Entropy: | 2.02020367547 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . n . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 06 00 ff ff ff ff ff ff ff ff 00 00 00 00 08 00 00 00 04 00 24 00 81 00 00 00 00 00 06 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 24 00 a9 00 00 00 00 00 06 00 01 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 24 00 |
Stream Path: Macros/VBA/__SRP_8, File Type: data, Stream Size: 338 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_8 |
File Type: | data |
Stream Size: | 338 |
Entropy: | 2.1262930191 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . Y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 1e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 09 00 58 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 01 00 00 00 02 00 31 0c 00 00 00 00 00 00 59 0c 00 00 00 00 00 00 81 0c 00 00 00 00 00 00 a9 0c 00 00 00 00 00 00 ff ff ff ff 09 0c 00 00 00 00 00 00 08 00 08 00 34 00 00 00 d1 0c 00 00 00 00 00 00 81 00 |
Stream Path: Macros/VBA/__SRP_9, File Type: data, Stream Size: 66 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_9 |
File Type: | data |
Stream Size: | 66 |
Entropy: | 1.75895870298 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . . . . . . . . n . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 08 00 ff ff ff ff ff ff ff ff 00 00 00 00 44 00 00 00 04 00 00 00 00 00 00 00 6e 00 00 7f 00 00 00 00 |
Stream Path: Macros/VBA/dir, File Type: data, Stream Size: 895 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/dir |
File Type: | data |
Stream Size: | 895 |
Entropy: | 6.60513916223 |
Base64 Encoded: | True |
Data ASCII: | . { . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . . l . . . . . . . . . . 7 . X A . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 . 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ S y s W O W 6 . 4 \\ . e 2 . t l b . # O L E A u t . o m a t i o n . ` . . . . E N o r m a l . . E N . C r . m . a Q . F . . . . . . . * . \\ C . . . . . 2 . X . |
Data Raw: | 01 7b b3 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e3 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 e7 37 87 58 41 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30 |
Stream Path: WordDocument, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | WordDocument |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 1.00956927837 |
Base64 Encoded: | False |
Data ASCII: | . . . . [ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . b j b j . . . . . . . . . . . . . . . . . . . . . . . . . . 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | ec a5 c1 00 5b 80 19 04 00 00 f0 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 01 08 00 00 0e 00 62 6a 62 6a ac fa ac fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 04 16 00 34 0e 00 00 ce 90 01 00 ce 90 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 17, 2016 12:53:59.383877993 CET | 50701 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:54:02.376952887 CET | 50701 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:54:05.377140045 CET | 50701 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:54:06.091500998 CET | 53 | 50701 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.119685888 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.119720936 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.119832039 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.120609999 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.120630026 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.539982080 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.540261030 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.542299986 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.542485952 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.542857885 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.542871952 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.542877913 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.542979956 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.567181110 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.567194939 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.567200899 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.567357063 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.570558071 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.570570946 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.570575953 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.570668936 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.572681904 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.572776079 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.598603010 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.598615885 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.598834038 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.664427996 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.664668083 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.670166016 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.670315027 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.670327902 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.670346975 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.670387983 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.670828104 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.677453995 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.677469015 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.677474022 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.677669048 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.694638014 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.694653034 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.694657087 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.694912910 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.694953918 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.695101976 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.698653936 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.698682070 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.698694944 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.698980093 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.724747896 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.724987030 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.726491928 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.726509094 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.726516962 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.726650953 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.773261070 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.773401022 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.773519039 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.773534060 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.773546934 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.773633003 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.778270960 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.778307915 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.778318882 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.778367043 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.778492928 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.778506994 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.778604984 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.778630972 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.778791904 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.778805971 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.778939962 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.778970003 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.779057980 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.779072046 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.779135942 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.779169083 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.779197931 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.779469967 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.779930115 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.792139053 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.792174101 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.792186022 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.792378902 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.801675081 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.801703930 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.801716089 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.801886082 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.801913977 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.802005053 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.802017927 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.802088022 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.802109957 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.802355051 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.842701912 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.842906952 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.844294071 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.844310999 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.844316959 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.844480038 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.847234011 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.847249985 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.847256899 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.847332001 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.870809078 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.870958090 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.881247044 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.881447077 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.881484032 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.881625891 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.881640911 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.881759882 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.881788015 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.882082939 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.883065939 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.883085966 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.883093119 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.883213043 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.883306980 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.883320093 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.883328915 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.883452892 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.883526087 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.883537054 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.883548021 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.883750916 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.883764029 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.883891106 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.883919001 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.884438992 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.884533882 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.887444973 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.887459993 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.887466908 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.887681007 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.887693882 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.887830019 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.887862921 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.887883902 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.887898922 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.888099909 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.888189077 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.888209105 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:06.888307095 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:06.892028093 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.588088989 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.588321924 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.588376999 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.588392973 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.588406086 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.588481903 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.588977098 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.589001894 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.589010954 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.589019060 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.589122057 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.589126110 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.589145899 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.589385033 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.589534044 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.589548111 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.589557886 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.589637995 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.589692116 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.589766026 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.590038061 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.590050936 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.590058088 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.590162039 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.590544939 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.590559006 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.590565920 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.590574980 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.590650082 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.590679884 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.590862036 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.590881109 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.591026068 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.591038942 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.591145039 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.591156960 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.591182947 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.591419935 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.591732025 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.591747046 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.591754913 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.591763020 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.592181921 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.592195988 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.592210054 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.592407942 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.592439890 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.592540979 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.592602968 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.592609882 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.592618942 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.592632055 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.592777967 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.592870951 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.592895985 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.593007088 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.593085051 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.593106031 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.593312025 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.593324900 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.593417883 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.593436956 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.593626976 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.593641043 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.593712091 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.593732119 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.593983889 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.593998909 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.594069004 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.594088078 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.594337940 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.594352007 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.594424009 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.594444036 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.594644070 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.594746113 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.594760895 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.594770908 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.594846964 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.595035076 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.595048904 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.595182896 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.595207930 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.595480919 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.595493078 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.595503092 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.595518112 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.595731020 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:07.595856905 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.605928898 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.615248919 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 |
Feb 17, 2016 12:54:07.615269899 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 |
Feb 17, 2016 12:54:09.678275108 CET | 53 | 50701 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:54:12.698214054 CET | 53 | 50701 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:54:42.350594997 CET | 59121 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:54:43.227881908 CET | 53 | 59121 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:54:43.247621059 CET | 59288 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:54:43.458369970 CET | 53 | 59288 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:54:43.481368065 CET | 49178 | 80 | 192.168.1.12 | 195.22.28.198 |
Feb 17, 2016 12:54:46.980875015 CET | 49178 | 80 | 192.168.1.12 | 195.22.28.198 |
Feb 17, 2016 12:54:53.407234907 CET | 49178 | 80 | 192.168.1.12 | 195.22.28.198 |
Feb 17, 2016 12:55:06.847500086 CET | 51672 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:55:07.184935093 CET | 53 | 51672 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:55:07.188388109 CET | 49179 | 80 | 192.168.1.12 | 104.238.173.18 |
Feb 17, 2016 12:55:11.126694918 CET | 49179 | 80 | 192.168.1.12 | 104.238.173.18 |
Feb 17, 2016 12:55:17.979657888 CET | 49179 | 80 | 192.168.1.12 | 104.238.173.18 |
Feb 17, 2016 12:55:31.537528992 CET | 53851 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:55:31.816312075 CET | 53 | 53851 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:55:31.818072081 CET | 49180 | 80 | 192.168.1.12 | 69.195.129.70 |
Feb 17, 2016 12:55:35.251157045 CET | 49180 | 80 | 192.168.1.12 | 69.195.129.70 |
Feb 17, 2016 12:55:41.798075914 CET | 49180 | 80 | 192.168.1.12 | 69.195.129.70 |
Feb 17, 2016 12:55:54.883810997 CET | 62542 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:55:55.099205971 CET | 53 | 62542 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:55:55.102441072 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 |
Feb 17, 2016 12:55:55.102489948 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 |
Feb 17, 2016 12:55:55.102610111 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 |
Feb 17, 2016 12:55:55.103916883 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 |
Feb 17, 2016 12:55:55.103950024 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 |
Feb 17, 2016 12:55:55.484471083 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 |
Feb 17, 2016 12:55:55.484724045 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 |
Feb 17, 2016 12:55:55.487229109 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 |
Feb 17, 2016 12:55:55.487262964 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 |
Feb 17, 2016 12:55:55.636116028 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 |
Feb 17, 2016 12:55:55.636367083 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 |
Feb 17, 2016 12:55:55.703996897 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 |
Feb 17, 2016 12:55:55.704232931 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 |
Feb 17, 2016 12:56:09.212443113 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 |
Feb 17, 2016 12:56:09.212466955 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 |
Feb 17, 2016 12:56:09.357455015 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 |
Feb 17, 2016 12:56:09.357568026 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 |
Feb 17, 2016 12:56:09.358383894 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 |
Feb 17, 2016 12:56:09.358401060 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 |
Feb 17, 2016 12:56:09.358539104 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 |
Feb 17, 2016 12:56:09.358552933 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 |
Feb 17, 2016 12:56:09.618470907 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 |
Feb 17, 2016 12:56:09.618570089 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 17, 2016 12:53:59.383877993 CET | 50701 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:54:02.376952887 CET | 50701 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:54:05.377140045 CET | 50701 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:54:06.091500998 CET | 53 | 50701 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:54:09.678275108 CET | 53 | 50701 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:54:12.698214054 CET | 53 | 50701 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:54:42.350594997 CET | 59121 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:54:43.227881908 CET | 53 | 59121 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:54:43.247621059 CET | 59288 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:54:43.458369970 CET | 53 | 59288 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:55:06.847500086 CET | 51672 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:55:07.184935093 CET | 53 | 51672 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:55:31.537528992 CET | 53851 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:55:31.816312075 CET | 53 | 53851 | 8.8.8.8 | 192.168.1.12 |
Feb 17, 2016 12:55:54.883810997 CET | 62542 | 53 | 192.168.1.12 | 8.8.8.8 |
Feb 17, 2016 12:55:55.099205971 CET | 53 | 62542 | 8.8.8.8 | 192.168.1.12 |
ICMP Packets |
---|
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Feb 17, 2016 12:54:04.829262972 CET | 192.168.1.12 | 8.8.8.8 | cf05 | (Port unreachable) | Destination Unreachable |
Feb 17, 2016 12:54:07.681622982 CET | 192.168.1.12 | 8.8.8.8 | cf05 | (Port unreachable) | Destination Unreachable |
Feb 17, 2016 12:54:09.678365946 CET | 192.168.1.12 | 8.8.8.8 | cf15 | (Port unreachable) | Destination Unreachable |
Feb 17, 2016 12:54:10.676949978 CET | 192.168.1.12 | 8.8.8.8 | cf05 | (Port unreachable) | Destination Unreachable |
Feb 17, 2016 12:54:12.698337078 CET | 192.168.1.12 | 8.8.8.8 | cf15 | (Port unreachable) | Destination Unreachable |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 17, 2016 12:53:59.383877993 CET | 192.168.1.12 | 8.8.8.8 | 0x27b0 | Standard query (0) | www.jesusdenazaret.com.ve | A (IP address) | IN (0x0001) |
Feb 17, 2016 12:54:02.376952887 CET | 192.168.1.12 | 8.8.8.8 | 0x27b0 | Standard query (0) | www.jesusdenazaret.com.ve | A (IP address) | IN (0x0001) |
Feb 17, 2016 12:54:05.377140045 CET | 192.168.1.12 | 8.8.8.8 | 0x27b0 | Standard query (0) | www.jesusdenazaret.com.ve | A (IP address) | IN (0x0001) |
Feb 17, 2016 12:54:42.350594997 CET | 192.168.1.12 | 8.8.8.8 | 0x5db6 | Standard query (0) | sdwempsovemtr.yt | A (IP address) | IN (0x0001) |
Feb 17, 2016 12:54:43.247621059 CET | 192.168.1.12 | 8.8.8.8 | 0x9a05 | Standard query (0) | kpybuhnosdrm.in | A (IP address) | IN (0x0001) |
Feb 17, 2016 12:55:06.847500086 CET | 192.168.1.12 | 8.8.8.8 | 0xd34a | Standard query (0) | xfyubqmldwvuyar.yt | A (IP address) | IN (0x0001) |
