Windows
Analysis Report
Purchase Order.xla.xlsx
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
EXCEL.EXE (PID: 7148 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) splwow64.exe (PID: 4468 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
EXCEL.EXE (PID: 3652 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\P urchase Or der.xla.xl sx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
System Summary |
---|
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-07T19:32:48.580774+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.6 | 49698 | 13.107.246.60 | 443 | TCP |
2025-03-07T19:32:56.829202+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.6 | 49700 | 13.107.246.60 | 443 | TCP |
2025-03-07T19:32:56.874999+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.6 | 49699 | 13.107.246.60 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: |
Source: | OLE indicator, VBA macros: |
Source: | Stream path 'MBD0026E067/\x1Ole' : | ||
Source: | Stream path 'MBD0026E067/\x1Ole' : |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Window title found: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'MBD0026E066/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: | ||
Source: | Stream path 'Package' entropy: | ||
Source: | Stream path 'MBD0026E066/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Source: | Window / User API: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
43% | Virustotal | Browse | ||
37% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 | ||
100% | Avira | W97M/AVI.Agent.nvusu |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
link.orai.io | 104.26.0.139 | true | false | high | |
st3.pro | 5.161.200.29 | true | false | high | |
s-0005.dual-s-msedge.net | 52.123.129.14 | true | false | high | |
s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | high | |
otelrules.svc.static.microsoft | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false |
| unknown | |
false | high | ||
false | high | ||
false | high | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.26.0.139 | link.orai.io | United States | 13335 | CLOUDFLARENETUS | false | |
5.161.200.29 | st3.pro | Germany | 24940 | HETZNER-ASDE | false | |
13.107.246.60 | s-part-0032.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1632080 |
Start date and time: | 2025-03-07 19:30:20 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 29s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Without Instrumentation |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Purchase Order.xla.xlsx |
Detection: | MAL |
Classification: | mal60.winXLSX@4/9@3/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, WMIADA P.exe, conhost.exe, svchost.ex e - Excluded IPs from analysis (wh
itelisted): 52.109.76.240, 23. 60.203.209, 52.109.28.47, 20.1 89.173.24, 52.109.32.97, 20.42 .72.131, 52.123.129.14, 20.190 .159.130 - Excluded domains from analysis
(whitelisted): fs-wildcard.mi crosoft.com.edgekey.net, fs-wi ldcard.microsoft.com.edgekey.n et.globalredir.akadns.net, eur .roaming1.live.com.akadns.net, mobile.events.data.microsoft. com, roaming.officeapps.live.c om, dual-s-0005-office.config. skype.com, login.live.com, off iceclient.microsoft.com, prod. fs.microsoft.com.akadns.net, u kw-azsc-config.officeapps.live .com, c.pki.goog, ecs.office.c om, self-events-data.trafficma nager.net, fs.microsoft.com, p rod.configsvc1.live.com.akadns .net, self.events.data.microso ft.com, ctldl.windowsupdate.co m, prod.roaming1.live.com.akad ns.net, osiprod-uks-buff-azsc- 000.uksouth.cloudapp.azure.com , neu-azsc-config.officeapps.l ive.com, uks-azsc-000.roaming. officeapps.live.com, config.of ficeapps.live.com, e16604.f.ak amaiedge.net, onedscolprdeus00 .eastus.cloudapp.azure.com, on edscolprdwus23.westus.cloudapp .azure.com, ecs.office.traffic manager.net, europe.configsvc1 .live.com.akadns.net, mobile.e vents.data.trafficmanager.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
Time | Type | Description |
---|---|---|
13:32:40 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.26.0.139 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
5.161.200.29 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
13.107.246.60 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
link.orai.io | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
st3.pro | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
HETZNER-ASDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer, PureLog Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
|
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 118 |
Entropy (8bit): | 3.5700810731231707 |
Encrypted: | false |
SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
MD5: | 573220372DA4ED487441611079B623CD |
SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 784 |
Entropy (8bit): | 2.7137690747287806 |
Encrypted: | false |
SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
MD5: | 09F73B3902CD3D88E04312787956B654 |
SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1056768 |
Entropy (8bit): | 7.965377006992582 |
Encrypted: | false |
SSDEEP: | 24576:zuCwF0EtC90qOU48EOIb7QaXtA3hK40UY86TyJIwg:sq4bcLY+zg |
MD5: | 5159CB0F8AE2538FEB7A535169339A88 |
SHA1: | D51A02FDD2D7EDEC2D73A853ED42A339814D29FF |
SHA-256: | B3E7FA8416E2F6E8B5019DEE679195325B499C26944173E25A61FE99827AB0C8 |
SHA-512: | 090EFA712CF9D323BD222AAB9433DCD3BAD2A508AAA455102EB48C5BC05121B3DF1CC4F73406B4511CF9D1D68B2AC2614A93BFF33C57A4300EB82AB04BACE2F9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1077248 |
Entropy (8bit): | 7.937097366046363 |
Encrypted: | false |
SSDEEP: | 24576:guCwF0EtC90qOU48EOIb7QaXtA3hK40UY86TyJIwg:/q4bcLY+zg |
MD5: | AA4B54FA8A957960AC89E49DF93B551D |
SHA1: | 4FC8E436DD1AD37D5A139BD0E716389A6144E58E |
SHA-256: | FA3AE06A6F6D3CF594140B7EDC4B44B9C9F55FC8A5107A520C15EE16CAB879AF |
SHA-512: | 17BBC892AB556A8ABA425D070EB08021F761C9B5B0FA18820711C6ABE53E8F0ED1E4DCAC3AC850C864F5BD0A93B1547D5537D02A358EE744BF9FCD3BDBD2CFFC |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1343488 |
Entropy (8bit): | 7.989247598537048 |
Encrypted: | false |
SSDEEP: | 24576:euCwF0EtC90qOU48EOIb7QaXtA3hK40UY86TyJIwgB6Ffw:hq4bcLY+zgA |
MD5: | 8AB286D4DD1C170892739E3102A958D5 |
SHA1: | D70138FD1E50918D6E68E9693EB74CB6FD8716DA |
SHA-256: | 6DAFE2B2DDC52F0BB1A0BEA104FEFB4E3EF7F82AF89E711FFC5152C74760522B |
SHA-512: | 40E06F1EFD187E9926ED60A7DD8420394E1FDE0079A1D7D29085AD086674B06FBF03BC259DA69E3277F0912B35D87173166A1C0E89ED56871ED73025A7B08A25 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1343488 |
Entropy (8bit): | 7.989247598537048 |
Encrypted: | false |
SSDEEP: | 24576:euCwF0EtC90qOU48EOIb7QaXtA3hK40UY86TyJIwgB6Ffw:hq4bcLY+zgA |
MD5: | 8AB286D4DD1C170892739E3102A958D5 |
SHA1: | D70138FD1E50918D6E68E9693EB74CB6FD8716DA |
SHA-256: | 6DAFE2B2DDC52F0BB1A0BEA104FEFB4E3EF7F82AF89E711FFC5152C74760522B |
SHA-512: | 40E06F1EFD187E9926ED60A7DD8420394E1FDE0079A1D7D29085AD086674B06FBF03BC259DA69E3277F0912B35D87173166A1C0E89ED56871ED73025A7B08A25 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.610853976637159 |
Encrypted: | false |
SSDEEP: | 3:iXFQLjLlAWFd:97 |
MD5: | CA2C2DB316A89F044206082EEB3A366E |
SHA1: | B1B7DFF94B991B26093AA29BF3793DDE245412E1 |
SHA-256: | 12393F1035745AD02C149920E37AFFE459CD0448A2AFEE25C1FABA8060758FF7 |
SHA-512: | 66BC8C779431737A3FA00AF7697C299BC473B6FD22D48914986821DA7C0AB90554D32F7F2B471EAB5410F9C0DE7E076F4D6DEDDCCE1948818F7781DAE9EDEBE7 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.980127087808385 |
TrID: |
|
File name: | Purchase Order.xla.xlsx |
File size: | 1'231'360 bytes |
MD5: | dad37e3090b45447788f8175d0d25a67 |
SHA1: | be59341ac2a206ddc30a67bdb8951a792a690b96 |
SHA256: | fc49f63b65f6ec5493e8ac495c22e1ac56ced2531cdbe24c37be758723695c53 |
SHA512: | 7780cef11801ccad2ab86ef47bb2b5d7f48268935a75c36d2fd6dc1e3e08b8fa0fc2a504e5ebe63971bdd73210ed5e54ed6a32f0b6b045f266968be21ad1817c |
SSDEEP: | 24576:xJIwgbtTgdAnIOXR8YhbBWvdp8tLUWBMDcPrhU3Vjo+nQFSMCxpVGWT:xzgZTcM8YkpwLUwhyo+nKSfzVGWT |
TLSH: | 534523E4ED947E02CF4B867A5B4AD41E9427FE4E3349900B3134775A063BA7C46F6A0E |
File Content Preview: | ........................>...............................................................................................................y.......{.............................................................................................................. |
Icon Hash: | 35e58a8c0c8a85b9 |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2025-03-06 02:58:22 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c da a3 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c f9 12 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c 9c 8a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c 95 85 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.226575879994164 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . C . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD0026E066/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 99 |
Entropy: | 3.631242196770981 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD0026E066/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 919251 |
Entropy: | 7.992716595778883 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . h . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 d5 68 cd d7 f9 01 00 00 da 08 00 00 13 00 c4 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c0 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD0026E067/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 984 |
Entropy: | 5.527672040042076 |
Base64 Encoded: | True |
Data ASCII: | . . . . o . 0 . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . l . i . n . k . . . o . r . a . i . . . i . o . / . b . D . t . O . t . A . ? . & . d . i . s . a . s . t . e . r . = . v . o . l . a . t . i . l . e . & . c . h . i . p . m . u . n . k . = . d . i . z . z . y . & . a . l . a . r . m . = . o . b . s . e . r . v . a . n . t . & . t . u . t . u . . . 7 C P . . H . ? . Y . 4 u ? K . D 0 . . n 2 . b [ 2 . K , O . > a a % A . Y P j . @ . g n < . r " K \\ . * ( * . B . |
Data Raw: | 01 00 00 02 83 9a f6 6f da 0f ac 30 00 00 00 00 00 00 00 00 00 00 00 00 9e 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 9a 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6c 00 69 00 6e 00 6b 00 2e 00 6f 00 72 00 61 00 69 00 2e 00 69 00 6f 00 2f 00 62 00 44 00 74 00 4f 00 74 00 41 00 3f 00 26 00 64 00 69 00 73 00 61 00 73 00 74 00 65 00 72 00 3d 00 76 00 6f 00 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 287688 |
Entropy: | 7.998293666295266 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . . n A @ . l O 6 o 4 Q * . 1 G y K i T J ( ( Z . . . . . . . . . . . . . . . \\ . p . . 1 . 2 . T . 1 . . k ; ] t . f a . . f , > . m " . ) . z . k + ? ~ ) 6 o . K p . . . b H t O } . . O D + . K B . ; b P B . . . E a . . . j & . . . = . . . . u b T & . . . J ~ % y . . q + . . . : . . . . . . . . . . . . u . . . n . . . K . = . . . . E _ x ; q ) . . @ . . . . . . . . . " . . . ? s . . . . } . . . k . . . $ 1 . . . . + \\ . \\ A 1 { 1 . ; n 2 % D ( 1 . . . 6 |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 e9 e7 0e ff 9c dd 6e 41 40 ae d1 a1 6c 4f 36 6f bc e1 34 b6 c5 f6 f4 51 2a 08 8d 31 47 79 4b 69 fc 54 ca 4a a0 ce 28 cd 28 8b 9e b1 b4 5a d9 8c 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 fa 00 e2 00 00 00 5c 00 70 00 06 a7 f3 31 0d 32 96 03 54 c3 db c4 b5 fb 31 1e a1 b1 07 6b 3b 5d f2 74 9d 85 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 525 |
Entropy: | 5.212796843587302 |
Base64 Encoded: | True |
Data ASCII: | I D = " { D B 7 8 F 5 A A - 8 A 4 6 - 4 8 A C - 8 0 7 2 - 6 D 5 1 E 0 9 5 E 4 2 1 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 2 7 2 5 C 6 C 4 4 A 4 4 0 8 4 8 0 |
Data Raw: | 49 44 3d 22 7b 44 42 37 38 46 35 41 41 2d 38 41 34 36 2d 34 38 41 43 2d 38 30 37 32 2d 36 44 35 31 45 30 39 35 45 34 32 31 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2644 |
Entropy: | 3.997077137692501 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.3912088754515315 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . u i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 75 9d e0 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-07T19:32:48.580774+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.6 | 49698 | 13.107.246.60 | 443 | TCP |
2025-03-07T19:32:56.829202+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.6 | 49700 | 13.107.246.60 | 443 | TCP |
2025-03-07T19:32:56.874999+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.6 | 49699 | 13.107.246.60 | 443 | TCP |
- Total Packets: 229
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 7, 2025 19:32:30.582293987 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
Mar 7, 2025 19:32:30.582335949 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
Mar 7, 2025 19:32:30.582406044 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
Mar 7, 2025 19:32:30.585167885 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
Mar 7, 2025 19:32:30.585189104 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
Mar 7, 2025 19:32:32.654055119 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
Mar 7, 2025 19:32:32.654200077 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
Mar 7, 2025 19:32:32.659343004 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
Mar 7, 2025 19:32:32.659363985 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
Mar 7, 2025 19:32:32.659631968 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
Mar 7, 2025 19:32:32.659799099 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
Mar 7, 2025 19:32:32.660221100 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
Mar 7, 2025 19:32:32.704339027 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
Mar 7, 2025 19:32:33.364924908 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
Mar 7, 2025 19:32:33.365010023 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
Mar 7, 2025 19:32:33.365041971 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
Mar 7, 2025 19:32:33.365077019 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
Mar 7, 2025 19:32:33.371001959 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
Mar 7, 2025 19:32:33.371031046 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
Mar 7, 2025 19:32:33.393745899 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:33.393794060 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:33.393865108 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:33.394176006 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:33.394192934 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:35.549537897 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:35.549736023 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:35.554924965 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:35.554945946 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:35.555190086 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:35.555247068 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:35.555908918 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:35.600325108 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:36.159265995 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:36.159358978 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:36.159388065 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:36.159406900 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:36.168463945 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:36.168482065 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:36.169502020 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:36.169545889 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:36.169622898 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:36.169883966 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:36.169899940 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:38.664824963 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:38.665016890 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:38.666026115 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:38.666042089 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:38.666397095 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:38.666405916 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:39.188796997 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:39.189102888 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:39.190212011 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:39.190285921 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
Mar 7, 2025 19:32:39.190387964 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
Mar 7, 2025 19:32:44.741841078 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:44.741899967 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:44.742044926 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:44.742554903 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:44.742571115 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:48.580656052 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:48.580774069 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:48.582995892 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:48.583015919 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:48.583292961 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:48.585088968 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:48.628320932 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.197467089 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.197552919 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.197597027 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.197652102 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.197712898 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.197746038 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.197771072 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.275003910 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.275059938 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.275099993 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.275135040 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.275165081 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.275187016 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.321484089 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.321532011 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.321578026 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.321609020 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.321645021 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.321666956 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.368057013 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.368175030 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.368180990 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.368210077 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.368257046 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.368284941 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.411374092 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.411432028 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.411499023 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.411513090 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.411576033 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.459634066 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.459667921 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.459729910 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.459747076 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.459793091 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.459817886 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.499491930 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.499517918 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.499577045 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.499603033 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.499633074 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.499644995 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.535857916 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.535880089 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.535938978 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.535952091 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.535996914 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.536021948 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.556791067 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.556824923 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.556888103 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.556899071 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.556937933 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.556948900 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.575454950 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.575476885 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.575648069 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.575660944 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.575822115 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.597084045 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.597162008 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.597204924 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.597212076 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.597261906 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.597275019 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.622551918 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.622598886 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.622646093 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.622652054 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.622684956 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.622711897 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.648988962 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.649008989 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.649091959 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.649105072 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.649151087 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.663417101 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.663459063 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.663516045 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.663522005 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.663544893 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.663633108 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.676944971 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.676986933 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.677046061 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.677062988 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.677078009 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.677149057 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.696347952 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.696372032 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.696438074 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.696454048 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.696469069 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.696495056 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.732765913 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.732784033 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.732853889 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.732868910 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.732914925 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.762032986 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.762104034 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.762114048 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.762130022 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.762152910 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.762175083 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.792354107 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.792406082 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.792452097 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.792463064 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.792491913 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.792515993 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.830184937 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.830230951 