Windows
Analysis Report
PO#4500550389.xla.xlsx
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
EXCEL.EXE (PID: 6784 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) mshta.exe (PID: 6032 cmdline:
C:\Windows \SysWOW64\ mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505) splwow64.exe (PID: 6456 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
EXCEL.EXE (PID: 2376 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\P O#45005503 89.xla.xls x" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: |
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-17T09:29:23.704196+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49701 | 13.107.246.60 | 443 | TCP |
2025-03-17T09:29:30.560221+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49704 | 13.107.246.60 | 443 | TCP |
2025-03-17T09:29:30.560706+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49703 | 13.107.246.60 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | OLE: | ||
Source: | OLE: |
Source: | OLE indicator, VBA macros: |
Source: | Stream path 'MBD00C9763B/\x1Ole' : |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Window title found: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'MBD00C9763A/MBD00320C7F/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Source: | Window / User API: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
33% | Virustotal | Browse | ||
19% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | 217.20.57.34 | true | false | high | |
kryx.ru | 188.225.72.170 | true | false | high | |
s-0005.dual-s-dc-msedge.net | 52.123.130.14 | true | false | high | |
s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | high | |
otelrules.svc.static.microsoft | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
198.12.89.24 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
188.225.72.170 | kryx.ru | Russian Federation | 9123 | TIMEWEB-ASRU | false | |
13.107.246.60 | s-part-0032.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1640393 |
Start date and time: | 2025-03-17 09:27:15 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 44s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | PO#4500550389.xla.xlsx |
Detection: | MAL |
Classification: | mal60.expl.winXLSX@6/4@2/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, SIHCli ent.exe, SgrmBroker.exe, conho st.exe, svchost.exe, MavInject 32.exe - Excluded IPs from analysis (wh
itelisted): 52.109.32.97, 52.1 09.68.129, 23.199.214.10, 217. 20.57.34, 20.189.173.10, 20.42 .73.30, 52.123.130.14, 20.190. 159.64, 4.245.163.56 - Excluded domains from analysis
(whitelisted): slscr.update.m icrosoft.com, eur.roaming1.liv e.com.akadns.net, fs-wildcard. microsoft.com.edgekey.net, fs- wildcard.microsoft.com.edgekey .net.globalredir.akadns.net, e 16604.dscf.akamaiedge.net, mob ile.events.data.microsoft.com, roaming.officeapps.live.com, dual-s-0005-office.config.skyp e.com, login.live.com, frc-azs c-000.roaming.officeapps.live. com, officeclient.microsoft.co m, ukw-azsc-config.officeapps. live.com, prod.fs.microsoft.co m.akadns.net, c.pki.goog, wu-b -net.trafficmanager.net, ecs.o ffice.com, self-events-data.tr afficmanager.net, fs.microsoft .com, ctldl.windowsupdate.com. delivery.microsoft.com, prod.c onfigsvc1.live.com.akadns.net, self.events.data.microsoft.co m, osiprod-frc-buff-azsc-000.f rancecentral.cloudapp.azure.co m, ctldl.windowsupdate.com, pr od.roaming1.live.com.akadns.ne t, fe3cr.delivery.mp.microsoft .com, config.officeapps.live.c om, onedscolprdwus09.westus.cl oudapp.azure.com, onedscolprde us18.eastus.cloudapp.azure.com , ecs.office.trafficmanager.ne t, e - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
Time | Type | Description |
---|---|---|
04:29:17 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
198.12.89.24 | Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Cobalt Strike, Snake Keylogger, VIP Keylogger | Browse |
| ||
188.225.72.170 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
13.107.246.60 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
kryx.ru | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
s-0005.dual-s-dc-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | Get hash | malicious | Babadeda | Browse |
| |
Get hash | malicious | Sality | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer, Xmrig | Browse |
| ||
Get hash | malicious | Stealc, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AS-COLOCROSSINGUS | Get hash | malicious | Cobalt Strike, FormBook | Browse |
| |
Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | StormKitty | Browse |
| ||
Get hash | malicious | DarkVision Rat | Browse |
| ||
Get hash | malicious | AsyncRAT, DarkVision Rat | Browse |
| ||
Get hash | malicious | Amadey, LummaC Stealer, Stealc, Xmrig | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
TIMEWEB-ASRU | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Sality | Browse |
| ||
Get hash | malicious | Sality | Browse |
| ||
Get hash | malicious | Sality | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Babadeda | Browse |
| ||
Get hash | malicious | Babadeda | Browse |
| ||
Get hash | malicious | Babadeda | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GhostRat, Mimikatz, Nitol | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Latrodectus, LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 118 |
Entropy (8bit): | 3.5700810731231707 |
Encrypted: | false |
SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
MD5: | 573220372DA4ED487441611079B623CD |
SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 784 |
Entropy (8bit): | 2.7137690747287806 |
Encrypted: | false |
SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
MD5: | 09F73B3902CD3D88E04312787956B654 |
SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.7769794087092887 |
Encrypted: | false |
SSDEEP: | 3:iXKG/4N+RMlW8td:iXlMlW8/ |
MD5: | 37BD8218D560948827D3B948CAFA579C |
SHA1: | 24347FB0A66F2DA8AD3BAB818E3C24977104E5DA |
SHA-256: | 189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6 |
SHA-512: | A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.832961984010229 |
TrID: |
|
File name: | PO#4500550389.xla.xlsx |
File size: | 1'172'480 bytes |
MD5: | f871e42b797cf70e3ee4a79e21f02197 |
SHA1: | b03ebab29eab8c27f1a814494953147a9b90322f |
SHA256: | ecc360802ade998b33380472d1b5ce4dc95e4039daf93123ba3885e2716dc012 |
SHA512: | f641e3a231b6b0896fc35749ddcac371e5d5b46c07b0256eb8bf77d73e63eb149816d274c6b17c263481fbc54993e2b52d029f9fc7ca3f84ccc54043d14b3c76 |
SSDEEP: | 24576:BLA6DHtWjejsk4McupJIwgxIOXR8YhbBWvdp8tLUWBMDcaPFKM:+SaejH4MTpzguM8YkpwLUwhM |
TLSH: | 01450294EFC05A26CA0D02350FE38B5C5A15EEEA5745620F3235BE1D3EB6B3E0B72519 |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
Icon Hash: | 35e58a8c0c8a85b9 |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2025-03-17 02:57:46 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 97 a3 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . % _ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 25 5f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` % . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 60 25 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 32 10 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.2503503175049815 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . # \\ . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD00C9763A/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00C9763A/\x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 296 |
Entropy: | 3.2973193143624515 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . S h e e t 1 ! P r i n t _ A r e a . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 b7 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | MBD00C9763A/\x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 31156 |
Entropy: | 3.1876994904322484 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . y . . . . . . . . . . P . . . . . . . X . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K e n n y C h e u n g . . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . m . . . @ . . . . _ ~ . \\ S . @ . . . . . . . . . . . . G . . . x . . . . . . . . 0 . . . . . . . . . . T < . . . . . . . . . . . . . . & . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 84 79 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 70 00 00 00 12 00 00 00 80 00 00 00 0b 00 00 00 98 00 00 00 0c 00 00 00 a4 00 00 00 0d 00 00 00 b0 00 00 00 13 00 00 00 bc 00 00 00 11 00 00 00 c4 00 00 00 |
General | |
Stream Path: | MBD00C9763A/MBD00320C7F/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.219515110876372 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00C9763A/MBD00320C7F/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 613686 |
Entropy: | 7.989056691241232 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . . X . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 1a 58 13 82 c0 01 00 00 90 07 00 00 13 00 bb 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 b7 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00C9763A/MBD00321A49/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.219515110876372 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00C9763A/MBD00321A49/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 13665 |
Entropy: | 7.1661074658165225 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . . ~ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 c8 9d a8 db 7e 01 00 00 85 05 00 00 13 00 cf 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 cb 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00C9763A/Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 392615 |
Entropy: | 7.73377528201003 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . h : . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
General | |
Stream Path: | MBD00C9763B/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 662 |
Entropy: | 5.089050631517283 |
Base64 Encoded: | False |
Data ASCII: | . . . . C . i x . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . k . r . y . x . . . r . u . / . e . 3 . E . P . l . 0 . ? . & . c . e . r . t . i . f . i . c . a . t . i . o . n . = . e . x . c . l . u . s . i . v . e . & . k . i . t . t . y . = . t . h . i . n . k . a . b . l . e . . . D . A . m w P # . | - . - t # . + E X 3 a R { % . N o J 7 . Q E | . % v ] . . . a l | ! h E d . . z L . . . ; R F . . . . . . . . . . . . . . . . F . . . x . c . q . 0 . h . H . Y . X . 2 . |
Data Raw: | 01 00 00 02 b3 d0 c4 43 90 0f 69 78 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b ec 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6b 00 72 00 79 00 78 00 2e 00 72 00 75 00 2f 00 65 00 33 00 45 00 50 00 6c 00 30 00 3f 00 26 00 63 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 69 00 6f 00 6e 00 3d 00 65 00 78 00 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 96243 |
Entropy: | 7.9920296999361415 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . M q . n 1 . w _ E U ? R . . . d H V . . . $ & } / . . . . . . . . . . w . . . \\ . p . u ^ . . . . ^ Q . & . 1 % g ] A [ g . L O ~ C q . . L H . V F I . j s , . S z i Z a 9 . A $ . J . # . T - # * . G p A . + 4 . . B . . . a . . . . . . = . . . @ . . . . . . / 3 . . . . . 3 . . . . . @ . . . . . W . . . . s a . . . . e . . . m = . . . . P . 9 @ . _ . @ . . . . x . . . . " . . . . . . . . e | . . . j . . . 9 ` 1 . . . . [ . ) . _ A . . . [ ' . . X 1 . . . |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 4d b1 71 1e 6e c0 fc 9d f1 c6 fe a7 e0 92 a5 d5 31 c3 87 77 5f 45 55 3f df 52 0c c8 93 0b 64 48 56 0c 0d d0 af 24 de 26 7d fe 84 84 2f b7 fe e8 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 77 ad e2 00 00 00 5c 00 70 00 75 86 5e 86 d3 93 1d e2 f2 b5 16 d9 b1 91 5e 51 c9 0b 91 26 07 85 31 25 83 67 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 525 |
Entropy: | 5.197714347380842 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 8 F 3 A 6 E 9 F - 1 9 9 F - 4 9 5 E - B 5 F B - B E 8 7 6 4 8 B 0 E 8 1 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 5 2 5 0 4 D D 1 0 F D 5 0 F D 5 0 |
Data Raw: | 49 44 3d 22 7b 38 46 33 41 36 45 39 46 2d 31 39 39 46 2d 34 39 35 45 2d 42 35 46 42 2d 42 45 38 37 36 34 38 42 30 45 38 31 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2644 |
Entropy: | 3.992573102057176 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.360492237373647 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 e7 1d ef 69 0d 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-17T09:29:23.704196+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49701 | 13.107.246.60 | 443 | TCP |
2025-03-17T09:29:30.560221+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49704 | 13.107.246.60 | 443 | TCP |
2025-03-17T09:29:30.560706+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49703 | 13.107.246.60 | 443 | TCP |
- Total Packets: 213
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 17, 2025 09:29:07.357548952 CET | 49697 | 443 | 192.168.2.7 | 188.225.72.170 |
Mar 17, 2025 09:29:07.357589006 CET | 443 | 49697 | 188.225.72.170 | 192.168.2.7 |
Mar 17, 2025 09:29:07.357669115 CET | 49697 | 443 | 192.168.2.7 | 188.225.72.170 |
Mar 17, 2025 09:29:07.357973099 CET | 49697 | 443 | 192.168.2.7 | 188.225.72.170 |
Mar 17, 2025 09:29:07.357985020 CET | 443 | 49697 | 188.225.72.170 | 192.168.2.7 |
Mar 17, 2025 09:29:08.044223070 CET | 443 | 49697 | 188.225.72.170 | 192.168.2.7 |
Mar 17, 2025 09:29:08.044364929 CET | 49697 | 443 | 192.168.2.7 | 188.225.72.170 |
Mar 17, 2025 09:29:08.048297882 CET | 49697 | 443 | 192.168.2.7 | 188.225.72.170 |
Mar 17, 2025 09:29:08.048314095 CET | 443 | 49697 | 188.225.72.170 | 192.168.2.7 |
Mar 17, 2025 09:29:08.048563004 CET | 443 | 49697 | 188.225.72.170 | 192.168.2.7 |
Mar 17, 2025 09:29:08.048612118 CET | 49697 | 443 | 192.168.2.7 | 188.225.72.170 |
Mar 17, 2025 09:29:08.048952103 CET | 49697 | 443 | 192.168.2.7 | 188.225.72.170 |
Mar 17, 2025 09:29:08.092334986 CET | 443 | 49697 | 188.225.72.170 | 192.168.2.7 |
Mar 17, 2025 09:29:08.358814955 CET | 443 | 49697 | 188.225.72.170 | 192.168.2.7 |
Mar 17, 2025 09:29:08.358877897 CET | 49697 | 443 | 192.168.2.7 | 188.225.72.170 |
Mar 17, 2025 09:29:08.358885050 CET | 443 | 49697 | 188.225.72.170 | 192.168.2.7 |
Mar 17, 2025 09:29:08.358935118 CET | 49697 | 443 | 192.168.2.7 | 188.225.72.170 |
Mar 17, 2025 09:29:08.358961105 CET | 443 | 49697 | 188.225.72.170 | 192.168.2.7 |
Mar 17, 2025 09:29:08.358999014 CET | 49697 | 443 | 192.168.2.7 | 188.225.72.170 |
Mar 17, 2025 09:29:08.362670898 CET | 49697 | 443 | 192.168.2.7 | 188.225.72.170 |
Mar 17, 2025 09:29:08.362684011 CET | 443 | 49697 | 188.225.72.170 | 192.168.2.7 |
Mar 17, 2025 09:29:08.364756107 CET | 49698 | 80 | 192.168.2.7 | 198.12.89.24 |
Mar 17, 2025 09:29:08.369539022 CET | 80 | 49698 | 198.12.89.24 | 192.168.2.7 |
Mar 17, 2025 09:29:08.369626045 CET | 49698 | 80 | 192.168.2.7 | 198.12.89.24 |
Mar 17, 2025 09:29:08.369787931 CET | 49698 | 80 | 192.168.2.7 | 198.12.89.24 |
Mar 17, 2025 09:29:08.374425888 CET | 80 | 49698 | 198.12.89.24 | 192.168.2.7 |
Mar 17, 2025 09:29:08.853543997 CET | 80 | 49698 | 198.12.89.24 | 192.168.2.7 |
Mar 17, 2025 09:29:08.853570938 CET | 80 | 49698 | 198.12.89.24 | 192.168.2.7 |
Mar 17, 2025 09:29:08.853667021 CET | 49698 | 80 | 192.168.2.7 | 198.12.89.24 |
Mar 17, 2025 09:29:13.865185022 CET | 80 | 49698 | 198.12.89.24 | 192.168.2.7 |
Mar 17, 2025 09:29:13.865250111 CET | 49698 | 80 | 192.168.2.7 | 198.12.89.24 |
Mar 17, 2025 09:29:22.836024046 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:22.836061954 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:22.836199999 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:22.837202072 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:22.837214947 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.704132080 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.704195976 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:23.706312895 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:23.706321001 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.706605911 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.707956076 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:23.748323917 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.856825113 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.856843948 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.856880903 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.856929064 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:23.856950998 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.857052088 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:23.943917990 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.943934917 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.943978071 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:23.943990946 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.944005013 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:23.944022894 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:23.946507931 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.946532011 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.946561098 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:23.946567059 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:23.946595907 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:23.946609974 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.032828093 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.032847881 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.032896996 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.032911062 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.032938004 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.032949924 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.034174919 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.034198046 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.034245014 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.034250021 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.034281969 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.034302950 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.035115957 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.035140991 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.035196066 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.035202026 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.035250902 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.036130905 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.036149979 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.036183119 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.036189079 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.036222935 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.036236048 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.123402119 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.123420954 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.123467922 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.123477936 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.123528957 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.123569965 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.124241114 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.124257088 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.124324083 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.124329090 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.124418020 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.124831915 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.124849081 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.124911070 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.124917030 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.125026941 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.125415087 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.125430107 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.125484943 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.125490904 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.125581980 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.136719942 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.136745930 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.136778116 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.136785030 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.136800051 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.137001991 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.139905930 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.139925957 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.139969110 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.139974117 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.140002966 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.140022993 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.140171051 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.140189886 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.140242100 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.140245914 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.140352011 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.208482027 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.208499908 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.208561897 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.208587885 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.208719015 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.214297056 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.214313984 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.214353085 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.214360952 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.214406013 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.215065002 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.215087891 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.215133905 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.215137959 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.215163946 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.215178967 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.215188980 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.215204000 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.215261936 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.215267897 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.215516090 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.216007948 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.216022015 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.216067076 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.216072083 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.216097116 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.216118097 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.217060089 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.217087030 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.217123032 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.217128038 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.217156887 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.217166901 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.217968941 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.217986107 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.218025923 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.218040943 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.218059063 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.218080044 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.218708038 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.218724012 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.218771935 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.218786001 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.218878984 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.304553986 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.304578066 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.304646015 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.304668903 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.304845095 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.305094004 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.305110931 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.305159092 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.305167913 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.305279016 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.305432081 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.305444956 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.305478096 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.305484056 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.305509090 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.305530071 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.305919886 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.305942059 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.305979013 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.305985928 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.306016922 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.306034088 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.306305885 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.306323051 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.306355000 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.306360006 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.306385040 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.306401014 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.306785107 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.306798935 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.306852102 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.306858063 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.306952000 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.307172060 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.307188034 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.307251930 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.307259083 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.307292938 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.307363987 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.307380915 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.307420015 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.307425976 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.307573080 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.395224094 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.395239115 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.395308018 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.395327091 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.395437956 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.395623922 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.395638943 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.395684958 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.395689964 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.395725012 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.395796061 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.395811081 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.395857096 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.395863056 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.395905018 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.396425009 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.396440029 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.396554947 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.396554947 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.396563053 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.396574020 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.396593094 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.396609068 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.396642923 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.396648884 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.396859884 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.397025108 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.397041082 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.397099972 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.397108078 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.397164106 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.397474051 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.397489071 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.397536039 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.397553921 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.397593975 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.397859097 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.397877932 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.397926092 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.397934914 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.397965908 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.397984982 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.485901117 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.485918999 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.485960007 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.485974073 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.485995054 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.486016035 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.486100912 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.486120939 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.486151934 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.486155987 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.486186981 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.486202955 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.486392021 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.486407042 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.486437082 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.486440897 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.486485958 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.486485958 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.486764908 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.486780882 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.486814976 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.486819029 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.486918926 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.487128019 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.487143993 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.487181902 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.487185955 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.487200022 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.487220049 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.487308025 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.487323046 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.487365007 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.487369061 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.487394094 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.487409115 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.487643957 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.487658978 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.487694979 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.487699032 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.487746954 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.487974882 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.487988949 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.488018990 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.488023043 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.488050938 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.576492071 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.576514959 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.576564074 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.576576948 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.576602936 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.576620102 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.576674938 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.576690912 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.576723099 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.576726913 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.576764107 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.576781988 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.577032089 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.577049017 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.577102900 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.577112913 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.577220917 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.577377081 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.577390909 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.577435017 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.577438116 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.577471972 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.577682972 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.577701092 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.577739954 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.577744961 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.577788115 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.577971935 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.577989101 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.578032017 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.578035116 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.578059912 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.578073978 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.578201056 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.578214884 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.578260899 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.578264952 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.578293085 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.578421116 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.578437090 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.578478098 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.578483105 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.578527927 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.667059898 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.667078972 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.667135000 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.667144060 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.667171001 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.667290926 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.667314053 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.667351007 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.667357922 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.667388916 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.667403936 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.667588949 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.667606115 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.667632103 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.667638063 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.667659044 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.667674065 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.667860985 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.667882919 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.667913914 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.667918921 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.667946100 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.667958975 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.668154955 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.668171883 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.668205023 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.668210030 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.668231964 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.668246984 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.668428898 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.668443918 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.668476105 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.668479919 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.668503046 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.668517113 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.668680906 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.668697119 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.668724060 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.668728113 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.668761015 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.668775082 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.669003963 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.669018984 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.669066906 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.669070959 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.669087887 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.669101954 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.757648945 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.757667065 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.757724047 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.757744074 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.757797003 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.757972002 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.757987976 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.758035898 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.758042097 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.758061886 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.758095026 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.758184910 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.758199930 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.758259058 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.758264065 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.758409023 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.758513927 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.758528948 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.758575916 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.758582115 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.758685112 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.758701086 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.758716106 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.758761883 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.758766890 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.758867979 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.758943081 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.758958101 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.758991003 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.759006023 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.759010077 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.759047985 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.759053946 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.759177923 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.759195089 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:24.759213924 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:24.759224892 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:29.853877068 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:29.853915930 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:29.853976011 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:29.880198956 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:29.880270004 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:29.880333900 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:29.881174088 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:29.881189108 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:29.884495974 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:29.884525061 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.559741020 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.560174942 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.560220957 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:30.560271025 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.560705900 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:30.560719967 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.561114073 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:30.561129093 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.561817884 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:30.561822891 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.670190096 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.670212030 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.670269012 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:30.670288086 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.670522928 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:30.670522928 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:30.670531988 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.670540094 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.670591116 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.672277927 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.672343016 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:29:30.672951937 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:30.672952890 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:30.672952890 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:30.979197025 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
Mar 17, 2025 09:29:30.979238987 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
Mar 17, 2025 09:30:06.281125069 CET | 49698 | 80 | 192.168.2.7 | 198.12.89.24 |
Mar 17, 2025 09:30:06.285878897 CET | 80 | 49698 | 198.12.89.24 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 17, 2025 09:29:07.261583090 CET | 63063 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 17, 2025 09:29:07.354336023 CET | 53 | 63063 | 1.1.1.1 | 192.168.2.7 |
Mar 17, 2025 09:29:22.696779013 CET | 50365 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 17, 2025 09:29:22.834953070 CET | 53 | 50365 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 17, 2025 09:29:07.261583090 CET | 192.168.2.7 | 1.1.1.1 | 0x85e6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 17, 2025 09:29:22.696779013 CET | 192.168.2.7 | 1.1.1.1 | 0x6876 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 17, 2025 09:28:18.209204912 CET | 1.1.1.1 | 192.168.2.7 | 0x254a | No error (0) | shed.s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:28:18.209204912 CET | 1.1.1.1 | 192.168.2.7 | 0x254a | No error (0) | s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:28:18.209204912 CET | 1.1.1.1 | 192.168.2.7 | 0x254a | No error (0) | 52.123.130.14 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:28:18.209204912 CET | 1.1.1.1 | 192.168.2.7 | 0x254a | No error (0) | 52.123.131.14 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:28:20.020064116 CET | 1.1.1.1 | 192.168.2.7 | 0xa641 | No error (0) | 217.20.57.34 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:28:20.020064116 CET | 1.1.1.1 | 192.168.2.7 | 0xa641 | No error (0) | 217.20.57.35 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:28:20.020064116 CET | 1.1.1.1 | 192.168.2.7 | 0xa641 | No error (0) | 84.201.210.23 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:28:20.020064116 CET | 1.1.1.1 | 192.168.2.7 | 0xa641 | No error (0) | 217.20.57.20 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:28:20.020064116 CET | 1.1.1.1 | 192.168.2.7 | 0xa641 | No error (0) | 217.20.57.36 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:28:20.020064116 CET | 1.1.1.1 | 192.168.2.7 | 0xa641 | No error (0) | 217.20.57.19 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:28:20.020064116 CET | 1.1.1.1 | 192.168.2.7 | 0xa641 | No error (0) | 84.201.210.39 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:29:07.354336023 CET | 1.1.1.1 | 192.168.2.7 | 0x85e6 | No error (0) | 188.225.72.170 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:29:22.834953070 CET | 1.1.1.1 | 192.168.2.7 | 0x6876 | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:29:22.834953070 CET | 1.1.1.1 | 192.168.2.7 | 0x6876 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:29:22.834953070 CET | 1.1.1.1 | 192.168.2.7 | 0x6876 | No error (0) | shed.dual-low.s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:29:22.834953070 CET | 1.1.1.1 | 192.168.2.7 | 0x6876 | No error (0) | s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:29:22.834953070 CET | 1.1.1.1 | 192.168.2.7 | 0x6876 | No error (0) | 13.107.246.60 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49698 | 198.12.89.24 | 80 | 6784 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 17, 2025 09:29:08.369787931 CET | 265 | OUT | |
Mar 17, 2025 09:29:08.853543997 CET | 1236 | IN | |
Mar 17, 2025 09:29:08.853570938 CET | 976 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49697 | 188.225.72.170 | 443 | 6784 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-17 08:29:08 UTC | 232 | OUT | |
2025-03-17 08:29:08 UTC | 508 | IN | |
2025-03-17 08:29:08 UTC | 117 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49701 | 13.107.246.60 | 443 | 6784 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-17 08:29:23 UTC | 226 | OUT | |
2025-03-17 08:29:23 UTC | 500 | IN | |
2025-03-17 08:29:23 UTC | 15884 | IN | |
2025-03-17 08:29:23 UTC | 16384 | IN | |
2025-03-17 08:29:23 UTC | 16384 | IN | |
2025-03-17 08:29:24 UTC | 16384 | IN | |
2025-03-17 08:29:24 UTC | 16384 | IN | |
2025-03-17 08:29:24 UTC | 16384 | IN | |
2025-03-17 08:29:24 UTC | 16384 | IN | |
2025-03-17 08:29:24 UTC | 16384 | IN | |
2025-03-17 08:29:24 UTC | 16384 | IN | |
2025-03-17 08:29:24 UTC | 16384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49704 | 13.107.246.60 | 443 | 6784 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-17 08:29:30 UTC | 214 | OUT | |
2025-03-17 08:29:30 UTC | 498 | IN | |
2025-03-17 08:29:30 UTC | 204 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.7 | 49703 | 13.107.246.60 | 443 | 6784 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-17 08:29:30 UTC | 214 | OUT | |
2025-03-17 08:29:30 UTC | 522 | IN | |
2025-03-17 08:29:30 UTC | 2128 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 04:28:14 |
Start date: | 17/03/2025 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xfb0000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 11 |
Start time: | 04:29:08 |
Start date: | 17/03/2025 |
Path: | C:\Windows\SysWOW64\mshta.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd60000 |
File size: | 13'312 bytes |
MD5 hash: | 06B02D5C097C7DB1F109749C45F3F505 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 13 |
Start time: | 04:29:17 |
Start date: | 17/03/2025 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6006a0000 |
File size: | 163'840 bytes |
MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 15 |
Start time: | 04:29:26 |
Start date: | 17/03/2025 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xfb0000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet1" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet2" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet3" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "ThisWorkbook" |
2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |