Analysis Report
Overview
General Information |
---|
Joe Sandbox Version: | 16.0.0 |
Analysis ID: | 162804 |
Start time: | 12:41:52 |
Joe Sandbox Product: | Cloud |
Start date: | 07.09.2016 |
Overall analysis duration: | 0h 10m 41s |
Report type: | full |
Sample file name: | ms.doc |
Cookbook file name: | defaultwindowsdocumentcookbook.jbs |
Analysis system description: | Windows 7 (Office 2016 v15, Java 1.8.71, Flash 20.0.0.286, Acrobat Reader 11.0.14, Internet Explorer 11, Chrome 48, Firefox 44) |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies |
|
Detection: | MAL |
Classification: | mal88.evad.expl.winDOC@5/9@9/3 |
HCA Information: |
|
EGA Information: |
|
HDC Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 88 | 0 - 100 | Report FP / FN |
Classification |
---|
Analysis Advice |
---|
Sample monitors Window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook |
Sample sleeps for a long time, analyze it with the 'Bypass long sleeps' cookbook |
Sample tries to load a library which is not present or installed on the analysis machine, update the analysis machine |
Signature Overview |
---|
Click to jump to signature section
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality to record screenshots | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_00234160 |
Software Vulnerablities: |
---|
Potential document exploit detected (performs DNS queries) | Show sources |
Source: global traffic | DNS query: |
Potential document exploit detected (performs HTTP gets) | Show sources |
Source: global traffic | TCP traffic: |
Potential document exploit detected (unknown TCP traffic) | Show sources |
Source: global traffic | TCP traffic: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Process created: |
Document exploit detected (dops PE files) | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | File created: |
Networking: |
---|
Urls found in memory or binary data | Show sources |
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: WINWORD.EXE, ms.doc | String found in binary or memory: | ||
Source: WINWORD.EXE, ms.doc | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE, rundll32.exe | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: WINWORD.EXE | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: ms.doc | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: |
Downloads files | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | File created: |
Downloads files from webservers via HTTP | Show sources |
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: |
Found strings which match to known social media urls | Show sources |
Source: rundll32.exe | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: | ||
Source: WINWORD.EXE, ms.doc | String found in binary or memory: | ||
Source: rundll32.exe | String found in binary or memory: |
Performs DNS lookups | Show sources |
Source: unknown | DNS traffic detected: |
Uses HTTPS | Show sources |
Source: unknown | Network traffic detected: | ||
Source: unknown | Network traffic detected: | ||
Source: unknown | Network traffic detected: | ||
Source: unknown | Network traffic detected: |
Uses a known web browser user agent for HTTP communication | Show sources |
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: |
Boot Survival: |
---|
Creates an autostart registry key | Show sources |
Source: C:\Windows\System32\rundll32.exe | Registry value created or modified: | ||
Source: C:\Windows\System32\rundll32.exe | Registry value created or modified: |
Persistence and Installation Behavior: |
---|
Drops PE files | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | File created: |
Installs new ROOT certificates | Show sources |
Source: C:\Windows\System32\rundll32.exe | Registry value created: | ||
Source: C:\Windows\System32\rundll32.exe | Registry value created: |
Data Obfuscation: |
---|
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_63C0724C |
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_00230A51 |
Document contains an embedded VBA with many string operations indicating source code obfuscation | Show sources |
Source: ms.doc | Stream path 'Macros/VBA/Module1' : |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 3_2_5ADE1F27 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 3_1_5ADE1F27 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_5ADE1F27 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_002315D0 |
System Summary: |
---|
Checks whether correct version of .NET is installed | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Key opened: |
Checks if Microsoft Office is installed | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Key opened: |
Uses new MSVCR Dlls | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | File opened: |
Classification label | Show sources |
Source: classification engine | Classification label: |
Contains functionality to adjust token privileges (e.g. debug / backup) | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_00230A70 |
Contains functionality to check free disk space | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_00232347 |
Contains functionality to enum processes or threads | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_00232740 |
Contains functionality to load and extract PE file embedded resources | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_63C07EC0 |
Creates files inside the user directory | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | File created: |
Creates temporary files | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | File created: |
Document contains an OLE Word Document stream indicating a Microsoft Word file | Show sources |
Source: ms.doc | OLE indicator, Word Document stream: |
Reads ini files | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | File read: |
Reads software policies | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Key opened: |
Runs a DLL by calling functions | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Process created: |
Spawns processes | Show sources |
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Process created: | ||
Source: C:\Windows\System32\rundll32.exe | Process created: |
Uses an in-process (OLE) Automation server | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Key value queried: |
Document contains embedded VBA macros | Show sources |
Source: ms.doc | OLE indicator, VBA macros: |
Document contains summary information with irregular field values | Show sources |
Source: ms.doc | OLE document summary: |
Reads the hosts file | Show sources |
Source: C:\Windows\System32\rundll32.exe | File read: |
Tries to load missing DLLs | Show sources |
Source: C:\Windows\System32\rundll32.exe | Section loaded: | ||
Source: C:\Windows\System32\rundll32.exe | Section loaded: | ||
Source: C:\Windows\System32\rundll32.exe | Section loaded: | ||
Source: C:\Windows\System32\rundll32.exe | Section loaded: | ||
Source: C:\Windows\System32\rundll32.exe | Section loaded: | ||
Source: C:\Windows\System32\rundll32.exe | Section loaded: |
Document contains an embedded VBA macro which executes code when the document is opened / closed | Show sources |
Source: ms.doc | OLE, VBA macro line: | ||
Source: ms.doc | OLE, VBA macro line: |
Document contains an embedded VBA macro which may execute processes | Show sources |
Source: ms.doc | OLE, VBA macro line: | ||
Source: ms.doc | OLE, VBA macro line: | ||
Source: ms.doc | OLE, VBA macro line: | ||
Source: ms.doc | OLE, VBA macro line: | ||
Source: ms.doc | OLE, VBA macro line: |
Document contains an embedded VBA macro with suspicious strings | Show sources |
Source: ms.doc | OLE, VBA macro line: | ||
Source: ms.doc | OLE, VBA macro line: | ||
Source: ms.doc | OLE, VBA macro line: | ||
Source: ms.doc | OLE, VBA macro line: | ||
Source: ms.doc | OLE, VBA macro line: | ||
Source: ms.doc | OLE, VBA macro line: | ||
Source: ms.doc | OLE, VBA macro line: |
HIPS / PFW / Operating System Protection Evasion: |
---|
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: rundll32.exe | Binary or memory string: | ||
Source: rundll32.exe | Binary or memory string: | ||
Source: rundll32.exe | Binary or memory string: |
Anti Debugging: |
---|
Contains functionality to register its own exception handler | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 3_2_5ADE2580 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 3_1_5ADE2580 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_5ADE2580 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_5ADE2570 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_5ADE256D | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_63C07590 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_63C13870 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_63C1386C | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_00221179 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_002357F0 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_002357EC |
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) | Show sources |
Source: C:\Windows\System32\rundll32.exe | System information queried: |
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_63C0724C |
Contains functionality to read the PEB | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_63C07EC0 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_63C07F07 |
Contains functionality which may be used to detect a debugger (GetProcessHeap) | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_63C07EC0 |
Enables debug privileges | Show sources |
Source: C:\Windows\System32\rundll32.exe | Process token adjusted: |
Malware Analysis System Evasion: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 3_2_5ADE1F27 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 3_1_5ADE1F27 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_5ADE1F27 | |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_002315D0 |
Found a high number of Window / User specific system calls (may be a loop to detect user behavior) | Show sources |
Source: C:\Windows\System32\rundll32.exe | Window / User API: | ||
Source: C:\Windows\System32\rundll32.exe | Window / User API: | ||
Source: C:\Windows\System32\rundll32.exe | Window / User API: | ||
Source: C:\Windows\System32\rundll32.exe | Window / User API: | ||
Source: C:\Windows\System32\rundll32.exe | Window / User API: |
Found evasive API chain (may stop execution after accessing registry keys) | Show sources |
Source: C:\Windows\System32\rundll32.exe | Evasive API call chain: | graph_4-27843 |
Found large amount of non-executed APIs | Show sources |
Source: C:\Windows\System32\rundll32.exe | API coverage: |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: C:\Windows\System32\rundll32.exe TID: 3220 | Thread sleep count: | ||
Source: C:\Windows\System32\rundll32.exe TID: 2288 | Thread sleep count: | ||
Source: C:\Windows\System32\rundll32.exe TID: 3664 | Thread sleep count: | ||
Source: C:\Windows\System32\rundll32.exe TID: 3664 | Thread sleep time: | ||
Source: C:\Windows\System32\rundll32.exe TID: 3652 | Thread sleep count: | ||
Source: C:\Windows\System32\rundll32.exe TID: 3652 | Thread sleep count: | ||
Source: C:\Windows\System32\rundll32.exe TID: 3652 | Thread sleep time: |
Found stalling execution ending in API Sleep call | Show sources |
Source: C:\Windows\System32\rundll32.exe | Stalling execution: | graph_4-27920 |
Queries sensitive BIOS Information (via WMI, Win32_Bios, often done to detect virtual machines) | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | WMI Queries: |
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines) | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | WMI Queries: |
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | WMI Queries: |
Hooking and other Techniques for Hiding and Protection: |
---|
Disables application error messsages (SetErrorMode) | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Process information set: | ||
Source: C:\Windows\System32\rundll32.exe | Process information set: | ||
Source: C:\Windows\System32\rundll32.exe | Process information set: |
Document contains OLE streams with high entropy indicating encrypted embedded content | Show sources |
Source: ms.doc | Stream path 'Data' entropy: |
Stores large binary data to the registry | Show sources |
Source: C:\Windows\System32\rundll32.exe | Key value created or modified: |
Language, Device and Operating System Detection: |
---|
Contains functionality to query local / system time | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_63C137C0 |
Contains functionality to query the account / user name | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_00233270 |
Contains functionality to query time zone information | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_00232DD0 |
Contains functionality to query windows version | Show sources |
Source: C:\Windows\System32\rundll32.exe | Code function: | 4_2_63C07EC0 |
Queries the cryptographic machine GUID | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Key value queried: |
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Queries volume information: | ||
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | Queries volume information: |
Behavior Graph |
---|
Yara Overview |
---|
No Yara matches |
---|
Screenshot |
---|
Startup |
---|
|
Created / dropped Files |
---|
File Path | Type and Hashes |
---|---|
| |
| |
| |
| |
| |
| |
| |
| |
|
Contacted Domains/Contacted IPs |
---|
Contacted Domains |
---|
Name | IP | Active |
---|---|---|
www.diefenbachgymnasium.at | 176.9.16.213 | true |
www.multipassplus.eu | 85.90.53.159 | true |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Country | Flag | ASN | ASN Name |
---|---|---|---|---|
8.8.8.8 | United States | 15169 | GoogleInc | |
85.90.53.159 | United Kingdom | 39116 | TelehouseInternationalCorporationofEuropeLtd | |
176.9.16.213 | Germany | 24940 | HetznerOnlineAG |
Static File Info |
---|
General | |
---|---|
File type: | 0 |
TrID: |
|
File name: | ms.doc |
File size: | 417792 |
MD5: | af0e156bd39be48edd884578616ab153 |
SHA1: | 94c5ca0a2774829df7a98c1d5f05bdf1c4892519 |
SHA256: | f13a11cdbbb30193121b6da215f0792c75945f950ccef7d9be530c25851bd065 |
SHA512: | 099a6c5e7645393286b1d9f6ca8d44321454476202f7c7ede6e6e2301e8150dc5d264a463e5ce5eab59fd307ba5d27208f90d74bc4c91a98baeb427e09754905 |
File Icon |
---|
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Office Word |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1252 |
Title: | Top Risks 2016 |
Subject: | |
Author: | EG_CKupchan |
Keywords: | |
Comments: | |
Template: | Normal.dotm |
Last Saved By: | EG_CKupchan |
Revion Number: | 2 |
Total Edit Time: | 0 |
Create Time: | 2016-08-25 12:39:00 |
Last Saved Time: | 2016-08-25 12:39:00 |
Number of Pages: | 1 |
Number of Words: | 1446 |
Number of Characters: | 8245 |
Creating Application: | Microsoft Office Word |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1252 |
Number of Lines: | 68 |
Number of Paragraphs: | 19 |
Thumbnail Scaling Desired: | False |
Company: | Eurasiagroup.net |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
Streams with VBA |
---|
VBA File Name: Class1.cls, Stream Size: 5637 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/Class1 |
VBA File Name: | Class1.cls |
Stream Size: | 5637 |
Data ASCII: | . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . } . . . . . . . . . . . . \\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 01 f0 00 00 00 ac 04 00 00 d4 00 00 00 30 02 00 00 ff ff ff ff c9 04 00 00 7d 0e 00 00 00 00 00 00 01 00 00 00 87 5c be d4 00 00 ff ff 01 00 00 00 80 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code with Deobfuscations |
---|
|
VBA Code |
---|
|
VBA File Name: Module1.bas, Stream Size: 82528 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/Module1 |
VBA File Name: | Module1.bas |
Stream Size: | 82528 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . . . . . \\ 5 , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 1c 12 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 24 12 00 00 c8 e7 00 00 00 00 00 00 01 00 00 00 87 5c 35 2c 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code with Deobfuscations |
---|
|
VBA Code |
---|
|
VBA File Name: ThisDocument.cls, Stream Size: 1097 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/ThisDocument |
VBA File Name: | ThisDocument.cls |
Stream Size: | 1097 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . D . . . R . . . . . . . . . . . . . . . . \\ s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . < . . . . . M c . = . 2 B I . . G . . P . q . . p V r . $ N . . 5 2 W . Z . . . . . . . . . . . . . . . . . . . . . . . T / ' . ! @ . . . . L . H P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . T / ' . ! @ . . . . L . H P M c . = . 2 B I . . G . . P . q . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 06 00 01 00 00 16 03 00 00 e4 00 00 00 ea 01 00 00 44 03 00 00 52 03 00 00 a6 03 00 00 00 00 00 00 01 00 00 00 87 5c 73 f9 00 00 ff ff a3 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 3c 00 ff ff 00 00 4d 63 b1 3d 86 32 42 49 ac da 47 cb ef 50 d1 71 ce c9 70 56 72 d3 24 4e 8b 17 35 32 57 d5 5a 07 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code with Deobfuscations |
---|
|
VBA Code |
---|
|
Streams |
---|
Stream Path: \x1CompObj, File Type: data, Stream Size: 121 |
---|
General | |
---|---|
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 121 |
Entropy: | 4.36374049783 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . F ' . . . M i c r o s o f t O f f i c e W o r d 9 7 - 2 0 0 3 D o c u m e n t . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 27 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 57 6f 72 64 20 39 37 2d 32 30 30 33 20 44 6f 63 75 6d 65 6e 74 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.864029729664 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . D . . . . . . . . . . . . . . . + , . . L . . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E u r a s i a g r o u p . n e t . . . . . . . . D . . . . . . . . . . . . . . . . % . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 4c 01 00 00 08 01 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 8c 00 00 00 06 00 00 00 94 00 00 00 11 00 00 00 9c 00 00 00 17 00 00 00 a4 00 00 00 0b 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.536766333457 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . < . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . T o p R i s k s 2 0 1 6 . . . . . . . . . . . . . . . . . . . . . . E G _ C K u p c h a n . |
Data Raw: | fe ff 00 00 06 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 80 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 b0 00 00 00 04 00 00 00 bc 00 00 00 05 00 00 00 d0 00 00 00 06 00 00 00 dc 00 00 00 07 00 00 00 e8 00 00 00 08 00 00 00 fc 00 00 00 09 00 00 00 10 01 00 00 |
Stream Path: 1Table, File Type: data, Stream Size: 8624 |
---|
General | |
---|---|
Stream Path: | 1Table |
File Type: | data |
Stream Size: | 8624 |
Entropy: | 5.61096276895 |
Base64 Encoded: | True |
Data ASCII: | j . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . |
Data Raw: | 6a 04 12 00 12 00 01 00 0b 01 0f 00 07 00 06 00 06 00 06 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 |
Stream Path: Data, File Type: data, Stream Size: 137675 |
---|
General | |
---|---|
Stream Path: | Data |
File Type: | data |
Stream Size: | 137675 |
Entropy: | 7.90682141357 |
Base64 Encoded: | True |
Data ASCII: | . * . . D . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . j . . . . . . . . . . . . . . . . . . . . . . . F . . . . . . . . . . A . . . . . . . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . i . c . t . u . r . e . . 3 . . . . . . . . . . . . . . . b . . . Z ) . . . . B J . i . . * J . . . . . . ] . . . 6 ) . . . . . . D . . . . . . . . n . . . ) . . B J . i . . * J . . . . . . ] . . . P N G . |
Data Raw: | 18 2a 00 00 44 00 64 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 17 90 06 f4 01 f4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 f0 6a 00 00 00 b2 04 0a f0 08 00 00 00 02 04 00 00 00 0a 00 00 83 00 0b f0 46 00 00 00 bf 00 04 00 04 00 04 41 01 00 00 00 05 c1 02 00 00 00 3f 01 00 00 06 00 bf 01 00 00 |
Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 451 |
---|
General | |
---|---|
Stream Path: | Macros/PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 451 |
Entropy: | 5.29685117534 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 1 D 2 3 5 0 3 0 - 3 3 4 E - 4 F 5 3 - 8 E D 3 - F 0 8 A 4 8 1 C 0 2 7 C } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . C l a s s = C l a s s 1 . . M o d u l e = M o d u l e 1 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 9 B 9 9 3 5 B 4 2 C B 8 2 C B 8 2 C B 8 2 C B 8 " . . D P B = " 8 E 8 C 2 0 C 9 E 0 4 F D 2 5 0 D 2 5 0 D 2 " . . G C = " 8 1 8 3 2 F 3 0 3 0 3 0 3 |
Data Raw: | 49 44 3d 22 7b 31 44 32 33 35 30 33 30 2d 33 33 34 45 2d 34 46 35 33 2d 38 45 44 33 2d 46 30 38 41 34 38 31 43 30 32 37 43 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 43 6c 61 73 73 3d 43 6c 61 73 73 31 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 4e 61 6d 65 3d 22 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c |
Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 86 |
---|
General | |
---|---|
Stream Path: | Macros/PROJECTwm |
File Type: | data |
Stream Size: | 86 |
Entropy: | 3.33757783544 |
Base64 Encoded: | False |
Data ASCII: | T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . C l a s s 1 . C . l . a . s . s . 1 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . . . |
Data Raw: | 54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 43 6c 61 73 73 31 00 43 00 6c 00 61 00 73 00 73 00 31 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 00 00 |
Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 4934 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 4934 |
Entropy: | 5.01251614613 |
Base64 Encoded: | False |
Data ASCII: | . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 1 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . |
Data Raw: | cc 61 85 00 00 01 00 ff 09 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
Stream Path: Macros/VBA/__SRP_0, File Type: data, Stream Size: 1238 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_0 |
File Type: | data |
Stream Size: | 1238 |
Entropy: | 4.25650919772 |
Base64 Encoded: | False |
Data ASCII: | . K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * \\ C N o r m a l r U . . . . . . . . . . . . . . . . . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X . . . . N . . p . 2 . < . . . . . . . . . . . . . . . . . . . . . . . . . . . . . e . . . . . . . . . i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 93 4b 2a 85 01 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 01 00 09 00 00 00 2a 5c 43 4e 6f 72 6d 61 6c 72 55 00 01 00 00 80 00 00 00 80 00 00 00 80 00 00 00 04 00 00 7e 05 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 |
Stream Path: Macros/VBA/__SRP_1, File Type: data, Stream Size: 110 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_1 |
File Type: | data |
Stream Size: | 110 |
Entropy: | 2.19841915646 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . ~ } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . . . . . . . p . . . . . . . |
Data Raw: | 72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 01 00 00 7e 7d 00 00 7f 00 00 00 00 0a 00 00 00 09 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 09 00 00 00 00 00 03 00 ff ff ff ff ff ff ff ff 03 00 00 09 d9 02 00 00 00 00 00 00 21 06 00 00 00 00 00 00 08 00 00 00 00 00 01 00 70 00 00 7f 00 00 00 00 |
Stream Path: Macros/VBA/__SRP_2, File Type: data, Stream Size: 220 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_2 |
File Type: | data |
Stream Size: | 220 |
Entropy: | 2.16227617229 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 . . . ! . . . . . . . a . . . . . . . I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 1e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 03 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 00 00 01 00 a9 05 00 00 00 00 00 00 d1 05 00 00 00 00 00 00 f9 05 00 00 00 00 00 00 09 00 00 00 01 00 02 00 81 05 00 00 00 00 00 00 08 00 0d 00 34 00 00 00 21 06 00 00 00 00 00 00 61 00 00 00 00 00 |
Stream Path: Macros/VBA/__SRP_3, File Type: data, Stream Size: 66 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_3 |
File Type: | data |
Stream Size: | 66 |
Entropy: | 1.75895870298 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . n . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff 00 00 00 00 40 00 00 00 04 00 00 00 00 00 00 00 6e 00 00 7f 00 00 00 00 |
Stream Path: Macros/VBA/dir, File Type: data, Stream Size: 601 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/dir |
File Type: | data |
Stream Size: | 601 |
Entropy: | 6.42123725647 |
Base64 Encoded: | True |
Data ASCII: | . U . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . . l . . . . . . . . . ) . . Y 3 . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 . 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ s y s t e m 3 . 2 \\ . e 2 . t l b . # O L E A u t . o m a t i o n . ` . . . . E N o r m a l . . E N . C r . m . a Q . F . . . . . . . * , \\ C . . . . ( . m . . |
Data Raw: | 01 55 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 29 fd 87 59 33 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30 |
Stream Path: MsoDataStore/ATA\x1964\x206L\x222OU4\x198\x218\x223\x223U\x194\x195WU\x219Q==/Item, File Type: ASCII text, with no line terminators, Stream Size: 252 |
---|
General | |
---|---|
Stream Path: | MsoDataStore/ATA\x1964\x206L\x222OU4\x198\x218\x223\x223U\x194\x195WU\x219Q==/Item |
File Type: | ASCII text, with no line terminators |
Stream Size: | 252 |
Entropy: | 4.97775183557 |
Base64 Encoded: | False |
Data ASCII: | < b : S o u r c e s S e l e c t e d S t y l e = " \\ A P A S i x t h E d i t i o n O f f i c e O n l i n e . x s l " S t y l e N a m e = " A P A " V e r s i o n = " 6 " x m l n s : b = " h t t p : / / s c h e m a s . o p e n x m l f o r m a t s . o r g / o f f i c e D o c u m e n t / 2 0 0 6 / b i b l i o g r a p h y " x m l n s = " h t t p : / / s c h e m a s . o p e n x m l f o r m a t s . o r g / o f f i c e D o c u m e n t / 2 0 0 6 / b i b l i o g r a p h y " > < / b : S o u r c e s > |
Data Raw: | 3c 62 3a 53 6f 75 72 63 65 73 20 53 65 6c 65 63 74 65 64 53 74 79 6c 65 3d 22 5c 41 50 41 53 69 78 74 68 45 64 69 74 69 6f 6e 4f 66 66 69 63 65 4f 6e 6c 69 6e 65 2e 78 73 6c 22 20 53 74 79 6c 65 4e 61 6d 65 3d 22 41 50 41 22 20 56 65 72 73 69 6f 6e 3d 22 36 22 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6f 70 65 6e 78 6d 6c 66 6f 72 6d 61 74 73 2e 6f |
Stream Path: MsoDataStore/ATA\x1964\x206L\x222OU4\x198\x218\x223\x223U\x194\x195WU\x219Q==/Properties, File Type: XML document text, Stream Size: 341 |
---|
General | |
---|---|
Stream Path: | MsoDataStore/ATA\x1964\x206L\x222OU4\x198\x218\x223\x223U\x194\x195WU\x219Q==/Properties |
File Type: | XML document text |
Stream Size: | 341 |
Entropy: | 5.26055945721 |
Base64 Encoded: | True |
Data ASCII: | < ? x m l v e r s i o n = " 1 . 0 " e n c o d i n g = " U T F - 8 " s t a n d a l o n e = " n o " ? > . . < d s : d a t a s t o r e I t e m d s : i t e m I D = " { 7 A 2 4 3 0 0 1 - F E E 2 - 4 7 3 9 - A 6 E B - F F D 4 8 A 3 5 9 4 E D } " x m l n s : d s = " h t t p : / / s c h e m a s . o p e n x m l f o r m a t s . o r g / o f f i c e D o c u m e n t / 2 0 0 6 / c u s t o m X m l " > < d s : s c h e m a R e f s > < d s : s c h e m a R e f d s : u r i = " h t t p : / / s c h e m a s . o p e n |
Data Raw: | 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 20 73 74 61 6e 64 61 6c 6f 6e 65 3d 22 6e 6f 22 3f 3e 0d 0a 3c 64 73 3a 64 61 74 61 73 74 6f 72 65 49 74 65 6d 20 64 73 3a 69 74 65 6d 49 44 3d 22 7b 37 41 32 34 33 30 30 31 2d 46 45 45 32 2d 34 37 33 39 2d 41 36 45 42 2d 46 46 44 34 38 41 33 35 39 34 45 44 7d 22 20 78 6d 6c |
Stream Path: WordDocument, File Type: data, Stream Size: 156073 |
---|
General | |
---|---|
Stream Path: | WordDocument |
File Type: | data |
Stream Size: | 156073 |
Entropy: | 7.87028968837 |
Base64 Encoded: | True |
Data ASCII: | . . . . [ . . . . . . . . . . . . . . . . . . . . . . . . - . . . . b j b j . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . n . . . . . . . n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . |
Data Raw: | ec a5 c1 00 5b 80 09 04 00 00 f8 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 db 2d 00 00 0e 00 62 6a 62 6a ac fa ac fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 16 00 a9 61 02 00 ce 90 01 00 ce 90 01 00 db 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 7, 2016 12:46:49.272285938 CEST | 55511 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:46:49.952840090 CEST | 53 | 55511 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:46:49.991893053 CEST | 55160 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:46:50.554362059 CEST | 53 | 55160 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:46:50.557013988 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:50.557069063 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:50.557212114 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:50.558581114 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:50.558615923 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.622020960 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.622703075 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.622725010 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.622854948 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.622890949 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.631259918 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.631280899 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.631498098 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.631541014 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.633363962 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.633387089 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.633574963 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.633609056 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.644187927 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.644222975 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.644234896 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.644403934 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.644438982 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.644572973 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.644589901 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.644697905 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.644717932 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.644732952 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.644747019 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.644818068 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.649797916 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.649820089 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.649832010 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.650011063 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.650046110 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.655255079 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.655277967 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.655406952 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.655422926 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.655430079 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.655447006 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.655463934 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.655831099 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.658982038 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.659025908 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.659037113 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.659203053 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.665725946 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.665749073 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.665756941 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.665967941 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.666286945 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.666570902 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.666588068 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.666733980 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.666765928 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.667668104 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.667690992 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.667705059 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.667831898 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.667860031 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.667983055 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.667999983 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.668101072 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.668124914 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.669154882 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.669177055 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.669224024 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.669368029 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.669403076 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.681157112 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.681179047 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.681391001 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.681423903 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.682431936 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.682449102 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.682461023 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.682642937 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.682677031 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.688311100 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.688327074 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.688527107 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.688560963 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.691612959 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.691634893 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.691797018 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.691831112 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.696264029 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.696285963 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.696500063 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.696533918 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.696751118 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.696769953 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.696778059 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.696880102 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.696906090 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.701015949 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.701036930 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.701236963 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.701271057 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.708168030 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.708189964 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.708353996 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.708386898 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.711541891 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.711563110 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.711759090 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.711793900 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.711908102 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.711926937 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.712054968 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.712081909 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.717297077 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.717319012 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.717514992 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.717550039 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.747659922 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.747685909 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.747838020 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.747858047 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.747862101 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.747869015 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.747890949 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.748034000 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.748054981 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.748064995 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.748215914 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.748253107 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.847417116 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.847443104 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.847459078 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.847470045 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.847599983 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.847659111 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.847690105 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.847786903 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.847807884 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.847939014 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.847968102 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.947204113 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.947231054 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.947249889 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.947266102 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.947277069 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:51.947454929 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:51.947494984 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.047605991 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.047632933 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.047810078 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.047818899 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.047838926 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.047854900 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.047875881 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.047957897 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.147242069 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.147447109 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.147468090 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.147485971 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.147500992 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.147613049 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.147636890 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.147677898 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.147722006 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.147739887 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.147804976 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.147821903 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.247095108 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.247117043 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.247127056 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.247196913 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.247214079 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.247296095 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.247304916 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.247376919 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.247395039 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.347630024 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.347652912 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.347660065 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.347665071 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.347702026 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.347798109 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.347810030 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.347846031 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.347879887 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.348850012 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.447092056 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.447256088 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.447273016 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.447288990 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.447308064 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.447396040 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.447432995 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.547621012 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.547642946 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.547759056 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.547774076 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.547781944 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.547877073 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.547914028 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.647187948 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.647209883 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.647218943 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.647228956 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.647237062 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.647361994 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.647377014 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.647381067 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.647412062 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.647830963 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.747642994 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.747762918 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.747778893 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.747867107 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.747880936 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.747889042 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.747890949 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.747920036 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.748405933 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.847249031 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.847276926 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.847286940 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.847387075 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.847403049 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.847429991 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.847455978 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.847501993 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.847515106 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.847640038 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.847660065 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.947936058 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.947964907 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.947979927 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.947995901 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.948025942 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:52.948122025 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:52.948143005 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.047274113 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.047298908 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.047355890 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.047478914 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.047493935 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.047509909 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:53.047558069 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.048034906 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:53.146912098 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.147125006 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.147142887 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.147156954 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.147166967 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.147296906 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.147313118 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.147325039 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.147361994 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:46:53.147480965 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:53.147804976 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:53.148402929 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 |
Sep 7, 2016 12:46:53.148438931 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 |
Sep 7, 2016 12:48:23.267086983 CEST | 52026 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:48:24.252248049 CEST | 52026 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:48:25.252137899 CEST | 52026 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:48:27.251607895 CEST | 52026 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:48:28.801621914 CEST | 53 | 52026 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:48:28.801681042 CEST | 53 | 52026 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:48:28.801707983 CEST | 53 | 52026 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:48:28.801733017 CEST | 53 | 52026 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:48:28.820525885 CEST | 50819 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:48:29.553364038 CEST | 53 | 50819 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:48:29.557323933 CEST | 49207 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:48:29.557363033 CEST | 443 | 49207 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:48:29.557435989 CEST | 49207 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:48:29.561882973 CEST | 49207 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:48:29.561906099 CEST | 443 | 49207 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:48:30.691936016 CEST | 443 | 49207 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:48:30.691963911 CEST | 443 | 49207 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:48:30.691970110 CEST | 443 | 49207 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:48:30.692186117 CEST | 49207 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:48:30.692841053 CEST | 49207 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:48:30.692857981 CEST | 443 | 49207 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:48:30.693367004 CEST | 443 | 49207 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:48:30.892102957 CEST | 49207 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:48:31.229574919 CEST | 49207 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:48:31.267559052 CEST | 443 | 49207 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:49:31.391961098 CEST | 443 | 49207 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:49:31.595673084 CEST | 49207 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:49:31.595727921 CEST | 443 | 49207 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:49:31.597006083 CEST | 49207 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:49:31.597033978 CEST | 443 | 49207 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:49:31.597173929 CEST | 49207 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:49:31.597255945 CEST | 443 | 49207 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:49:31.597362995 CEST | 49207 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:49:34.678656101 CEST | 60494 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:49:35.560075045 CEST | 53 | 60494 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:49:35.574203014 CEST | 56568 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:49:36.557745934 CEST | 53 | 56568 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:49:36.559885025 CEST | 49208 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:49:36.559978008 CEST | 443 | 49208 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:49:36.560144901 CEST | 49208 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:49:36.561003923 CEST | 49208 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:49:36.561027050 CEST | 443 | 49208 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:49:37.640783072 CEST | 443 | 49208 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:49:37.640808105 CEST | 443 | 49208 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:49:37.640816927 CEST | 443 | 49208 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:49:37.640970945 CEST | 49208 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:49:37.641995907 CEST | 49208 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:49:37.642023087 CEST | 443 | 49208 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:49:37.643307924 CEST | 443 | 49208 | 85.90.53.159 | 192.168.1.22 |
Sep 7, 2016 12:49:37.666043043 CEST | 49208 | 443 | 192.168.1.22 | 85.90.53.159 |
Sep 7, 2016 12:49:37.703563929 CEST | 443 | 49208 | 85.90.53.159 | 192.168.1.22 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 7, 2016 12:46:49.272285938 CEST | 55511 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:46:49.952840090 CEST | 53 | 55511 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:46:49.991893053 CEST | 55160 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:46:50.554362059 CEST | 53 | 55160 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:48:23.267086983 CEST | 52026 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:48:24.252248049 CEST | 52026 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:48:25.252137899 CEST | 52026 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:48:27.251607895 CEST | 52026 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:48:28.801621914 CEST | 53 | 52026 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:48:28.801681042 CEST | 53 | 52026 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:48:28.801707983 CEST | 53 | 52026 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:48:28.801733017 CEST | 53 | 52026 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:48:28.820525885 CEST | 50819 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:48:29.553364038 CEST | 53 | 50819 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:49:34.678656101 CEST | 60494 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:49:35.560075045 CEST | 53 | 60494 | 8.8.8.8 | 192.168.1.22 |
Sep 7, 2016 12:49:35.574203014 CEST | 56568 | 53 | 192.168.1.22 | 8.8.8.8 |
Sep 7, 2016 12:49:36.557745934 CEST | 53 | 56568 | 8.8.8.8 | 192.168.1.22 |
ICMP Packets |
---|
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Sep 7, 2016 12:48:28.803469896 CEST | 192.168.1.22 | 8.8.8.8 | cf1a | (Port unreachable) | Destination Unreachable |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 7, 2016 12:46:49.272285938 CEST | 192.168.1.22 | 8.8.8.8 | 0xb2d4 | Standard query (0) | www.diefenbachgymnasium.at | A (IP address) | IN (0x0001) |
Sep 7, 2016 12:46:49.991893053 CEST | 192.168.1.22 | 8.8.8.8 | 0x7f9a | Standard query (0) | www.diefenbachgymnasium.at | A (IP address) | IN (0x0001) |
Sep 7, 2016 12:48:23.267086983 CEST | 192.168.1.22 | 8.8.8.8 | 0xd841 | Standard query (0) | www.multipassplus.eu | A (IP address) | IN (0x0001) |
Sep 7, 2016 12:48:24.252248049 CEST | 192.168.1.22 | 8.8.8.8 | 0xd841 | Standard query (0) | www.multipassplus.eu | A (IP address) | IN (0x0001) |
Sep 7, 2016 12:48:25.252137899 CEST | 192.168.1.22 | 8.8.8.8 | 0xd841 | Standard query (0) | www.multipassplus.eu | A (IP address) | IN (0x0001) |
Sep 7, 2016 12:48:27.251607895 CEST | 192.168.1.22 | 8.8.8.8 | 0xd841 | Standard query (0) | www.multipassplus.eu | A (IP address) | IN (0x0001) |
Sep 7, 2016 12:48:28.820525885 CEST | 192.168.1.22 | 8.8.8.8 | 0x63fe | Standard query (0) | www.multipassplus.eu | A (IP address) | IN (0x0001) |
Sep 7, 2016 12:49:34.678656101 CEST | 192.168.1.22 | 8.8.8.8 | 0x61fb | Standard query (0) | www.multipassplus.eu | A (IP address) | IN (0x0001) |
Sep 7, 2016 12:49:35.574203014 CEST | 192.168.1.22 | 8.8.8.8 | 0xd2b6 | Standard query (0) | www.multipassplus.eu | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Replay Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 7, 2016 12:46:49.952840090 CEST | 8.8.8.8 | 192.168.1.22 | 0xb2d4 | No error (0) | www.diefenbachgymnasium.at | 176.9.16.213 | A (IP address) | IN (0x0001) | |
Sep 7, 2016 12:46:50.554362059 CEST | 8.8.8.8 | 192.168.1.22 | 0x7f9a | No error (0) | www.diefenbachgymnasium.at | 176.9.16.213 | A (IP address) | IN (0x0001) | |
Sep 7, 2016 12:48:28.801621914 CEST | 8.8.8.8 | 192.168.1.22 | 0xd841 | No error (0) | www.multipassplus.eu | 85.90.53.159 | A (IP address) | IN (0x0001) | |
Sep 7, 2016 12:48:28.801681042 CEST | 8.8.8.8 | 192.168.1.22 | 0xd841 | No error (0) | www.multipassplus.eu | 85.90.53.159 | A (IP address) | IN (0x0001) | |
Sep 7, 2016 12:48:28.801707983 CEST | 8.8.8.8 | 192.168.1.22 | 0xd841 | No error (0) | www.multipassplus.eu | 85.90.53.159 | A (IP address) | IN (0x0001) | |
Sep 7, 2016 12:48:28.801733017 CEST | 8.8.8.8 | 192.168.1.22 | 0xd841 | No error (0) | www.multipassplus.eu | 85.90.53.159 | A (IP address) | IN (0x0001) | |
Sep 7, 2016 12:48:29.553364038 CEST | 8.8.8.8 | 192.168.1.22 | 0x63fe | No error (0) | www.multipassplus.eu | 85.90.53.159 | A (IP address) | IN (0x0001) | |
Sep 7, 2016 12:49:35.560075045 CEST | 8.8.8.8 | 192.168.1.22 | 0x61fb | No error (0) | www.multipassplus.eu | 85.90.53.159 | A (IP address) | IN (0x0001) | |
Sep 7, 2016 12:49:36.557745934 CEST | 8.8.8.8 | 192.168.1.22 | 0xd2b6 | No error (0) | www.multipassplus.eu | 85.90.53.159 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Header | Total Bytes Transfered (KB) |
---|---|---|---|---|---|---|
Sep 7, 2016 12:46:50.558581114 CEST | 49206 | 80 | 192.168.1.22 | 176.9.16.213 | 87 | |
Sep 7, 2016 12:46:51.622020960 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 88 | |
Sep 7, 2016 12:46:51.622703075 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 89 | |
Sep 7, 2016 12:46:51.622725010 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 91 | |
Sep 7, 2016 12:46:51.622890949 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 91 | |
Sep 7, 2016 12:46:51.631259918 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 93 | |
Sep 7, 2016 12:46:51.631280899 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 94 | |
Sep 7, 2016 12:46:51.631541014 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 95 | |
Sep 7, 2016 12:46:51.633363962 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 96 | |
Sep 7, 2016 12:46:51.633387089 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 98 | |
Sep 7, 2016 12:46:51.633609056 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 99 | |
Sep 7, 2016 12:46:51.644187927 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 100 | |
Sep 7, 2016 12:46:51.644222975 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 102 | |
Sep 7, 2016 12:46:51.644234896 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 103 | |
Sep 7, 2016 12:46:51.644438982 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 104 | |
Sep 7, 2016 12:46:51.644572973 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 106 | |
Sep 7, 2016 12:46:51.644589901 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 107 | |
Sep 7, 2016 12:46:51.644717932 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 109 | |
Sep 7, 2016 12:46:51.644732952 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 110 | |
Sep 7, 2016 12:46:51.644747019 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 111 | |
Sep 7, 2016 12:46:51.649797916 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 113 | |
Sep 7, 2016 12:46:51.649820089 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 114 | |
Sep 7, 2016 12:46:51.649832010 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 115 | |
Sep 7, 2016 12:46:51.650046110 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 116 | |
Sep 7, 2016 12:46:51.655255079 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 117 | |
Sep 7, 2016 12:46:51.655277967 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 119 | |
Sep 7, 2016 12:46:51.655406952 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 120 | |
Sep 7, 2016 12:46:51.655422926 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 122 | |
Sep 7, 2016 12:46:51.655447006 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 123 | |
Sep 7, 2016 12:46:51.655463934 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 124 | |
Sep 7, 2016 12:46:51.658982038 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 126 | |
Sep 7, 2016 12:46:51.659025908 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 127 | |
Sep 7, 2016 12:46:51.659037113 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 128 | |
Sep 7, 2016 12:46:51.665725946 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 129 | |
Sep 7, 2016 12:46:51.665749073 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 131 | |
Sep 7, 2016 12:46:51.665756941 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 132 | |
Sep 7, 2016 12:46:51.666286945 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 132 | |
Sep 7, 2016 12:46:51.666570902 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 134 | |
Sep 7, 2016 12:46:51.666588068 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 135 | |
Sep 7, 2016 12:46:51.666765928 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 136 | |
Sep 7, 2016 12:46:51.667668104 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 137 | |
Sep 7, 2016 12:46:51.667690992 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 139 | |
Sep 7, 2016 12:46:51.667705059 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 140 | |
Sep 7, 2016 12:46:51.667860031 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 141 | |
Sep 7, 2016 12:46:51.667983055 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 142 | |
Sep 7, 2016 12:46:51.667999983 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 144 | |
Sep 7, 2016 12:46:51.668124914 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 144 | |
Sep 7, 2016 12:46:51.669154882 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 146 | |
Sep 7, 2016 12:46:51.669177055 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 147 | |
Sep 7, 2016 12:46:51.669224024 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 149 | |
Sep 7, 2016 12:46:51.669403076 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 149 | |
Sep 7, 2016 12:46:51.681157112 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 150 | |
Sep 7, 2016 12:46:51.681179047 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 152 | |
Sep 7, 2016 12:46:51.681423903 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 152 | |
Sep 7, 2016 12:46:51.682431936 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 154 | |
Sep 7, 2016 12:46:51.682449102 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 155 | |
Sep 7, 2016 12:46:51.682461023 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 157 | |
Sep 7, 2016 12:46:51.682677031 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 157 | |
Sep 7, 2016 12:46:51.688311100 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 159 | |
Sep 7, 2016 12:46:51.688327074 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 160 | |
Sep 7, 2016 12:46:51.688560963 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 161 | |
Sep 7, 2016 12:46:51.691612959 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 162 | |
Sep 7, 2016 12:46:51.691634893 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 164 | |
Sep 7, 2016 12:46:51.691831112 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 165 | |
Sep 7, 2016 12:46:51.696264029 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 166 | |
Sep 7, 2016 12:46:51.696285963 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 168 | |
Sep 7, 2016 12:46:51.696533918 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 169 | |
Sep 7, 2016 12:46:51.696751118 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 170 | |
Sep 7, 2016 12:46:51.696769953 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 172 | |
Sep 7, 2016 12:46:51.696778059 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 173 | |
Sep 7, 2016 12:46:51.696906090 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 174 | |
Sep 7, 2016 12:46:51.701015949 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 175 | |
Sep 7, 2016 12:46:51.701036930 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 177 | |
Sep 7, 2016 12:46:51.701271057 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 177 | |
Sep 7, 2016 12:46:51.708168030 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 179 | |
Sep 7, 2016 12:46:51.708189964 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 180 | |
Sep 7, 2016 12:46:51.708386898 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 181 | |
Sep 7, 2016 12:46:51.711541891 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 183 | |
Sep 7, 2016 12:46:51.711563110 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 184 | |
Sep 7, 2016 12:46:51.711793900 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 185 | |
Sep 7, 2016 12:46:51.711908102 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 187 | |
Sep 7, 2016 12:46:51.711926937 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 188 | |
Sep 7, 2016 12:46:51.712081909 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 190 | |
Sep 7, 2016 12:46:51.717297077 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 191 | |
Sep 7, 2016 12:46:51.717319012 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 192 | |
Sep 7, 2016 12:46:51.717550039 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 194 | |
Sep 7, 2016 12:46:51.747659922 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 195 | |
Sep 7, 2016 12:46:51.747685909 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 197 | |
Sep 7, 2016 12:46:51.747838020 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 198 | |
Sep 7, 2016 12:46:51.747858047 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 200 | |
Sep 7, 2016 12:46:51.747869015 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 201 | |
Sep 7, 2016 12:46:51.747890949 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 202 | |
Sep 7, 2016 12:46:51.748034000 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 203 | |
Sep 7, 2016 12:46:51.748054981 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 205 | |
Sep 7, 2016 12:46:51.748064995 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 206 | |
Sep 7, 2016 12:46:51.748253107 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 206 | |
Sep 7, 2016 12:46:51.847417116 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 208 | |
Sep 7, 2016 12:46:51.847443104 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 209 | |
Sep 7, 2016 12:46:51.847459078 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 211 | |
Sep 7, 2016 12:46:51.847470045 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 212 | |
Sep 7, 2016 12:46:51.847599983 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 214 | |
Sep 7, 2016 12:46:51.847690105 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 215 | |
Sep 7, 2016 12:46:51.847786903 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 216 | |
Sep 7, 2016 12:46:51.847807884 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 218 | |
Sep 7, 2016 12:46:51.847968102 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 218 | |
Sep 7, 2016 12:46:51.947204113 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 220 | |
Sep 7, 2016 12:46:51.947231054 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 221 | |
Sep 7, 2016 12:46:51.947249889 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 223 | |
Sep 7, 2016 12:46:51.947266102 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 224 | |
Sep 7, 2016 12:46:51.947277069 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 226 | |
Sep 7, 2016 12:46:51.947494984 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 226 | |
Sep 7, 2016 12:46:52.047605991 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 228 | |
Sep 7, 2016 12:46:52.047632933 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 229 | |
Sep 7, 2016 12:46:52.047818899 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 231 | |
Sep 7, 2016 12:46:52.047838926 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 232 | |
Sep 7, 2016 12:46:52.047854900 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 234 | |
Sep 7, 2016 12:46:52.047875881 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 234 | |
Sep 7, 2016 12:46:52.147242069 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 236 | |
Sep 7, 2016 12:46:52.147447109 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 237 | |
Sep 7, 2016 12:46:52.147468090 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 239 | |
Sep 7, 2016 12:46:52.147485971 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 240 | |
Sep 7, 2016 12:46:52.147500992 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 241 | |
Sep 7, 2016 12:46:52.147636890 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 243 | |
Sep 7, 2016 12:46:52.147722006 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 244 | |
Sep 7, 2016 12:46:52.147739887 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 246 | |
Sep 7, 2016 12:46:52.147821903 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 246 | |
Sep 7, 2016 12:46:52.247095108 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 248 | |
Sep 7, 2016 12:46:52.247117043 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 249 | |
Sep 7, 2016 12:46:52.247127056 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 251 | |
Sep 7, 2016 12:46:52.247214079 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 251 | |
Sep 7, 2016 12:46:52.247296095 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 253 | |
Sep 7, 2016 12:46:52.247304916 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 254 | |
Sep 7, 2016 12:46:52.247395039 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 256 | |
Sep 7, 2016 12:46:52.347630024 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 257 | |
Sep 7, 2016 12:46:52.347652912 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 259 | |
Sep 7, 2016 12:46:52.347660065 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 260 | |
Sep 7, 2016 12:46:52.347665071 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 261 | |
Sep 7, 2016 12:46:52.347702026 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 263 | |
Sep 7, 2016 12:46:52.347798109 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 264 | |
Sep 7, 2016 12:46:52.347810030 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 266 | |
Sep 7, 2016 12:46:52.347879887 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 267 | |
Sep 7, 2016 12:46:52.447092056 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 268 | |
Sep 7, 2016 12:46:52.447256088 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 270 | |
Sep 7, 2016 12:46:52.447273016 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 271 | |
Sep 7, 2016 12:46:52.447288990 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 273 | |
Sep 7, 2016 12:46:52.447308064 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 274 | |
Sep 7, 2016 12:46:52.447432995 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 275 | |
Sep 7, 2016 12:46:52.547621012 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 277 | |
Sep 7, 2016 12:46:52.547642946 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 278 | |
Sep 7, 2016 12:46:52.547759056 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 280 | |
Sep 7, 2016 12:46:52.547774076 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 281 | |
Sep 7, 2016 12:46:52.547781944 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 283 | |
Sep 7, 2016 12:46:52.547914028 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 284 | |
Sep 7, 2016 12:46:52.647187948 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 285 | |
Sep 7, 2016 12:46:52.647209883 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 287 | |
Sep 7, 2016 12:46:52.647218943 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 288 | |
Sep 7, 2016 12:46:52.647228956 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 289 | |
Sep 7, 2016 12:46:52.647237062 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 291 | |
Sep 7, 2016 12:46:52.647361994 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 292 | |
Sep 7, 2016 12:46:52.647377014 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 294 | |
Sep 7, 2016 12:46:52.647412062 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 295 | |
Sep 7, 2016 12:46:52.747642994 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 296 | |
Sep 7, 2016 12:46:52.747762918 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 298 | |
Sep 7, 2016 12:46:52.747778893 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 299 | |
Sep 7, 2016 12:46:52.747867107 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 301 | |
Sep 7, 2016 12:46:52.747880936 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 302 | |
Sep 7, 2016 12:46:52.747889042 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 304 | |
Sep 7, 2016 12:46:52.747920036 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 304 | |
Sep 7, 2016 12:46:52.847249031 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 306 | |
Sep 7, 2016 12:46:52.847276926 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 307 | |
Sep 7, 2016 12:46:52.847286940 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 308 | |
Sep 7, 2016 12:46:52.847387075 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 310 | |
Sep 7, 2016 12:46:52.847403049 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 311 | |
Sep 7, 2016 12:46:52.847455978 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 312 | |
Sep 7, 2016 12:46:52.847501993 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 314 | |
Sep 7, 2016 12:46:52.847515106 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 315 | |
Sep 7, 2016 12:46:52.847660065 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 316 | |
Sep 7, 2016 12:46:52.947936058 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 317 | |
Sep 7, 2016 12:46:52.947964907 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 319 | |
Sep 7, 2016 12:46:52.947979927 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 320 | |
Sep 7, 2016 12:46:52.947995901 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 322 | |
Sep 7, 2016 12:46:52.948025942 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 323 | |
Sep 7, 2016 12:46:52.948143005 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 324 | |
Sep 7, 2016 12:46:53.047274113 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 325 | |
Sep 7, 2016 12:46:53.047298908 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 327 | |
Sep 7, 2016 12:46:53.047355890 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 328 | |
Sep 7, 2016 12:46:53.047478914 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 330 | |
Sep 7, 2016 12:46:53.047493935 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 331 | |
Sep 7, 2016 12:46:53.047558069 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 333 | |
Sep 7, 2016 12:46:53.146912098 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 334 | |
Sep 7, 2016 12:46:53.147125006 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 335 | |
Sep 7, 2016 12:46:53.147142887 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 337 | |
Sep 7, 2016 12:46:53.147156954 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 338 | |
Sep 7, 2016 12:46:53.147166967 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 340 | |
Sep 7, 2016 12:46:53.147296906 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 341 | |
Sep 7, 2016 12:46:53.147313118 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 343 | |
Sep 7, 2016 12:46:53.147325039 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 344 | |
Sep 7, 2016 12:46:53.147361994 CEST | 80 | 49206 | 176.9.16.213 | 192.168.1.22 | 344 |
HTTPS Proxied Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Header / Data | Total Bytes Transfered (KB) |
---|---|---|---|---|---|---|
2016-09-07 10:48:31 UTC | 49207 | 443 | 192.168.1.22 | 85.90.53.159 | 0 | |
2016-09-07 10:49:31 UTC | 443 | 49207 | 85.90.53.159 | 192.168.1.22 | 0 | |
2016-09-07 10:49:31 UTC | 443 | 49207 | 85.90.53.159 | 192.168.1.22 | 0 | |
2016-09-07 10:49:37 UTC | 49208 | 443 | 192.168.1.22 | 85.90.53.159 | 0 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 12:43:01 |
Start date: | 07/09/2016 |
Path: | C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | unknown |
Imagebase: | 0x12a0000 |
File size: | 1937600 bytes |
MD5 hash: | 011578BCF2A97BCFF94E13D68FD1B8F1 |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 12:44:00 |
Start date: | 07/09/2016 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | rundll32.exe C:\Users\paula\AppData\Roaming\Adobe\AIR\azgyrfhy.dat #2 |
Imagebase: | 0x8c0000 |
File size: | 44544 bytes |
MD5 hash: | 51138BEEA3E2C21EC44D0932C71762A8 |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 12:45:21 |
Start date: | 07/09/2016 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | rundll32 C:\Users\paula\AppData\Roaming\Adobe\AIR\azgyrfhy.dat #2 |
Imagebase: | 0x8c0000 |
File size: | 44544 bytes |
MD5 hash: | 51138BEEA3E2C21EC44D0932C71762A8 |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 8.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 23.5% |
Total number of Nodes: | 170 |
Total number of Limit Nodes: | 1 |
Graph
Executed Functions |
---|
C-Code - Quality: 75% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 83% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Execution Graph |
---|
Execution Coverage: | 1.9% |
Dynamic/Decrypted Code Coverage: | 82.1% |
Signature Coverage: | 27.5% |
Total number of Nodes: | 425 |
Total number of Limit Nodes: | 27 |
Graph
Executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 76% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 83% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 23% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 54% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 25% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 21% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 16% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 53% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 45% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 50% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 50% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 40% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 21% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|