Feb 17, 2016 12:55:31.537528992 CET | 192.168.1.12 | 8.8.8.8 | 0x17ce | Standard query (0) | luvenxj.uk | A (IP address) | IN (0x0001) |
Feb 17, 2016 12:55:54.883810997 CET | 192.168.1.12 | 8.8.8.8 | 0xe729 | Standard query (0) | dkoipg.pw | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Replay Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 17, 2016 12:54:06.091500998 CET | 8.8.8.8 | 192.168.1.12 | 0x27b0 | No error (0) | www.jesusdenazaret.com.ve | 190.9.32.8 | A (IP address) | IN (0x0001) | |
Feb 17, 2016 12:54:09.678275108 CET | 8.8.8.8 | 192.168.1.12 | 0x27b0 | No error (0) | www.jesusdenazaret.com.ve | 190.9.32.8 | A (IP address) | IN (0x0001) | |
Feb 17, 2016 12:54:12.698214054 CET | 8.8.8.8 | 192.168.1.12 | 0x27b0 | No error (0) | www.jesusdenazaret.com.ve | 190.9.32.8 | A (IP address) | IN (0x0001) | |
Feb 17, 2016 12:54:43.227881908 CET | 8.8.8.8 | 192.168.1.12 | 0x5db6 | Name error (3) | sdwempsovemtr.yt | none | none | A (IP address) | IN (0x0001) |
Feb 17, 2016 12:54:43.458369970 CET | 8.8.8.8 | 192.168.1.12 | 0x9a05 | No error (0) | kpybuhnosdrm.in | 195.22.28.198 | A (IP address) | IN (0x0001) | |
Feb 17, 2016 12:55:07.184935093 CET | 8.8.8.8 | 192.168.1.12 | 0xd34a | No error (0) | xfyubqmldwvuyar.yt | 104.238.173.18 | A (IP address) | IN (0x0001) | |
Feb 17, 2016 12:55:31.816312075 CET | 8.8.8.8 | 192.168.1.12 | 0x17ce | No error (0) | luvenxj.uk | 69.195.129.70 | A (IP address) | IN (0x0001) | |
Feb 17, 2016 12:55:55.099205971 CET | 8.8.8.8 | 192.168.1.12 | 0xe729 | No error (0) | dkoipg.pw | 85.25.149.246 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Header | Total Bytes Transfered (KB) |
---|---|---|---|---|---|---|
Feb 17, 2016 12:54:06.120609999 CET | 49177 | 80 | 192.168.1.12 | 190.9.32.8 | 6 | |
Feb 17, 2016 12:54:06.539982080 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 7 | |
Feb 17, 2016 12:54:06.542299986 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 7 | |
Feb 17, 2016 12:54:06.542857885 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 9 | |
Feb 17, 2016 12:54:06.542871952 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 10 | |
Feb 17, 2016 12:54:06.542877913 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 11 | |
Feb 17, 2016 12:54:06.567181110 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 13 | |
Feb 17, 2016 12:54:06.567194939 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 14 | |
Feb 17, 2016 12:54:06.567200899 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 15 | |
Feb 17, 2016 12:54:06.570558071 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 17 | |
Feb 17, 2016 12:54:06.570570946 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 18 | |
Feb 17, 2016 12:54:06.570575953 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 19 | |
Feb 17, 2016 12:54:06.572681904 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 20 | |
Feb 17, 2016 12:54:06.598603010 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 21 | |
Feb 17, 2016 12:54:06.598615885 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 21 | |
Feb 17, 2016 12:54:06.664427996 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 22 | |
Feb 17, 2016 12:54:06.670166016 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 23 | |
Feb 17, 2016 12:54:06.670315027 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 25 | |
Feb 17, 2016 12:54:06.670327902 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 26 | |
Feb 17, 2016 12:54:06.670387983 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 26 | |
Feb 17, 2016 12:54:06.677453995 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 28 | |
Feb 17, 2016 12:54:06.677469015 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 29 | |
Feb 17, 2016 12:54:06.677474022 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 30 | |
Feb 17, 2016 12:54:06.694638014 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 32 | |
Feb 17, 2016 12:54:06.694653034 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 33 | |
Feb 17, 2016 12:54:06.694657087 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 34 | |
Feb 17, 2016 12:54:06.694953918 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 35 | |
Feb 17, 2016 12:54:06.698653936 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 37 | |
Feb 17, 2016 12:54:06.698682070 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 38 | |
Feb 17, 2016 12:54:06.698694944 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 39 | |
Feb 17, 2016 12:54:06.724747896 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 40 | |
Feb 17, 2016 12:54:06.726491928 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 41 | |
Feb 17, 2016 12:54:06.726509094 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 43 | |
Feb 17, 2016 12:54:06.726516962 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 43 | |
Feb 17, 2016 12:54:06.773261070 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 44 | |
Feb 17, 2016 12:54:06.773519039 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 45 | |
Feb 17, 2016 12:54:06.773534060 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 47 | |
Feb 17, 2016 12:54:06.773546934 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 48 | |
Feb 17, 2016 12:54:06.778270960 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 49 | |
Feb 17, 2016 12:54:06.778307915 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 51 | |
Feb 17, 2016 12:54:06.778318882 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 52 | |
Feb 17, 2016 12:54:06.778492928 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 54 | |
Feb 17, 2016 12:54:06.778506994 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 55 | |
Feb 17, 2016 12:54:06.778630972 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 56 | |
Feb 17, 2016 12:54:06.778791904 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 57 | |
Feb 17, 2016 12:54:06.778805971 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 59 | |
Feb 17, 2016 12:54:06.778970003 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 60 | |
Feb 17, 2016 12:54:06.779057980 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 61 | |
Feb 17, 2016 12:54:06.779072046 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 63 | |
Feb 17, 2016 12:54:06.779135942 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 64 | |
Feb 17, 2016 12:54:06.779197931 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 64 | |
Feb 17, 2016 12:54:06.792139053 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 66 | |
Feb 17, 2016 12:54:06.792174101 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 67 | |
Feb 17, 2016 12:54:06.792186022 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 68 | |
Feb 17, 2016 12:54:06.801675081 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 70 | |
Feb 17, 2016 12:54:06.801703930 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 71 | |
Feb 17, 2016 12:54:06.801716089 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 72 | |
Feb 17, 2016 12:54:06.801913977 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 73 | |
Feb 17, 2016 12:54:06.802005053 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 75 | |
Feb 17, 2016 12:54:06.802017927 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 76 | |
Feb 17, 2016 12:54:06.802109957 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 77 | |
Feb 17, 2016 12:54:06.842701912 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 77 | |
Feb 17, 2016 12:54:06.844294071 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 79 | |
Feb 17, 2016 12:54:06.844310999 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 80 | |
Feb 17, 2016 12:54:06.844316959 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 81 | |
Feb 17, 2016 12:54:06.847234011 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 83 | |
Feb 17, 2016 12:54:06.847249985 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 84 | |
Feb 17, 2016 12:54:06.847256899 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 84 | |
Feb 17, 2016 12:54:06.870809078 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 85 | |
Feb 17, 2016 12:54:06.881247044 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 87 | |
Feb 17, 2016 12:54:06.881484032 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 87 | |
Feb 17, 2016 12:54:06.881625891 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 89 | |
Feb 17, 2016 12:54:06.881640911 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 90 | |
Feb 17, 2016 12:54:06.881788015 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 91 | |
Feb 17, 2016 12:54:06.883065939 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 92 | |
Feb 17, 2016 12:54:06.883085966 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 94 | |
Feb 17, 2016 12:54:06.883093119 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 94 | |
Feb 17, 2016 12:54:06.883306980 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 96 | |
Feb 17, 2016 12:54:06.883320093 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 97 | |
Feb 17, 2016 12:54:06.883328915 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 98 | |
Feb 17, 2016 12:54:06.883526087 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 100 | |
Feb 17, 2016 12:54:06.883537054 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 102 | |
Feb 17, 2016 12:54:06.883548021 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 103 | |
Feb 17, 2016 12:54:06.883750916 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 104 | |
Feb 17, 2016 12:54:06.883764029 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 106 | |
Feb 17, 2016 12:54:06.883919001 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 107 | |
Feb 17, 2016 12:54:06.887444973 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 108 | |
Feb 17, 2016 12:54:06.887459993 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 110 | |
Feb 17, 2016 12:54:06.887466908 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 111 | |
Feb 17, 2016 12:54:06.887681007 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 112 | |
Feb 17, 2016 12:54:06.887693882 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 114 | |
Feb 17, 2016 12:54:06.887862921 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 115 | |
Feb 17, 2016 12:54:06.887883902 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 116 | |
Feb 17, 2016 12:54:06.887898922 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 118 | |
Feb 17, 2016 12:54:06.888209105 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 119 | |
Feb 17, 2016 12:54:07.588088989 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 120 | |
Feb 17, 2016 12:54:07.588376999 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 121 | |
Feb 17, 2016 12:54:07.588392973 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 123 | |
Feb 17, 2016 12:54:07.588406086 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 123 | |
Feb 17, 2016 12:54:07.588977098 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 124 | |
Feb 17, 2016 12:54:07.589001894 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 126 | |
Feb 17, 2016 12:54:07.589010954 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 127 | |
Feb 17, 2016 12:54:07.589019060 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 129 | |
Feb 17, 2016 12:54:07.589126110 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 130 | |
Feb 17, 2016 12:54:07.589145899 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 131 | |
Feb 17, 2016 12:54:07.589534044 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 133 | |
Feb 17, 2016 12:54:07.589548111 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 134 | |
Feb 17, 2016 12:54:07.589557886 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 135 | |
Feb 17, 2016 12:54:07.589692116 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 136 | |
Feb 17, 2016 12:54:07.590038061 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 138 | |
Feb 17, 2016 12:54:07.590050936 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 139 | |
Feb 17, 2016 12:54:07.590058088 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 140 | |
Feb 17, 2016 12:54:07.590544939 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 142 | |
Feb 17, 2016 12:54:07.590559006 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 143 | |
Feb 17, 2016 12:54:07.590565920 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 145 | |
Feb 17, 2016 12:54:07.590574980 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 146 | |
Feb 17, 2016 12:54:07.590679884 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 147 | |
Feb 17, 2016 12:54:07.590881109 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 148 | |
Feb 17, 2016 12:54:07.591026068 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 149 | |
Feb 17, 2016 12:54:07.591038942 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 151 | |
Feb 17, 2016 12:54:07.591145039 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 152 | |
Feb 17, 2016 12:54:07.591182947 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 153 | |
Feb 17, 2016 12:54:07.591732025 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 154 | |
Feb 17, 2016 12:54:07.591747046 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 156 | |
Feb 17, 2016 12:54:07.591754913 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 157 | |
Feb 17, 2016 12:54:07.591763020 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 158 | |
Feb 17, 2016 12:54:07.592181921 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 160 | |
Feb 17, 2016 12:54:07.592195988 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 161 | |
Feb 17, 2016 12:54:07.592210054 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 163 | |
Feb 17, 2016 12:54:07.592439890 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 163 | |
Feb 17, 2016 12:54:07.592602968 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 165 | |
Feb 17, 2016 12:54:07.592618942 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 166 | |
Feb 17, 2016 12:54:07.592632055 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 167 | |
Feb 17, 2016 12:54:07.592777967 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 169 | |
Feb 17, 2016 12:54:07.592895985 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 169 | |
Feb 17, 2016 12:54:07.593007088 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 170 | |
Feb 17, 2016 12:54:07.593106031 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 171 | |
Feb 17, 2016 12:54:07.593312025 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 172 | |
Feb 17, 2016 12:54:07.593324900 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 174 | |
Feb 17, 2016 12:54:07.593436956 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 174 | |
Feb 17, 2016 12:54:07.593626976 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 176 | |
Feb 17, 2016 12:54:07.593641043 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 177 | |
Feb 17, 2016 12:54:07.593732119 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 178 | |
Feb 17, 2016 12:54:07.593983889 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 179 | |
Feb 17, 2016 12:54:07.593998909 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 181 | |
Feb 17, 2016 12:54:07.594088078 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 182 | |
Feb 17, 2016 12:54:07.594337940 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 183 | |
Feb 17, 2016 12:54:07.594352007 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 185 | |
Feb 17, 2016 12:54:07.594444036 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 186 | |
Feb 17, 2016 12:54:07.594746113 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 187 | |
Feb 17, 2016 12:54:07.594760895 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 189 | |
Feb 17, 2016 12:54:07.594770908 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 190 | |
Feb 17, 2016 12:54:07.595035076 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 191 | |
Feb 17, 2016 12:54:07.595048904 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 193 | |
Feb 17, 2016 12:54:07.595207930 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 194 | |
Feb 17, 2016 12:54:07.595493078 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 195 | |
Feb 17, 2016 12:54:07.595503092 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 197 | |
Feb 17, 2016 12:54:07.595518112 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 197 | |
Feb 17, 2016 12:54:07.595731020 CET | 80 | 49177 | 190.9.32.8 | 192.168.1.12 | 199 | |
Feb 17, 2016 12:55:55.103916883 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 | 202 | |
Feb 17, 2016 12:55:55.484471083 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 | 202 | |
Feb 17, 2016 12:55:55.487229109 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 | 203 | |
Feb 17, 2016 12:55:55.636116028 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 | 203 | |
Feb 17, 2016 12:55:55.703996897 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 | 204 | |
Feb 17, 2016 12:56:09.212443113 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 | 205 | |
Feb 17, 2016 12:56:09.357455015 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 | 206 | |
Feb 17, 2016 12:56:09.358383894 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 | 206 | |
Feb 17, 2016 12:56:09.358539104 CET | 49181 | 80 | 192.168.1.12 | 85.25.149.246 | 207 | |
Feb 17, 2016 12:56:09.618470907 CET | 80 | 49181 | 85.25.149.246 | 192.168.1.12 | 207 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 12:53:20 |
Start date: | 17/02/2016 |
Path: | C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | unknown |
Imagebase: | 0x30000000 |
File size: | 12047560 bytes |
MD5 hash: | 5FEAF6AB43AA477597F9F8DB0E8CB69C |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 12:54:00 |
Start date: | 17/02/2016 |
Path: | C:\Users\admin\AppData\Local\Temp\ladybi.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Users\admin\AppData\Local\Temp\ladybi.exe |
Imagebase: | 0x400000 |
File size: | 184320 bytes |
MD5 hash: | FB6CA1CD232151D667F6CD2484FEE8C8 |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 12:55:47 |
Start date: | 17/02/2016 |
Path: | C:\Windows\System32\vssadmin.exe |
Wow64 process (32bit): | false |
Commandline: | vssadmin.exe Delete Shadows /All /Quiet |
Imagebase: | 0x6b0000 |
File size: | 115200 bytes |
MD5 hash: | 6E248A3D528EDE43994457CF417BD665 |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 12:55:48 |
Start date: | 17/02/2016 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | unknown |
Imagebase: | 0xf60000 |
File size: | 20992 bytes |
MD5 hash: | 54A47F6B5E09A77E61649109C6A08866 |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 25.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 15% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 16 |
Graph
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|