Edit tour
Windows
Analysis Report
Purchase Order.xla.xlsx
Overview
General Information
| Sample name: | Purchase Order.xla.xlsx |
| Analysis ID: | 1632081 |
| MD5: | 46ffff470dac9be64706177c35fa4021 |
| SHA1: | 4be5858b3b9cf7fda828a0aa9c517f5fd3c8fc94 |
| SHA256: | e3f2bd2eac9334d540f60520c2623d25630fa6b7f8b52325a31f8fe38b05dbdd |
| Tags: | CVE-2017-0199xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 56 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 6980 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
splwow64.exe (PID: 5852 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 5116 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\P urchase Or der.xla.xl sx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T19:32:46.348749+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49697 | 13.107.246.60 | 443 | TCP |
| 2025-03-07T19:32:55.514386+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49699 | 13.107.246.60 | 443 | TCP |
| 2025-03-07T19:32:55.608322+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49698 | 13.107.246.60 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | Memory has grown: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD0029F7FC/\x1Ole' : | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD0029F7FB/Workbook' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Extra Window Memory Injection | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 42% | Virustotal | Browse | ||
| 32% | ReversingLabs | Win32.Exploit.CVE-2017-0199 | ||
| 100% | Avira | EXP/CVE-2017-0199.yvyxc |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| link.orai.io | 104.26.1.139 | true | false | high | |
| st3.pro | 5.161.200.29 | true | false | high | |
| s-0005.dual-s-msedge.net | 52.123.129.14 | true | false | high | |
| s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | high | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high | ||
| false |
| unknown | |
| false | high | ||
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.26.1.139 | link.orai.io | United States | 13335 | CLOUDFLARENETUS | false | |
| 5.161.200.29 | st3.pro | Germany | 24940 | HETZNER-ASDE | false | |
| 13.107.246.60 | s-part-0032.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1632081 |
| Start date and time: | 2025-03-07 19:30:22 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 21s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Without Instrumentation |
| Number of analysed new started processes analysed: | 15 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Purchase Order.xla.xlsx |
| Detection: | MAL |
| Classification: | mal56.winXLSX@4/4@3/3 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, SgrmBr oker.exe, conhost.exe, svchost .exe - Excluded IPs from analysis (wh
itelisted): 52.109.28.46, 52.1 09.28.47, 23.199.214.10, 51.13 2.193.105, 20.189.173.3, 52.12 3.129.14, 20.190.159.2 - Excluded domains from analysis
(whitelisted): eur.roaming1.l ive.com.akadns.net, fs-wildcar d.microsoft.com.edgekey.net, f s-wildcard.microsoft.com.edgek ey.net.globalredir.akadns.net, mobile.events.data.microsoft. com, roaming.officeapps.live.c om, dual-s-0005-office.config. skype.com, login.live.com, off iceclient.microsoft.com, prod. fs.microsoft.com.akadns.net, c .pki.goog, ecs.office.com, sel f-events-data.trafficmanager.n et, fs.microsoft.com, prod.con figsvc1.live.com.akadns.net, s elf.events.data.microsoft.com, onedscolprdwus02.westus.cloud app.azure.com, ctldl.windowsup date.com, prod.roaming1.live.c om.akadns.net, osiprod-uks-buf f-azsc-000.uksouth.cloudapp.az ure.com, uks-azsc-000.roaming. officeapps.live.com, onedscolp rduks05.uksouth.cloudapp.azure .com, config.officeapps.live.c om, e16604.f.akamaiedge.net, e cs.office.trafficmanager.net, europe.configsvc1.live.com.aka dns.net, mobile.events.data.tr afficmanager.net, uks-azsc-con fig.officeapps.live.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 13:32:38 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.26.1.139 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Hidden Macro 4.0 | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 5.161.200.29 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 13.107.246.60 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| link.orai.io | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| st3.pro | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| HETZNER-ASDE | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer, PureLog Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
⊘No context
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 784 |
| Entropy (8bit): | 2.7137690747287806 |
| Encrypted: | false |
| SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
| MD5: | 09F73B3902CD3D88E04312787956B654 |
| SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
| SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
| SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.7769794087092887 |
| Encrypted: | false |
| SSDEEP: | 3:iXKG/4N+RMlW8td:iXlMlW8/ |
| MD5: | 37BD8218D560948827D3B948CAFA579C |
| SHA1: | 24347FB0A66F2DA8AD3BAB818E3C24977104E5DA |
| SHA-256: | 189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6 |
| SHA-512: | A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.979201229960194 |
| TrID: |
|
| File name: | Purchase Order.xla.xlsx |
| File size: | 1'135'616 bytes |
| MD5: | 46ffff470dac9be64706177c35fa4021 |
| SHA1: | 4be5858b3b9cf7fda828a0aa9c517f5fd3c8fc94 |
| SHA256: | e3f2bd2eac9334d540f60520c2623d25630fa6b7f8b52325a31f8fe38b05dbdd |
| SHA512: | c50ccb00a87eaac33ccbeb72b4524e078d377977dd071c841ca5b99bac61b6917a1ff7913c28cbfe3639e7435ecf23ce1881050baf15faff9ed215f20b626ade |
| SSDEEP: | 24576:ylEXNU2MvJtCZTWsCQRLqWmSi6567FAufv8Si8w9SAuO:lX6rJECsCQRLGIMFAWw8UuO |
| TLSH: | 803523A0BBC1C717C286747595FAD98A0ECCFC12AF51E14BB740779EB631BA2A11311B |
| File Content Preview: | ........................>...............................................................................................................o.......q.............................................................................................................. |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-06 03:52:23 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 48 82 b8 da 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H m . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 48 82 6d 07 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 48 82 aa aa 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H j | . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 48 82 6a 7c 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.3020681057018666 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . 5 * K . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD0029F7FB/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD0029F7FB/\x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 356 |
| Entropy: | 3.4189844832102483 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P r o f o r m a . . . . . H o j a 2 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . d . . . . . . . . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 00 01 00 00 bc 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 |
General | |
| Stream Path: | MBD0029F7FB/\x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 216 |
| Entropy: | 3.6265508148366 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t M a c i n t o s h E x c e l . . . @ . . . . | . # . @ . . . - ( J . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a8 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 64 00 00 00 0c 00 00 00 88 00 00 00 0d 00 00 00 94 00 00 00 13 00 00 00 a0 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD0029F7FB/Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 912898 |
| Entropy: | 7.998690752004616 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . . . 3 & . ^ 6 8 y \\ F . . * . 7 i Y . . 5 . . k | E : E 5 P u # ~ . . . . . . . . s . . . \\ . p . . B . . L Y U a ^ . . . g m p . K f N m . ) C 3 . d y . . z C 7 , 2 x . 9 R 7 F . ] . z " . ^ . z Y . u 5 6 \\ - X L " B . . . . a . . . J . . . . = . . . R . . . 2 V . . . O . . . b . . . . . L ` . . . . . . . . . . . . . . . . . . . . . . p = . . . 7 { . p 7 | o f W ( @ . . . o % . . . M " . . . . . . . . . . . @ . . . k = 1 . . . ] e l 2 \\ . Y > w a * , . |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 1c dc 00 9e 33 d3 26 0a 5e c3 36 38 79 e1 5c 46 b3 05 03 2a 09 37 69 59 19 0e 35 17 0b 6b bf ae ce 7c 45 3a 97 b6 45 35 de 50 97 75 23 7e 0d ac e1 00 02 00 b0 04 c1 00 02 00 b0 73 e2 00 00 00 5c 00 70 00 00 f4 42 dd b9 fc b3 0c e5 4c 59 ae bb 55 61 b7 a4 e5 84 5e b2 d8 18 1f c9 89 b5 89 e8 67 |
General | |
| Stream Path: | MBD0029F7FC/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 862 |
| Entropy: | 5.280886203656377 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . [ : j J . . . . . . . . . . . . . $ . . . y . . . K . . . . h . t . t . p . s . : . / . / . l . i . n . k . . . o . r . a . i . . . i . o . / . b . D . t . O . t . A . ? . & . o . b . i . = . b . o . u . n . d . l . e . s . s . & . d . o . e . = . w . r . o . n . g . & . s . t . r . e . e . t . . . Q B T . . . . U " . % 2 - x . = " K ~ . \\ 6 X . Q . . F C j f } ! 9 . < } _ & ^ 2 . D : V " \\ a ) . n + . ^ . F . . . ; B 4 1 . 6 ` 6 [ C . Q M ; i t E . d d . C . ; . : . } . # . . . . . . . . . . . |
| Data Raw: | 01 00 00 02 5b d9 3a 6a e4 4a ad 1d 00 00 00 00 00 00 00 00 00 00 00 00 24 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 20 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6c 00 69 00 6e 00 6b 00 2e 00 6f 00 72 00 61 00 69 00 2e 00 69 00 6f 00 2f 00 62 00 44 00 74 00 4f 00 74 00 41 00 3f 00 26 00 6f 00 62 00 69 00 3d 00 62 00 6f 00 75 00 6e 00 64 00 6c 00 65 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 197294 |
| Entropy: | 7.997148841767002 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . P K G 7 . . < e . . . . . d J . 7 0 _ O p . . o % 1 . . . . . . . . . . . % . . . \\ . p . 3 @ ) > M . . h ! . " x K P h 9 q N . / e @ . ; ; + 7 . R , @ 9 . . a | . L . L n z 7 _ q \\ ! v + w ) k + b q . Y 9 : . . " W X c B . . . v a . . . - b . . . = . . . , ' C . . . . . ? . D . . 4 . . . . . . . @ > . . . . . . . . . / . . . o . . . = = . . . N , S N Q e B n @ . . . 5 . . . \\ " . . . . . . . , . . . $ . . . v 1 . . . I O , . e . . # A n $ ' 1 . . . - . |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 d3 50 fb e9 4b b6 47 ed 37 f8 98 0d d5 b8 ac 3c 65 1c 0a e2 e6 0b 0d 0b e9 ff f8 64 4a 83 7f f7 37 fd 30 d6 5f 4f cf 70 c8 92 d3 9b 6f d7 25 31 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 25 e2 00 00 00 5c 00 70 00 33 e2 40 99 de 29 3e 86 8b 4d 07 1f 68 21 1e 22 78 ec 4b df 50 68 39 bf 8b 71 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 529 |
| Entropy: | 5.241094844295408 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { E 4 2 4 4 A A 7 - F C 9 A - 4 E 1 E - A 2 1 D - A B D D E C E 8 F C 3 2 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " A 6 A 4 F 6 2 A 0 A D 6 E C D A E |
| Data Raw: | 49 44 3d 22 7b 45 34 32 34 34 41 41 37 2d 46 43 39 41 2d 34 45 31 45 2d 41 32 31 44 2d 41 42 44 44 45 43 45 38 46 43 33 32 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.9759068224871146 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.367001240826013 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E . |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 ee a9 e0 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeDownload Network PCAP: filtered – full
| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T19:32:46.348749+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49697 | 13.107.246.60 | 443 | TCP |
| 2025-03-07T19:32:55.514386+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49699 | 13.107.246.60 | 443 | TCP |
| 2025-03-07T19:32:55.608322+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49698 | 13.107.246.60 | 443 | TCP |
- Total Packets: 222
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 19:32:27.600521088 CET | 49694 | 443 | 192.168.2.7 | 104.26.1.139 |
| Mar 7, 2025 19:32:27.600562096 CET | 443 | 49694 | 104.26.1.139 | 192.168.2.7 |
| Mar 7, 2025 19:32:27.600621939 CET | 49694 | 443 | 192.168.2.7 | 104.26.1.139 |
| Mar 7, 2025 19:32:27.618510962 CET | 49694 | 443 | 192.168.2.7 | 104.26.1.139 |
| Mar 7, 2025 19:32:27.618532896 CET | 443 | 49694 | 104.26.1.139 | 192.168.2.7 |
| Mar 7, 2025 19:32:29.842694998 CET | 443 | 49694 | 104.26.1.139 | 192.168.2.7 |
| Mar 7, 2025 19:32:29.842787027 CET | 49694 | 443 | 192.168.2.7 | 104.26.1.139 |
| Mar 7, 2025 19:32:29.847569942 CET | 49694 | 443 | 192.168.2.7 | 104.26.1.139 |
| Mar 7, 2025 19:32:29.847587109 CET | 443 | 49694 | 104.26.1.139 | 192.168.2.7 |
| Mar 7, 2025 19:32:29.847826958 CET | 443 | 49694 | 104.26.1.139 | 192.168.2.7 |
| Mar 7, 2025 19:32:29.847886086 CET | 49694 | 443 | 192.168.2.7 | 104.26.1.139 |
| Mar 7, 2025 19:32:29.848325014 CET | 49694 | 443 | 192.168.2.7 | 104.26.1.139 |
| Mar 7, 2025 19:32:29.892328978 CET | 443 | 49694 | 104.26.1.139 | 192.168.2.7 |
| Mar 7, 2025 19:32:30.570429087 CET | 443 | 49694 | 104.26.1.139 | 192.168.2.7 |
| Mar 7, 2025 19:32:30.570522070 CET | 443 | 49694 | 104.26.1.139 | 192.168.2.7 |
| Mar 7, 2025 19:32:30.570557117 CET | 49694 | 443 | 192.168.2.7 | 104.26.1.139 |
| Mar 7, 2025 19:32:30.570678949 CET | 49694 | 443 | 192.168.2.7 | 104.26.1.139 |
| Mar 7, 2025 19:32:30.574244976 CET | 49694 | 443 | 192.168.2.7 | 104.26.1.139 |
| Mar 7, 2025 19:32:30.574275017 CET | 443 | 49694 | 104.26.1.139 | 192.168.2.7 |
| Mar 7, 2025 19:32:30.591331005 CET | 49695 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:30.591381073 CET | 443 | 49695 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:30.591516018 CET | 49695 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:30.591969967 CET | 49695 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:30.591998100 CET | 443 | 49695 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:32.665946960 CET | 443 | 49695 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:32.666045904 CET | 49695 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:32.673130989 CET | 49695 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:32.673151016 CET | 443 | 49695 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:32.673419952 CET | 443 | 49695 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:32.673616886 CET | 49695 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:32.673966885 CET | 49695 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:32.720330000 CET | 443 | 49695 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:33.159322977 CET | 443 | 49695 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:33.159409046 CET | 443 | 49695 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:33.159430027 CET | 49695 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:33.159457922 CET | 49695 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:33.169666052 CET | 49695 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:33.169687033 CET | 443 | 49695 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:33.170763969 CET | 49696 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:33.170794964 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:33.170885086 CET | 49696 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:33.171274900 CET | 49696 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:33.171287060 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:35.329755068 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:35.329899073 CET | 49696 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:35.330681086 CET | 49696 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:35.330681086 CET | 49696 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:35.330712080 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:35.330769062 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:35.975795031 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:35.975853920 CET | 49696 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:35.976751089 CET | 49696 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:35.976804018 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.7 |
| Mar 7, 2025 19:32:35.976933956 CET | 49696 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 7, 2025 19:32:43.619956970 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:43.620001078 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:43.620076895 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:43.620454073 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:43.620488882 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:46.348669052 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:46.348748922 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:46.350647926 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:46.350662947 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:46.350996017 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:46.352710962 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:46.400321007 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.034965038 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.035000086 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.035020113 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.035096884 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.035131931 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.035151005 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.035178900 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.109922886 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.109952927 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.110011101 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.110044003 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.110055923 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.110101938 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.110362053 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.150996923 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.151025057 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.151078939 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.151094913 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.151123047 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.151139975 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.193065882 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.193129063 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.193152905 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.193180084 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.193195105 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.193223953 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.215873003 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.215944052 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.215955019 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.215966940 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.216000080 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.216021061 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.239782095 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.239810944 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.239856005 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.239866972 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.239898920 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.239916086 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.258876085 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.258898973 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.258979082 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.259001017 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.259069920 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.285130978 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.285152912 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.285209894 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.285228014 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.285258055 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.285278082 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.297065020 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.297080040 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.297149897 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.297166109 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.297207117 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.308979988 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.308998108 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.309063911 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.309073925 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.309118986 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.321363926 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.321381092 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.321444035 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.321451902 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.321494102 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.333569050 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.333586931 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.333633900 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.333646059 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.333678007 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.333695889 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.343008995 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.343024969 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.343081951 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.343090057 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.343132019 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.353693008 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.353708029 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.353773117 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.353781939 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.353821993 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.371051073 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.371067047 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.371146917 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.371157885 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.371196985 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.377465010 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.377479076 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.377533913 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.377542973 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.377597094 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.385283947 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.385298967 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.385369062 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.385377884 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.385411978 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.397475958 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.397491932 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.397545099 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.397556067 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.397594929 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.408148050 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.408165932 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.408220053 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.408236027 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.408274889 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.420780897 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.420798063 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.420881987 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.420918941 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.420968056 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.430242062 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.430260897 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.430321932 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.430340052 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.430385113 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.440888882 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.440907955 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.441387892 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.441399097 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.441549063 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.451189041 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.451205969 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.451272011 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.451286077 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.451334000 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.467827082 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.467849016 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.468029976 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.468066931 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.468122959 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.473439932 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.473467112 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.473556995 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.473575115 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.473618031 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.490294933 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.490318060 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.490391970 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.490407944 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.490458965 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.500211000 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.500231981 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.500296116 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.500305891 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.500349998 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.512754917 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.512779951 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.512856007 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.512866020 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.512928963 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.521972895 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.521991014 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.522063017 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.522073030 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.522139072 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.532872915 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.532896996 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.532963037 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.532974958 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.533019066 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.533044100 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.553878069 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.553895950 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.554110050 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.554146051 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.554323912 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.560446978 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.560462952 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.560549974 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.560559988 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.560627937 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.565792084 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.565808058 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.565886021 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.565896034 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.565944910 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.594441891 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.594458103 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.594538927 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.594574928 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.594623089 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.609714031 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.609731913 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.609803915 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.609814882 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.609859943 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.631984949 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.632008076 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.632082939 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.632096052 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.632145882 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.655985117 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.656009912 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.656197071 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.656197071 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.656241894 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.656305075 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.677608967 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.677628994 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.677824020 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.677865982 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.677933931 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.701268911 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.701288939 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.701363087 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.701385021 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.701431990 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.710504055 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.710526943 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.710599899 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.710612059 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.710656881 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.714796066 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.714812040 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.714869976 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.714879990 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.714929104 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.748704910 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.748723030 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.748790979 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.748810053 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.748856068 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.766668081 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.766685963 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.766727924 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.766740084 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.766767025 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.766782999 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.794730902 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.794749975 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.794802904 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.794815063 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.794862032 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.829929113 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.829946041 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.830002069 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.830020905 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.830050945 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.830070019 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.841634989 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.841654062 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.841711044 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.841767073 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.841787100 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.841804028 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.872481108 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.872503996 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.872569084 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.872603893 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.872618914 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.872651100 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.879343033 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.879365921 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.879420996 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.879443884 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.879486084 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.884933949 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.884994984 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.885015965 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.885024071 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.885059118 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.885078907 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.921267986 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.921318054 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.921365976 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.921377897 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.921411037 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.921432972 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.938930035 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.938976049 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.939013004 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.939022064 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.939039946 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.939064980 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.993736982 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.993803024 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.993825912 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.993844032 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.993876934 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.993892908 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.994472980 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.994515896 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.994560957 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.994566917 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.994591951 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.994678974 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.997539997 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.997585058 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.997613907 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.997622013 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:47.997658968 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:47.997684956 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.014147997 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.014225960 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.014234066 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.014251947 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.014286995 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.014307022 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.017501116 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.017563105 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.017569065 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.017585039 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.017623901 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.017638922 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.020989895 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.021034956 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.021061897 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.021069050 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.021110058 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.046257973 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.046319008 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.046339989 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.046345949 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.046389103 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.065457106 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.065507889 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.065534115 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.065542936 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.065617085 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.113766909 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.113812923 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.113854885 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.113893986 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.113913059 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.113939047 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.114563942 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.114607096 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.114639997 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.114655972 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.114675045 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.114701033 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.115540028 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.115582943 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.115603924 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.115609884 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.115650892 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.115664959 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.133882999 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.133932114 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.133960962 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.133968115 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.134007931 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.137022972 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.137090921 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.137096882 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.137120962 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.137156010 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.137171030 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.139678955 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.139724970 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.139748096 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.139754057 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.139786005 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.139817953 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.162295103 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.162343979 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.162487030 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.162487030 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.162520885 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.163336992 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.177114010 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.177169085 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.177197933 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.177205086 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.177372932 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.255021095 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.255047083 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.255109072 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.255130053 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.255155087 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.255183935 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.255191088 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.255243063 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.255534887 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.255553961 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:48.255565882 CET | 49697 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.255573034 CET | 443 | 49697 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:51.805422068 CET | 49698 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:51.805526018 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:51.805681944 CET | 49698 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:51.805860996 CET | 49698 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:51.805883884 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:51.806015015 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:51.806122065 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:51.806191921 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:51.806418896 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:51.806452036 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:55.477327108 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:55.514385939 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:55.514414072 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:55.515420914 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:55.515439034 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:55.607263088 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:55.608321905 CET | 49698 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:55.608390093 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:55.609901905 CET | 49698 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:55.609931946 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:56.166482925 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:56.166559935 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:56.166770935 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:56.167844057 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:56.167875051 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:56.167887926 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:56.167895079 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:56.304116964 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:56.304142952 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:56.304208040 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:56.304461956 CET | 49698 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:56.339452982 CET | 49698 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:56.339453936 CET | 49698 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 7, 2025 19:32:56.339535952 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.7 |
| Mar 7, 2025 19:32:56.339582920 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.7 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 19:32:27.589129925 CET | 55936 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 7, 2025 19:32:27.599291086 CET | 53 | 55936 | 1.1.1.1 | 192.168.2.7 |
| Mar 7, 2025 19:32:30.576334000 CET | 54891 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 7, 2025 19:32:30.590138912 CET | 53 | 54891 | 1.1.1.1 | 192.168.2.7 |
| Mar 7, 2025 19:32:43.575362921 CET | 62635 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 7, 2025 19:32:43.618983984 CET | 53 | 62635 | 1.1.1.1 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 19:32:27.589129925 CET | 192.168.2.7 | 1.1.1.1 | 0xeabe | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 19:32:30.576334000 CET | 192.168.2.7 | 1.1.1.1 | 0xd19 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 19:32:43.575362921 CET | 192.168.2.7 | 1.1.1.1 | 0x1286 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 19:31:41.878381014 CET | 1.1.1.1 | 192.168.2.7 | 0x57a1 | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:31:41.878381014 CET | 1.1.1.1 | 192.168.2.7 | 0x57a1 | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:31:41.878381014 CET | 1.1.1.1 | 192.168.2.7 | 0x57a1 | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:27.599291086 CET | 1.1.1.1 | 192.168.2.7 | 0xeabe | No error (0) | 104.26.1.139 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:27.599291086 CET | 1.1.1.1 | 192.168.2.7 | 0xeabe | No error (0) | 104.26.0.139 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:27.599291086 CET | 1.1.1.1 | 192.168.2.7 | 0xeabe | No error (0) | 172.67.68.60 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:30.590138912 CET | 1.1.1.1 | 192.168.2.7 | 0xd19 | No error (0) | 5.161.200.29 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:43.618983984 CET | 1.1.1.1 | 192.168.2.7 | 0x1286 | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:43.618983984 CET | 1.1.1.1 | 192.168.2.7 | 0x1286 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:43.618983984 CET | 1.1.1.1 | 192.168.2.7 | 0x1286 | No error (0) | shed.dual-low.s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:43.618983984 CET | 1.1.1.1 | 192.168.2.7 | 0x1286 | No error (0) | s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:43.618983984 CET | 1.1.1.1 | 192.168.2.7 | 0x1286 | No error (0) | 13.107.246.60 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49694 | 104.26.1.139 | 443 | 6980 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:32:29 UTC | 228 | OUT | |
| 2025-03-07 18:32:30 UTC | 1047 | IN | |
| 2025-03-07 18:32:30 UTC | 45 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49695 | 5.161.200.29 | 443 | 6980 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:32:32 UTC | 192 | OUT | |
| 2025-03-07 18:32:33 UTC | 397 | IN | |
| 2025-03-07 18:32:33 UTC | 38 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49696 | 5.161.200.29 | 443 | 6980 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:32:35 UTC | 188 | OUT | |
| 2025-03-07 18:32:35 UTC | 454 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 49697 | 13.107.246.60 | 443 | 6980 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:32:46 UTC | 226 | OUT | |
| 2025-03-07 18:32:47 UTC | 493 | IN | |
| 2025-03-07 18:32:47 UTC | 15891 | IN | |
| 2025-03-07 18:32:47 UTC | 16384 | IN | |
| 2025-03-07 18:32:47 UTC | 16384 | IN | |
| 2025-03-07 18:32:47 UTC | 16384 | IN | |
| 2025-03-07 18:32:47 UTC | 16384 | IN | |
| 2025-03-07 18:32:47 UTC | 16384 | IN | |
| 2025-03-07 18:32:47 UTC | 16384 | IN | |
| 2025-03-07 18:32:47 UTC | 16384 | IN | |
| 2025-03-07 18:32:47 UTC | 16384 | IN | |
| 2025-03-07 18:32:47 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.7 | 49699 | 13.107.246.60 | 443 | 6980 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:32:55 UTC | 214 | OUT | |
| 2025-03-07 18:32:56 UTC | 470 | IN | |
| 2025-03-07 18:32:56 UTC | 204 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.7 | 49698 | 13.107.246.60 | 443 | 6980 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:32:55 UTC | 214 | OUT | |
| 2025-03-07 18:32:56 UTC | 515 | IN | |
| 2025-03-07 18:32:56 UTC | 2128 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 13:31:33 |
| Start date: | 07/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x390000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 9 |
| Start time: | 13:32:38 |
| Start date: | 07/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff751390000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 11 |
| Start time: | 13:32:53 |
| Start date: | 07/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x390000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly