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.830279112 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.830286026 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.830327034 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.830349922 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.832401037 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.832461119 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.832479954 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.832487106 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.832525015 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.832535028 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.834883928 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.834927082 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.834964037 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.834969997 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.835007906 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.835026026 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.836636066 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.836683989 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.836726904 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.836733103 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.836771011 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.836867094 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.841511965 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.841552019 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.841597080 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.841630936 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.841643095 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.841689110 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.865051985 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.865094900 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.865122080 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.865128994 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.865149021 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.865252972 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.887991905 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.888036013 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.888086081 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.888092041 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.888124943 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.888153076 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.903465986 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.903507948 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.903572083 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.903578997 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.903615952 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.903639078 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.915416956 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.915473938 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.915505886 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.915512085 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.915553093 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.919544935 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.919615984 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.919677973 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.919684887 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.919707060 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.919727087 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.926697016 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.926740885 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.926826954 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.926837921 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.926938057 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.936542988 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.936584949 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.936655045 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.936661005 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.936709881 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.951474905 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.951523066 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.951560020 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.951566935 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.951632977 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.968331099 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.968346119 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.968415976 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.968435049 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.968477964 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.986605883 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.986619949 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.986712933 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:49.986743927 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:49.986845970 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.002871990 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.002886057 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.002958059 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.002964973 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.003002882 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.009439945 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.009497881 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.009533882 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.009541035 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.009594917 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.015202999 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.015247107 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.015284061 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.015290022 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.015341997 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.022870064 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.022914886 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.022953033 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.022989035 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.023008108 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.023396015 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.031337023 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.031378984 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.031408072 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.031416893 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.031455994 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.031476974 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.045892000 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.045922041 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.045969009 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.045991898 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.046010017 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.046036959 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.063396931 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.063412905 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.063483953 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.063492060 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.063544989 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.093502045 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.093523026 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.093591928 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.093609095 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.093650103 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.119930029 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.119951010 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.120001078 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.120009899 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.120045900 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.120085001 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.131226063 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.131248951 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.131462097 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.131478071 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.131531000 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.136835098 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.136857986 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.136917114 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.136924982 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.136964083 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.146584034 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.146605968 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.146646976 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.146656990 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.146703005 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.159174919 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.159193993 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.159255981 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.159264088 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.159321070 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.178436995 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.178459883 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.178524971 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.178539991 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.178567886 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.178587914 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.205168962 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.205199003 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.205252886 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.205264091 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.205316067 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.263652086 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.263669968 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.263812065 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.263825893 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.263889074 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.327124119 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.327141047 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.327244997 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.327255011 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.327318907 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.350719929 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.350743055 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.350795984 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.350805044 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.350852966 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.364130020 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.364150047 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.364204884 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.364213943 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.364276886 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.382591963 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.382637978 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.382679939 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.382703066 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.382725000 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.382745981 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.409749985 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.409768105 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.409838915 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.409848928 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.409889936 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.439655066 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.439671040 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.439737082 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.439764977 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.439778090 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.439805031 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.461570024 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.461589098 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.461648941 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.461674929 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.461726904 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.513726950 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.513747931 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.513813972 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.513819933 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.513871908 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.571643114 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.571693897 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.571753979 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.571775913 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.571790934 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.571818113 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.585036039 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.585127115 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.585134029 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.585175991 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.585196972 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.585314989 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.590572119 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.590595007 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.590661049 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.590667963 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.590718031 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.600963116 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.600984097 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.601047993 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.601053953 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.601272106 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.612685919 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.612709045 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.612792969 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.612799883 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.612994909 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.624425888 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.624445915 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.624525070 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.624530077 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.624667883 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.635632038 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.635653973 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.635726929 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.635749102 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.637559891 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.667654991 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.667675972 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.667733908 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.667761087 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.667783976 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.667802095 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.711237907 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.711260080 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.711325884 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.711349010 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.711370945 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.711386919 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.720472097 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.720488071 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.720518112 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.720550060 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.720566988 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.720588923 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.720588923 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.720633030 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.720899105 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.720915079 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:50.720925093 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:50.720930099 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:54.238257885 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:54.238260984 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:54.238320112 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:54.238322020 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:54.238420010 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:54.238684893 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:54.238686085 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:54.238684893 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:54.238708019 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:54.238724947 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:56.828088045 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:56.829201937 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:56.829235077 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:56.830249071 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:56.830255032 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:56.874408007 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:56.874999046 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:56.875030994 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:56.875875950 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:56.875883102 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:57.688445091 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:57.688524008 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:57.688649893 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:57.690026045 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:57.690047026 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:57.690057039 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:57.690063000 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:57.693526983 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:57.693557978 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:57.693629980 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:57.693635941 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:57.693679094 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:57.693830967 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:57.693852901 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
Mar 7, 2025 19:32:57.693866014 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
Mar 7, 2025 19:32:57.693872929 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 7, 2025 19:32:30.570559978 CET | 56766 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 7, 2025 19:32:30.581379890 CET | 53 | 56766 | 1.1.1.1 | 192.168.2.6 |
Mar 7, 2025 19:32:33.374598980 CET | 62444 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 7, 2025 19:32:33.387696028 CET | 53 | 62444 | 1.1.1.1 | 192.168.2.6 |
Mar 7, 2025 19:32:44.695858002 CET | 52254 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 7, 2025 19:32:44.704216957 CET | 53 | 52254 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 7, 2025 19:32:30.570559978 CET | 192.168.2.6 | 1.1.1.1 | 0x6911 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 7, 2025 19:32:33.374598980 CET | 192.168.2.6 | 1.1.1.1 | 0xf234 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 7, 2025 19:32:44.695858002 CET | 192.168.2.6 | 1.1.1.1 | 0xfdce | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 7, 2025 19:31:43.427517891 CET | 1.1.1.1 | 192.168.2.6 | 0xa818 | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 7, 2025 19:31:43.427517891 CET | 1.1.1.1 | 192.168.2.6 | 0xa818 | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 19:31:43.427517891 CET | 1.1.1.1 | 192.168.2.6 | 0xa818 | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 19:32:30.581379890 CET | 1.1.1.1 | 192.168.2.6 | 0x6911 | No error (0) | 104.26.0.139 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 19:32:30.581379890 CET | 1.1.1.1 | 192.168.2.6 | 0x6911 | No error (0) | 172.67.68.60 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 19:32:30.581379890 CET | 1.1.1.1 | 192.168.2.6 | 0x6911 | No error (0) | 104.26.1.139 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 19:32:33.387696028 CET | 1.1.1.1 | 192.168.2.6 | 0xf234 | No error (0) | 5.161.200.29 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 19:32:44.704216957 CET | 1.1.1.1 | 192.168.2.6 | 0xfdce | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 7, 2025 19:32:44.704216957 CET | 1.1.1.1 | 192.168.2.6 | 0xfdce | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 7, 2025 19:32:44.704216957 CET | 1.1.1.1 | 192.168.2.6 | 0xfdce | No error (0) | shed.dual-low.s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 7, 2025 19:32:44.704216957 CET | 1.1.1.1 | 192.168.2.6 | 0xfdce | No error (0) | s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 7, 2025 19:32:44.704216957 CET | 1.1.1.1 | 192.168.2.6 | 0xfdce | No error (0) | 13.107.246.60 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49695 | 104.26.0.139 | 443 | 7148 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-07 18:32:32 UTC | 251 | OUT | |
2025-03-07 18:32:33 UTC | 1050 | IN | |
2025-03-07 18:32:33 UTC | 45 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49696 | 5.161.200.29 | 443 | 7148 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-07 18:32:35 UTC | 192 | OUT | |
2025-03-07 18:32:36 UTC | 397 | IN | |
2025-03-07 18:32:36 UTC | 38 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49697 | 5.161.200.29 | 443 | 7148 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-07 18:32:38 UTC | 188 | OUT | |
2025-03-07 18:32:39 UTC | 454 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 49698 | 13.107.246.60 | 443 | 7148 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-07 18:32:48 UTC | 226 | OUT | |
2025-03-07 18:32:49 UTC | 493 | IN | |
2025-03-07 18:32:49 UTC | 15891 | IN | |
2025-03-07 18:32:49 UTC | 16384 | IN | |
2025-03-07 18:32:49 UTC | 16384 | IN | |
2025-03-07 18:32:49 UTC | 16384 | IN | |
2025-03-07 18:32:49 UTC | 16384 | IN | |
2025-03-07 18:32:49 UTC | 16384 | IN | |
2025-03-07 18:32:49 UTC | 16384 | IN | |
2025-03-07 18:32:49 UTC | 16384 | IN | |
2025-03-07 18:32:49 UTC | 16384 | IN | |
2025-03-07 18:32:49 UTC | 16384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.6 | 49700 | 13.107.246.60 | 443 | 7148 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-07 18:32:56 UTC | 214 | OUT | |
2025-03-07 18:32:57 UTC | 470 | IN | |
2025-03-07 18:32:57 UTC | 204 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.6 | 49699 | 13.107.246.60 | 443 | 7148 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-07 18:32:56 UTC | 214 | OUT | |
2025-03-07 18:32:57 UTC | 515 | IN | |
2025-03-07 18:32:57 UTC | 2128 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 13:31:34 |
Start date: | 07/03/2025 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xde0000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 13:32:40 |
Start date: | 07/03/2025 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7b41c0000 |
File size: | 163'840 bytes |
MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 9 |
Start time: | 13:33:02 |
Start date: | 07/03/2025 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xde0000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |