Windows
Analysis Report
ORDER 517-2025.xla.xlsx
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
EXCEL.EXE (PID: 7144 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) mshta.exe (PID: 1384 cmdline:
C:\Windows \SysWOW64\ mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505) splwow64.exe (PID: 1864 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
EXCEL.EXE (PID: 5824 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\O RDER 517-2 025.xla.xl sx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: |
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-26T08:12:53.394623+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49700 | 13.107.246.38 | 443 | TCP |
2025-03-26T08:13:00.433166+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49701 | 13.107.246.38 | 443 | TCP |
2025-03-26T08:13:00.433822+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49702 | 13.107.246.38 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | OLE indicator, VBA macros: |
Source: | Stream path 'MBD00E31B39/\x1Ole' : |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Window title found: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'MBD00E31B38/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Source: | Window / User API: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
28% | Virustotal | Browse | ||
25% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
s-part-0010.t-0009.t-msedge.net | 13.107.246.38 | true | false | high | |
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
agr.my | 147.79.86.93 | true | false | unknown | |
s-0005.dual-s-msedge.net | 52.123.129.14 | true | false | high | |
otelrules.svc.static.microsoft | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
209.46.124.102 | unknown | United States | 7381 | SRS-6-Z-7381US | false | |
147.79.86.93 | agr.my | United States | 208485 | EKSENBILISIMTR | false | |
13.107.246.38 | s-part-0010.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1648793 |
Start date and time: | 2025-03-26 08:10:36 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | ORDER 517-2025.xla.xlsx |
Detection: | MAL |
Classification: | mal56.expl.winXLSX@6/4@4/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, SIHCli ent.exe, SgrmBroker.exe, conho st.exe, svchost.exe, MavInject 32.exe - Excluded IPs from analysis (wh
itelisted): 52.109.20.38, 52.1 09.6.63, 184.31.69.3, 199.232. 210.172, 20.52.64.200, 23.204. 23.20, 20.189.173.1, 52.123.12 9.14, 40.126.24.148, 4.175.87. 197 - Excluded domains from analysis
(whitelisted): onedscolprdwus 00.westus.cloudapp.azure.com, slscr.update.microsoft.com, sc us-azsc-config.officeapps.live .com, eus2-azsc-000.roaming.of ficeapps.live.com, fs-wildcard .microsoft.com.edgekey.net, fs -wildcard.microsoft.com.edgeke y.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, on edscolprdgwc02.germanywestcent ral.cloudapp.azure.com, osipro d-eus2-buff-azsc-000.eastus2.c loudapp.azure.com, mobile.even ts.data.microsoft.com, roaming .officeapps.live.com, dual-s-0 005-office.config.skype.com, l ogin.live.com, officeclient.mi crosoft.com, prod.fs.microsoft .com.akadns.net, c.pki.goog, w u-b-net.trafficmanager.net, ec s.office.com, self-events-data .trafficmanager.net, fs.micros oft.com, ctldl.windowsupdate.c om.delivery.microsoft.com, pro d.configsvc1.live.com.akadns.n et, self.events.data.microsoft .com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns .net, fe3cr.delivery.mp.micros oft.com, us1.roaming1.live.com .akadns.net, config.officeapps .live.com, us.configsvc1.live. com. - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
Time | Type | Description |
---|---|---|
03:12:47 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
209.46.124.102 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
147.79.86.93 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
13.107.246.38 | Get hash | malicious | AsyncRAT, PureLog Stealer, XWorm | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | PureLog Stealer, XWorm | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
s-part-0010.t-0009.t-msedge.net | Get hash | malicious | AsyncRAT, PureLog Stealer, XWorm | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AnarchyGrabber, AsyncRAT, DBatLoader, Discord Token Stealer, FritzFrog, HawkEye, Lokibot | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
bg.microsoft.map.fastly.net | Get hash | malicious | Quasar, XWorm | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | CryptOne, LummaC Stealer, Socks5Systemz | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
agr.my | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AsyncRAT, PureLog Stealer, XWorm | Browse |
| ||
SRS-6-Z-7381US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
EKSENBILISIMTR | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gabagool | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | CryptOne, LummaC Stealer, Socks5Systemz | Browse |
| ||
Get hash | malicious | GO Backdoor, LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
|
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 118 |
Entropy (8bit): | 3.5700810731231707 |
Encrypted: | false |
SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
MD5: | 573220372DA4ED487441611079B623CD |
SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 784 |
Entropy (8bit): | 2.7137690747287806 |
Encrypted: | false |
SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
MD5: | 09F73B3902CD3D88E04312787956B654 |
SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.7769794087092887 |
Encrypted: | false |
SSDEEP: | 3:iXKG/4N+RMlW8td:iXlMlW8/ |
MD5: | 37BD8218D560948827D3B948CAFA579C |
SHA1: | 24347FB0A66F2DA8AD3BAB818E3C24977104E5DA |
SHA-256: | 189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6 |
SHA-512: | A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.982460847573051 |
TrID: |
|
File name: | ORDER 517-2025.xla.xlsx |
File size: | 1'263'104 bytes |
MD5: | f9137fe9005de451da58b57301dba5b9 |
SHA1: | 5d756a8364f3382703825b71c89247bb2d156f11 |
SHA256: | 32df4f4afa4d06c6096d807535d584556cb7dca6234088299106a93a49a8e4ef |
SHA512: | 7b4e958e45047e28649ccd71f1269207b57f6504841aa1fc0a0e6a5ad63b23a34e1264cdebd94513763808acd9957204dd8ae421d9af2772ade2bdb09872a9f1 |
SSDEEP: | 24576:vk/BbDqMApAUspxvqbY43WZHzn0M9cWNVDfrsnlCdbPusr:vcRwEpxybY43WF0MtDDTMElW |
TLSH: | A14523947B80DF77C9A344BC959B8549811AFC807B59CBA3724A735A78313B0866F38F |
File Content Preview: | ........................>...................................v...................................................................................y.......{...................................................................................................... |
Icon Hash: | 35e58a8c0c8a85b9 |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2025-03-26 04:05:24 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y j s . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 79 6a 73 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y E . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 79 45 1d 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y $ D . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 79 24 44 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y P . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 79 d8 50 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.2423021151327975 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . Z L . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD00E31B38/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 99 |
Entropy: | 3.631242196770981 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00E31B38/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 1099182 |
Entropy: | 7.995133395558438 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . w 1 . . . . j . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 77 31 d5 0e e3 01 00 00 6a 08 00 00 13 00 cd 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c9 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00E31B39/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 718 |
Entropy: | 5.460169186385878 |
Base64 Encoded: | False |
Data ASCII: | . . . . . W B o . . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . a . g . r . . . m . y . / . m . S . G . a . l . N . ? . & . m . o . r . n . i . n . g . . . & h . > X . F . . . ' N Q C t : { & Y 1 . # . v 3 . } . % . S ` M R . . B . y . 9 6 L . . b a + . 8 . . f n . g . ] & Q f . N / T . V . : < y 2 . . { . O d | . 2 + y . 6 . 0 K L 9 * . . . . . . . . . . . . . . . . z . . . p . l . y . p . V . n . j . O . 9 . P . q . u . Z . C . h . K . N . o . 5 . 2 . H . N . h . F . X |
Data Raw: | 01 00 00 02 ff a1 01 57 42 6f de 0a 00 00 00 00 00 00 00 00 00 00 00 00 f4 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b f0 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 61 00 67 00 72 00 2e 00 6d 00 79 00 2f 00 6d 00 53 00 47 00 61 00 6c 00 4e 00 3f 00 26 00 6d 00 6f 00 72 00 6e 00 69 00 6e 00 67 00 00 00 26 68 d3 be 3e 8c 58 1c 20 46 a2 c6 b4 0a 01 27 fa 4e |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 139423 |
Entropy: | 7.995407604620061 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . ^ ` . \\ O # . I U 3 0 G . s Q L j y Z 6 N . \\ N a r B . . . . . . . . . . # . . . \\ . p . | 2 % . K E c ; . 5 . . L . b . . C V 2 O . w J . . & A v W n | . . . b . ? q k . / B r v / d . O + . K @ J B . . . k a . . . . . . . = . . . , 6 . . . . l : w U n . . . . . . . . . . . . . . . . . . . . ( . . . z = . . . 8 . / . @ { . U @ . . . 5 . . . " . . . } . . . . { . . . . . . . 1 . . . . . ? . W z ' X b l , u . 9 a y 1 . . . . 6 T 7 . p U . . h R f ) @ |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 81 5e 60 0a 5c f5 4f 23 1a e3 b9 49 55 33 ba ba f1 e4 30 47 c6 16 73 80 c2 51 4c 6a f7 a0 79 5a bf 81 36 4e 90 0c e9 5c 4e f0 61 c6 ff 72 f2 42 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 de 23 e2 00 00 00 5c 00 70 00 9c cc fa 7c 32 25 1c 4b 9c 45 63 db ff e3 af 3b bd 0d f5 8d 35 89 e4 fb 20 9b |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 533 |
Entropy: | 5.247821152121627 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 6 F D 0 0 2 2 1 - 2 3 5 0 - 4 4 9 5 - A 0 2 D - 9 E 7 1 A B C 7 6 5 6 6 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " B 7 B 5 1 5 B 8 E B 4 8 D E 4 C D |
Data Raw: | 49 44 3d 22 7b 36 46 44 30 30 32 32 31 2d 32 33 35 30 2d 34 34 39 35 2d 41 30 32 44 2d 39 45 37 31 41 42 43 37 36 35 36 36 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2644 |
Entropy: | 3.988782629455173 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.3538580218673495 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . 8 . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 38 0b fb 69 0d 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-26T08:12:53.394623+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49700 | 13.107.246.38 | 443 | TCP |
2025-03-26T08:13:00.433166+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49701 | 13.107.246.38 | 443 | TCP |
2025-03-26T08:13:00.433822+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49702 | 13.107.246.38 | 443 | TCP |
- Total Packets: 232
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 26, 2025 08:12:39.190690994 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
Mar 26, 2025 08:12:39.190785885 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
Mar 26, 2025 08:12:39.190876961 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
Mar 26, 2025 08:12:39.191176891 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
Mar 26, 2025 08:12:39.191206932 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
Mar 26, 2025 08:12:39.634906054 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
Mar 26, 2025 08:12:39.635013103 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
Mar 26, 2025 08:12:39.639369011 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
Mar 26, 2025 08:12:39.639381886 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
Mar 26, 2025 08:12:39.639631033 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
Mar 26, 2025 08:12:39.639700890 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
Mar 26, 2025 08:12:39.640178919 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
Mar 26, 2025 08:12:39.684279919 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
Mar 26, 2025 08:12:40.104578018 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
Mar 26, 2025 08:12:40.104662895 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
Mar 26, 2025 08:12:40.104692936 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
Mar 26, 2025 08:12:40.104739904 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
Mar 26, 2025 08:12:40.104799032 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
Mar 26, 2025 08:12:40.104876041 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
Mar 26, 2025 08:12:40.110337973 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
Mar 26, 2025 08:12:40.110366106 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
Mar 26, 2025 08:12:40.112782001 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
Mar 26, 2025 08:12:40.231983900 CET | 80 | 49698 | 209.46.124.102 | 192.168.2.7 |
Mar 26, 2025 08:12:40.232070923 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
Mar 26, 2025 08:12:40.232326984 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
Mar 26, 2025 08:12:40.350461960 CET | 80 | 49698 | 209.46.124.102 | 192.168.2.7 |
Mar 26, 2025 08:12:40.350495100 CET | 80 | 49698 | 209.46.124.102 | 192.168.2.7 |
Mar 26, 2025 08:12:40.350720882 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
Mar 26, 2025 08:12:40.350804090 CET | 80 | 49698 | 209.46.124.102 | 192.168.2.7 |
Mar 26, 2025 08:12:40.350862026 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
Mar 26, 2025 08:12:45.357204914 CET | 80 | 49698 | 209.46.124.102 | 192.168.2.7 |
Mar 26, 2025 08:12:45.357280970 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
Mar 26, 2025 08:12:53.111349106 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.111385107 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.111454010 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.112426043 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.112440109 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.394510984 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.394623041 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.396301031 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.396311045 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.396568060 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.397780895 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.444267988 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.683475018 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.683505058 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.683521986 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.683562994 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.683583021 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.683629990 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.683629990 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.711406946 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.711426973 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.711496115 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.711515903 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.711559057 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.711559057 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.782048941 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.782079935 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.782164097 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.782165051 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.782181978 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.782453060 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.804934025 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.804960966 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.805069923 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.805069923 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.805088043 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.805238008 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.820472956 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.820494890 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.820540905 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.820550919 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.820584059 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.820632935 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.878160954 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.878181934 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.878246069 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.878259897 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.879508018 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.903716087 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.903738022 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.903819084 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.903836012 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:53.903851032 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:53.903915882 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.037926912 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.037954092 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.038001060 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.038012981 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.038028002 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.038048029 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.038072109 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.038072109 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.038088083 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.038113117 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.038127899 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.038127899 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.038130045 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.038144112 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.038165092 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.038176060 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.038197994 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.038223028 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.038223028 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.038232088 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.038252115 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.038280010 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.084383965 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.084403038 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.084520102 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.084520102 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.084539890 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.084659100 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.111601114 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.111632109 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.111757994 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.111757994 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.111785889 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.114675999 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.162060022 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.162080050 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.162142038 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.162158012 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.162303925 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.206918001 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.206949949 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.207026958 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.207042933 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.207118988 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.236962080 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.236991882 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.237093925 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.237106085 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.237129927 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.237859011 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.286076069 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.286103010 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.286153078 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.286181927 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.286222935 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.286222935 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.311503887 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.311523914 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.311624050 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.311644077 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.312758923 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.346493006 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.346517086 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.346585035 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.346602917 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.348273993 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.392359972 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.392385006 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.392473936 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.392488003 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.392724991 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.424972057 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.425009966 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.425095081 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.425107956 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.425147057 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.425147057 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.463963985 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.463998079 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.464206934 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.464220047 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.464732885 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.495394945 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.495424032 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.495506048 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.495523930 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.496465921 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.528135061 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.528156042 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.528260946 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.528281927 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.528423071 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.564018011 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.564035892 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.564105988 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.564124107 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.564270973 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.595824957 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.595849991 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.595906019 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.595931053 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.596263885 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.623653889 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.623677969 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.623716116 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.623728991 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.623750925 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.623759985 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.663012028 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.663034916 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.663084984 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.663090944 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.663126945 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.695945978 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.695967913 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.696022987 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.696028948 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.696057081 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.696074963 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.725862026 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.725886106 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.725925922 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.725934982 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.725955963 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.725982904 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.763156891 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.763190985 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.763242006 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.763247013 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.763286114 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.786751986 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.786778927 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.786833048 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.786840916 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.786885977 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.821791887 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.821818113 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.821865082 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.821871042 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.821918011 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.855465889 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.855490923 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.855552912 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.855559111 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.855608940 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.882302046 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.882322073 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.882371902 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.882376909 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.882426023 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.913306952 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.913331985 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.913374901 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.913379908 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.913440943 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.951752901 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.951781034 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.951831102 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.951845884 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.951889038 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.979367018 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.979393005 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.979434967 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.979448080 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:54.979470968 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:54.979487896 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.006936073 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.006963015 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.007003069 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.007016897 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.007050991 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.007067919 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.045978069 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.046001911 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.046060085 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.046073914 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.046107054 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.069334030 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.069360018 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.069403887 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.069417953 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.069468021 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.093151093 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.093177080 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.093210936 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.093225002 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.093245029 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.093264103 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.138804913 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.138840914 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.138880014 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.138899088 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.138931990 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.138952017 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.260024071 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.260051966 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.260093927 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.260116100 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.260137081 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.260139942 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.260163069 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.260173082 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.260185957 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.260191917 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.260227919 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.260236979 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.260262012 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.260284901 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.260292053 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.260303020 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.260341883 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.263271093 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.263289928 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.263329029 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.263343096 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.263367891 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.263386011 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.300359964 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.300429106 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.300457001 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.300472975 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.300498962 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.300519943 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.352034092 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.352083921 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.352106094 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.352122068 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.352135897 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.352165937 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.388721943 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.388777971 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.388798952 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.388809919 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.388838053 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.388851881 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.442804098 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.442866087 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.442893028 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.442903996 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.442929029 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.442948103 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.474087000 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.474133015 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.474164009 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.474169970 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.474199057 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.474217892 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.528127909 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.528196096 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.528206110 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.528229952 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.528243065 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.528289080 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.568067074 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.568128109 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.568157911 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.568169117 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.568201065 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.568227053 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.607492924 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.607547045 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.607594967 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.607605934 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.607625961 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.607649088 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.653156996 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.653212070 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.653292894 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.653292894 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.653305054 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.653451920 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.766732931 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.766789913 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.766823053 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.766830921 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.766886950 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.827750921 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.827814102 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.827914953 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.827915907 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.827918053 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.827951908 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.828003883 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.828003883 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.828006029 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.828032970 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.828078032 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.828078032 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.858773947 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.858802080 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.858907938 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.858907938 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.858916998 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.858961105 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.925144911 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.925194979 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.925280094 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.925280094 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:55.925288916 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:55.925434113 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.058860064 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.058943987 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.058964014 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.058978081 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.059006929 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.059051991 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.059062958 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.059093952 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.059123039 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.059142113 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.059195995 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.059195995 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.059202909 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.059351921 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.226135969 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.226162910 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.226201057 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.226205111 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.226222038 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.226242065 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.226243019 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.226270914 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.226556063 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.226562977 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.227047920 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.334284067 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.334312916 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.334425926 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.334425926 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.334440947 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.334825993 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.450032949 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.450062990 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.450179100 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.450179100 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.450193882 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.450537920 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.557138920 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.557169914 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.557214975 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.557233095 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.557251930 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.557287931 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.557450056 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.557596922 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.557619095 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.557698965 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.557698965 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:12:56.557708025 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:12:56.557713985 CET | 443 | 49700 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.150660992 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.150703907 CET | 443 | 49701 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.150974989 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.151371002 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.151379108 CET | 443 | 49701 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.151380062 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.151427984 CET | 443 | 49702 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.151492119 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.151617050 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.151631117 CET | 443 | 49702 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.432461023 CET | 443 | 49701 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.433166027 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.433181047 CET | 443 | 49701 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.433482885 CET | 443 | 49702 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.433821917 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.433854103 CET | 443 | 49702 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.434560061 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.434581995 CET | 443 | 49701 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.434721947 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.434748888 CET | 443 | 49702 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.617794037 CET | 443 | 49701 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.617825031 CET | 443 | 49701 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.617883921 CET | 443 | 49701 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.617883921 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.618026018 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.618252993 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.618275881 CET | 443 | 49701 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.618304014 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.618310928 CET | 443 | 49701 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.635813951 CET | 443 | 49702 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.635896921 CET | 443 | 49702 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.635972023 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.636333942 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.636358976 CET | 443 | 49702 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:00.636374950 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.38 |
Mar 26, 2025 08:13:00.636383057 CET | 443 | 49702 | 13.107.246.38 | 192.168.2.7 |
Mar 26, 2025 08:13:36.220487118 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
Mar 26, 2025 08:13:36.548090935 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
Mar 26, 2025 08:13:37.188719034 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
Mar 26, 2025 08:13:38.454374075 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
Mar 26, 2025 08:13:40.985586882 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
Mar 26, 2025 08:13:46.032517910 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
Mar 26, 2025 08:13:56.126231909 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 26, 2025 08:12:37.069842100 CET | 58449 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 26, 2025 08:12:38.073703051 CET | 58449 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 26, 2025 08:12:39.073786974 CET | 58449 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 26, 2025 08:12:39.189438105 CET | 53 | 58449 | 1.1.1.1 | 192.168.2.7 |
Mar 26, 2025 08:12:52.969202995 CET | 53455 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 26, 2025 08:12:53.087416887 CET | 53 | 53455 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 26, 2025 08:12:37.069842100 CET | 192.168.2.7 | 1.1.1.1 | 0x397b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 26, 2025 08:12:38.073703051 CET | 192.168.2.7 | 1.1.1.1 | 0x397b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 26, 2025 08:12:39.073786974 CET | 192.168.2.7 | 1.1.1.1 | 0x397b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 26, 2025 08:12:52.969202995 CET | 192.168.2.7 | 1.1.1.1 | 0xa410 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 26, 2025 08:11:47.936304092 CET | 1.1.1.1 | 192.168.2.7 | 0xc6c1 | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 26, 2025 08:11:47.936304092 CET | 1.1.1.1 | 192.168.2.7 | 0xc6c1 | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2025 08:11:47.936304092 CET | 1.1.1.1 | 192.168.2.7 | 0xc6c1 | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2025 08:11:48.372292042 CET | 1.1.1.1 | 192.168.2.7 | 0xa505 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2025 08:11:48.372292042 CET | 1.1.1.1 | 192.168.2.7 | 0xa505 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2025 08:12:39.189438105 CET | 1.1.1.1 | 192.168.2.7 | 0x397b | No error (0) | 147.79.86.93 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2025 08:12:53.087416887 CET | 1.1.1.1 | 192.168.2.7 | 0xa410 | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 26, 2025 08:12:53.087416887 CET | 1.1.1.1 | 192.168.2.7 | 0xa410 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 26, 2025 08:12:53.087416887 CET | 1.1.1.1 | 192.168.2.7 | 0xa410 | No error (0) | shed.dual-low.s-part-0010.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 26, 2025 08:12:53.087416887 CET | 1.1.1.1 | 192.168.2.7 | 0xa410 | No error (0) | s-part-0010.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 26, 2025 08:12:53.087416887 CET | 1.1.1.1 | 192.168.2.7 | 0xa410 | No error (0) | 13.107.246.38 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49698 | 209.46.124.102 | 80 | 7144 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 26, 2025 08:12:40.232326984 CET | 257 | OUT | |
Mar 26, 2025 08:12:40.350461960 CET | 1254 | IN | |
Mar 26, 2025 08:12:40.350495100 CET | 1254 | IN | |
Mar 26, 2025 08:12:40.350804090 CET | 1038 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49697 | 147.79.86.93 | 443 | 7144 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-26 07:12:39 UTC | 199 | OUT | |
2025-03-26 07:12:40 UTC | 469 | IN | |
2025-03-26 07:12:40 UTC | 109 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49700 | 13.107.246.38 | 443 | 7144 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-26 07:12:53 UTC | 226 | OUT | |
2025-03-26 07:12:53 UTC | 493 | IN | |
2025-03-26 07:12:53 UTC | 15891 | IN | |
2025-03-26 07:12:53 UTC | 16384 | IN | |
2025-03-26 07:12:53 UTC | 16384 | IN | |
2025-03-26 07:12:53 UTC | 16384 | IN | |
2025-03-26 07:12:53 UTC | 16384 | IN | |
2025-03-26 07:12:53 UTC | 16384 | IN | |
2025-03-26 07:12:53 UTC | 16384 | IN | |
2025-03-26 07:12:54 UTC | 16384 | IN | |
2025-03-26 07:12:54 UTC | 16384 | IN | |
2025-03-26 07:12:54 UTC | 16384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49701 | 13.107.246.38 | 443 | 7144 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-26 07:13:00 UTC | 214 | OUT | |
2025-03-26 07:13:00 UTC | 515 | IN | |
2025-03-26 07:13:00 UTC | 2128 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.7 | 49702 | 13.107.246.38 | 443 | 7144 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-26 07:13:00 UTC | 214 | OUT | |
2025-03-26 07:13:00 UTC | 470 | IN | |
2025-03-26 07:13:00 UTC | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:11:43 |
Start date: | 26/03/2025 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdc0000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 10 |
Start time: | 03:12:39 |
Start date: | 26/03/2025 |
Path: | C:\Windows\SysWOW64\mshta.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6b0000 |
File size: | 13'312 bytes |
MD5 hash: | 06B02D5C097C7DB1F109749C45F3F505 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 12 |
Start time: | 03:12:46 |
Start date: | 26/03/2025 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e5b60000 |
File size: | 163'840 bytes |
MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 14 |
Start time: | 03:13:01 |
Start date: | 26/03/2025 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdc0000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet1" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet2" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet3" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "ThisWorkbook" |
2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |