Edit tour
Windows
Analysis Report
ORDER 517-2025.xla.xlsx
Overview
General Information
| Sample name: | ORDER 517-2025.xla.xlsx |
| Analysis ID: | 1648793 |
| MD5: | f9137fe9005de451da58b57301dba5b9 |
| SHA1: | 5d756a8364f3382703825b71c89247bb2d156f11 |
| SHA256: | 32df4f4afa4d06c6096d807535d584556cb7dca6234088299106a93a49a8e4ef |
| Tags: | xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 56 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 7144 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
mshta.exe (PID: 2104 cmdline: C:\Windows \SysWOW64\ mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505) 
splwow64.exe (PID: 6028 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 1884 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\O RDER 517-2 025.xla.xl sx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: | ||
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-26T08:25:23.557019+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49700 | 13.107.246.40 | 443 | TCP |
| 2025-03-26T08:25:30.070483+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49701 | 13.107.246.40 | 443 | TCP |
| 2025-03-26T08:25:30.075670+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49702 | 13.107.246.40 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Software Vulnerabilities | |
|---|
| Source: | Process created: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD00E31B39/\x1Ole' : | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD00E31B38/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 25% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 | ||
| 28% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| s-part-0012.t-0009.t-msedge.net | 13.107.246.40 | true | false | high | |
| agr.my | 147.79.86.93 | true | false | high | |
| s-0005.dual-s-msedge.net | 52.123.128.14 | true | false | high | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 209.46.124.102 | unknown | United States | 7381 | SRS-6-Z-7381US | false | |
| 147.79.86.93 | agr.my | United States | 208485 | EKSENBILISIMTR | false | |
| 13.107.246.40 | s-part-0012.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1648793 |
| Start date and time: | 2025-03-26 08:23:12 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 20s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Without Instrumentation |
| Number of analysed new started processes analysed: | 19 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | ORDER 517-2025.xla.xlsx |
| Detection: | MAL |
| Classification: | mal56.expl.winXLSX@6/4@2/3 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, SIHCli ent.exe, SgrmBroker.exe, conho st.exe, svchost.exe, MavInject 32.exe - Excluded IPs from analysis (wh
itelisted): 52.109.6.53, 23.20 4.23.20, 52.109.8.36, 23.210.7 3.6, 23.210.73.5, 20.189.173.1 0, 52.109.8.89, 20.42.65.88, 5 2.123.128.14, 52.149.20.212, 4 0.126.24.82 - Excluded domains from analysis
(whitelisted): slscr.update.m icrosoft.com, cus-config.offic eapps.live.com, a767.dspw65.ak amai.net, fs-wildcard.microsof t.com.edgekey.net, fs-wildcard .microsoft.com.edgekey.net.glo balredir.akadns.net, e16604.ds cf.akamaiedge.net, mobile.even ts.data.microsoft.com, roaming .officeapps.live.com, dual-s-0 005-office.config.skype.com, o siprod-cus-buff-azsc-000.centr alus.cloudapp.azure.com, login .live.com, eus2-azsc-config.of ficeapps.live.com, officeclien t.microsoft.com, prod.fs.micro soft.com.akadns.net, c.pki.goo g, wu-b-net.trafficmanager.net , ecs.office.com, self-events- data.trafficmanager.net, fs.mi crosoft.com, ctldl.windowsupda te.com.delivery.microsoft.com, prod.configsvc1.live.com.akad ns.net, self.events.data.micro soft.com, onedscolprdeus08.eas tus.cloudapp.azure.com, ctldl. windowsupdate.com, prod.roamin g1.live.com.akadns.net, cus-az sc-000.roaming.officeapps.live .com, fe3cr.delivery.mp.micros oft.com, download.windowsupdat e.com.edgesuite.net, us1.roami ng1.live.com.akadns.net, confi g.of - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 03:25:16 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 209.46.124.102 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 147.79.86.93 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 13.107.246.40 | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| agr.my | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| s-part-0012.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | AsyncRAT, PureLog Stealer, XWorm | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| SRS-6-Z-7381US | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| EKSENBILISIMTR | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Tofsee | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
⊘No context
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 784 |
| Entropy (8bit): | 2.7137690747287806 |
| Encrypted: | false |
| SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
| MD5: | 09F73B3902CD3D88E04312787956B654 |
| SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
| SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
| SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.7769794087092887 |
| Encrypted: | false |
| SSDEEP: | 3:iXKG/4N+RMlW8td:iXlMlW8/ |
| MD5: | 37BD8218D560948827D3B948CAFA579C |
| SHA1: | 24347FB0A66F2DA8AD3BAB818E3C24977104E5DA |
| SHA-256: | 189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6 |
| SHA-512: | A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.982460847573051 |
| TrID: |
|
| File name: | ORDER 517-2025.xla.xlsx |
| File size: | 1'263'104 bytes |
| MD5: | f9137fe9005de451da58b57301dba5b9 |
| SHA1: | 5d756a8364f3382703825b71c89247bb2d156f11 |
| SHA256: | 32df4f4afa4d06c6096d807535d584556cb7dca6234088299106a93a49a8e4ef |
| SHA512: | 7b4e958e45047e28649ccd71f1269207b57f6504841aa1fc0a0e6a5ad63b23a34e1264cdebd94513763808acd9957204dd8ae421d9af2772ade2bdb09872a9f1 |
| SSDEEP: | 24576:vk/BbDqMApAUspxvqbY43WZHzn0M9cWNVDfrsnlCdbPusr:vcRwEpxybY43WF0MtDDTMElW |
| TLSH: | A14523947B80DF77C9A344BC959B8549811AFC807B59CBA3724A735A78313B0866F38F |
| File Content Preview: | ........................>...................................v...................................................................................y.......{...................................................................................................... |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-26 04:05:24 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y j s . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 79 6a 73 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y E . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 79 45 1d 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y $ D . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 79 24 44 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y P . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 79 d8 50 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.2423021151327975 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . Z L . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD00E31B38/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00E31B38/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 1099182 |
| Entropy: | 7.995133395558438 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . w 1 . . . . j . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 77 31 d5 0e e3 01 00 00 6a 08 00 00 13 00 cd 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c9 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00E31B39/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 718 |
| Entropy: | 5.460169186385878 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . W B o . . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . a . g . r . . . m . y . / . m . S . G . a . l . N . ? . & . m . o . r . n . i . n . g . . . & h . > X . F . . . ' N Q C t : { & Y 1 . # . v 3 . } . % . S ` M R . . B . y . 9 6 L . . b a + . 8 . . f n . g . ] & Q f . N / T . V . : < y 2 . . { . O d | . 2 + y . 6 . 0 K L 9 * . . . . . . . . . . . . . . . . z . . . p . l . y . p . V . n . j . O . 9 . P . q . u . Z . C . h . K . N . o . 5 . 2 . H . N . h . F . X |
| Data Raw: | 01 00 00 02 ff a1 01 57 42 6f de 0a 00 00 00 00 00 00 00 00 00 00 00 00 f4 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b f0 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 61 00 67 00 72 00 2e 00 6d 00 79 00 2f 00 6d 00 53 00 47 00 61 00 6c 00 4e 00 3f 00 26 00 6d 00 6f 00 72 00 6e 00 69 00 6e 00 67 00 00 00 26 68 d3 be 3e 8c 58 1c 20 46 a2 c6 b4 0a 01 27 fa 4e |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 139423 |
| Entropy: | 7.995407604620061 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . ^ ` . \\ O # . I U 3 0 G . s Q L j y Z 6 N . \\ N a r B . . . . . . . . . . # . . . \\ . p . | 2 % . K E c ; . 5 . . L . b . . C V 2 O . w J . . & A v W n | . . . b . ? q k . / B r v / d . O + . K @ J B . . . k a . . . . . . . = . . . , 6 . . . . l : w U n . . . . . . . . . . . . . . . . . . . . ( . . . z = . . . 8 . / . @ { . U @ . . . 5 . . . " . . . } . . . . { . . . . . . . 1 . . . . . ? . W z ' X b l , u . 9 a y 1 . . . . 6 T 7 . p U . . h R f ) @ |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 81 5e 60 0a 5c f5 4f 23 1a e3 b9 49 55 33 ba ba f1 e4 30 47 c6 16 73 80 c2 51 4c 6a f7 a0 79 5a bf 81 36 4e 90 0c e9 5c 4e f0 61 c6 ff 72 f2 42 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 de 23 e2 00 00 00 5c 00 70 00 9c cc fa 7c 32 25 1c 4b 9c 45 63 db ff e3 af 3b bd 0d f5 8d 35 89 e4 fb 20 9b |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 533 |
| Entropy: | 5.247821152121627 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { 6 F D 0 0 2 2 1 - 2 3 5 0 - 4 4 9 5 - A 0 2 D - 9 E 7 1 A B C 7 6 5 6 6 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " B 7 B 5 1 5 B 8 E B 4 8 D E 4 C D |
| Data Raw: | 49 44 3d 22 7b 36 46 44 30 30 32 32 31 2d 32 33 35 30 2d 34 34 39 35 2d 41 30 32 44 2d 39 45 37 31 41 42 43 37 36 35 36 36 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.988782629455173 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.3538580218673495 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . 8 . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 38 0b fb 69 0d 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeDownload Network PCAP: filtered – full
| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-26T08:25:23.557019+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49700 | 13.107.246.40 | 443 | TCP |
| 2025-03-26T08:25:30.070483+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49701 | 13.107.246.40 | 443 | TCP |
| 2025-03-26T08:25:30.075670+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49702 | 13.107.246.40 | 443 | TCP |
- Total Packets: 243
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 26, 2025 08:25:07.899190903 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:25:07.899292946 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:25:07.899516106 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:25:07.904292107 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:25:07.904329062 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:25:08.351435900 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:25:08.351502895 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:25:08.355968952 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:25:08.355988026 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:25:08.356323004 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:25:08.356391907 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:25:08.356808901 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:25:08.400310993 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:25:08.825917959 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:25:08.826033115 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:25:08.826064110 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:25:08.826132059 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:25:08.826138973 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:25:08.826169968 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:25:08.826184988 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:25:08.826217890 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:25:08.830843925 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:25:08.830869913 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:25:08.833010912 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
| Mar 26, 2025 08:25:08.951623917 CET | 80 | 49698 | 209.46.124.102 | 192.168.2.7 |
| Mar 26, 2025 08:25:08.951860905 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
| Mar 26, 2025 08:25:08.952158928 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
| Mar 26, 2025 08:25:09.070231915 CET | 80 | 49698 | 209.46.124.102 | 192.168.2.7 |
| Mar 26, 2025 08:25:09.070260048 CET | 80 | 49698 | 209.46.124.102 | 192.168.2.7 |
| Mar 26, 2025 08:25:09.070281029 CET | 80 | 49698 | 209.46.124.102 | 192.168.2.7 |
| Mar 26, 2025 08:25:09.070386887 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
| Mar 26, 2025 08:25:09.070466995 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
| Mar 26, 2025 08:25:14.094264984 CET | 80 | 49698 | 209.46.124.102 | 192.168.2.7 |
| Mar 26, 2025 08:25:14.094341993 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
| Mar 26, 2025 08:25:23.259589911 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.259639978 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.259721994 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.260184050 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.260195971 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.556907892 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.557018995 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.559226036 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.559240103 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.559578896 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.561408043 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.604268074 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.825681925 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.825750113 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.825793028 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.825829983 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.825850010 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.825862885 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.825906992 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.856837034 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.856906891 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.856930017 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.856937885 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.857018948 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.857018948 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.921633005 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.921679020 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.921768904 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.921768904 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.921797991 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.922081947 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.939114094 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.939147949 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.939243078 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.939265966 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.939429045 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.972206116 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.972239017 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.972296000 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.972318888 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.972347021 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:23.972372055 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.024159908 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.024224043 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.024271965 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.024300098 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.024326086 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.024350882 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.053638935 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.053668022 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.053752899 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.053788900 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.053988934 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.096723080 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.096759081 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.096805096 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.096834898 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.096862078 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.096889019 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.121368885 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.121450901 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.121450901 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.121476889 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.121527910 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.121552944 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.151036024 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.151066065 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.151138067 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.151164055 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.151201010 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.151226044 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.192451000 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.192481995 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.192542076 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.192570925 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.192600012 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.192629099 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.220454931 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.220518112 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.220571995 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.220602989 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.220622063 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.220639944 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.248449087 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.248481035 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.248542070 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.248569012 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.248615980 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.282493114 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.282546997 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.282604933 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.282620907 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.282665968 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.312450886 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.312480927 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.312522888 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.312546968 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.312580109 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.312597036 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.336385965 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.336407900 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.336452961 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.336469889 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.336489916 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.336507082 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.370307922 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.370348930 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.370388985 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.370414972 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.370430946 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.370450974 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.394529104 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.394552946 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.394602060 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.394619942 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.394654989 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.394671917 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.418816090 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.418857098 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.418886900 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.418896914 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.418950081 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.448543072 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.448566914 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.448606014 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.448625088 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.448648930 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.448661089 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.475980043 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.476010084 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.476044893 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.476069927 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.476085901 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.476099968 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.500500917 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.500533104 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.500577927 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.500602007 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.500617027 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.500639915 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.528168917 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.528208017 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.528230906 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.528248072 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.528280973 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.528280973 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.559843063 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.559880972 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.559919119 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.559952974 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.559967995 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.559988022 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.580118895 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.580156088 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.580216885 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.580236912 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.580267906 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.580286980 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.604393959 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.604418039 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.604460001 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.604477882 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.604499102 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.604518890 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.633446932 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.633476019 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.633516073 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.633528948 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.633558989 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.633577108 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.657896042 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.657936096 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.657965899 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.657977104 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.658004999 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.658021927 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.685986996 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.686021090 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.686057091 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.686083078 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.686100006 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.686228037 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.704385042 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.704411030 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.704451084 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.704457998 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.704514027 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.729367971 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.729392052 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.729425907 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.729432106 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.729466915 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.751259089 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.751286983 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.751332998 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.751347065 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.751370907 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.751388073 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.779980898 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.780015945 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.780064106 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.780071020 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.780096054 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.780106068 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.798645020 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.798692942 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.798728943 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.798733950 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.798774958 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.821275949 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.821309090 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.821342945 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.821347952 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.821376085 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.821394920 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.840401888 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.840435982 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.840482950 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.840492964 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.840517998 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.840534925 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.872797012 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.872828007 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.872862101 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.872868061 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.872904062 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.888391972 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.888417959 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.888453007 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.888473988 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.888503075 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.888503075 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.911418915 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.911458015 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.911559105 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.911582947 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.912328005 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.932466030 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.932502031 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.932564974 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.932581902 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.932622910 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.955420971 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.955452919 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.955499887 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.955517054 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.955535889 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.955554008 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.977592945 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.977624893 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.977658033 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.977674007 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.977696896 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.977711916 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.995909929 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.995939970 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.995973110 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:24.995979071 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:24.996020079 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.016424894 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.016458988 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.016503096 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.016526937 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.016541958 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.016561985 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.032375097 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.032401085 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.032449961 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.032460928 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.032489061 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.032505035 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.056433916 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.056468010 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.056518078 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.056545019 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.056565046 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.056581020 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.078149080 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.078176022 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.078227997 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.078264952 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.078279972 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.078421116 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.095247984 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.095278025 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.095324039 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.095335960 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.095362902 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.095377922 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.112341881 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.112375021 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.112410069 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.112426996 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.112448931 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.112467051 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.136467934 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.136497021 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.136550903 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.136578083 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.136591911 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.136615038 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.152457952 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.152486086 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.152533054 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.152566910 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.152585030 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.152600050 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.176780939 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.176810980 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.176853895 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.176877975 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.176899910 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.176915884 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.192159891 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.192181110 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.192223072 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.192270994 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.192308903 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.192331076 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.211101055 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.211124897 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.211173058 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.211208105 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.211225986 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.211240053 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.231219053 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.231246948 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.231324911 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.231353045 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.231368065 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.231465101 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.245440006 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.245467901 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.245532990 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.245564938 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.245594025 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.245727062 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.266622066 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.266644955 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.266695976 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.266707897 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.266730070 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.266750097 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.281940937 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.281964064 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.282025099 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.282058001 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.282083988 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.282104969 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.302386045 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.302428007 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.302474022 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.302506924 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.302520037 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.302567959 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.320662975 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.320739031 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.320774078 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.320822954 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.320837021 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.320887089 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.336508036 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.336618900 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.336673021 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.336694956 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.336725950 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.336863995 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.353346109 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.353364944 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.353452921 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.353460073 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.353566885 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.373711109 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.373764992 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.373800039 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.373814106 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.373835087 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.373857975 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.388092041 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.388119936 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.388159037 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.388171911 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.388185024 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.388210058 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.404329062 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.404357910 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.404397964 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.404417038 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.404428959 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.404499054 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.421825886 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.421853065 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.421902895 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.421916008 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.421935081 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.421952963 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.438108921 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.438138962 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.438200951 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.438209057 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.438239098 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.438261032 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.456892967 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.456923008 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.456967115 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.456998110 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.457014084 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.457046032 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.457106113 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.457216978 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.457324982 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.457344055 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:25.457355976 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:25.457364082 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:29.790548086 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:29.790612936 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:29.790730953 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:29.790914059 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:29.790926933 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:29.793488026 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:29.793525934 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:29.793610096 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:29.793809891 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:29.793818951 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.069916010 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.070482969 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:30.070508957 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.071475983 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:30.071481943 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.075298071 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.075670004 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:30.075700045 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.076752901 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:30.076757908 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.252604961 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.252635956 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.252695084 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:30.252706051 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.252748013 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:30.253002882 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:30.253024101 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.253038883 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:30.253046036 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.256908894 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.257090092 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.257164955 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:30.257411957 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:30.257411957 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:25:30.257426977 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:25:30.257435083 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:26:06.686335087 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
| Mar 26, 2025 08:26:06.998692036 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
| Mar 26, 2025 08:26:07.608078003 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
| Mar 26, 2025 08:26:08.811157942 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
| Mar 26, 2025 08:26:11.217420101 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
| Mar 26, 2025 08:26:16.030119896 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
| Mar 26, 2025 08:26:25.639389038 CET | 49698 | 80 | 192.168.2.7 | 209.46.124.102 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 26, 2025 08:25:07.776308060 CET | 56871 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 26, 2025 08:25:07.895761967 CET | 53 | 56871 | 1.1.1.1 | 192.168.2.7 |
| Mar 26, 2025 08:25:23.161052942 CET | 55165 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 26, 2025 08:25:23.258398056 CET | 53 | 55165 | 1.1.1.1 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 26, 2025 08:25:07.776308060 CET | 192.168.2.7 | 1.1.1.1 | 0xfa19 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 26, 2025 08:25:23.161052942 CET | 192.168.2.7 | 1.1.1.1 | 0x2f47 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 26, 2025 08:24:18.057040930 CET | 1.1.1.1 | 192.168.2.7 | 0x4281 | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 08:24:18.057040930 CET | 1.1.1.1 | 192.168.2.7 | 0x4281 | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 08:24:18.057040930 CET | 1.1.1.1 | 192.168.2.7 | 0x4281 | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 08:25:07.895761967 CET | 1.1.1.1 | 192.168.2.7 | 0xfa19 | No error (0) | 147.79.86.93 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 08:25:23.258398056 CET | 1.1.1.1 | 192.168.2.7 | 0x2f47 | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 08:25:23.258398056 CET | 1.1.1.1 | 192.168.2.7 | 0x2f47 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 08:25:23.258398056 CET | 1.1.1.1 | 192.168.2.7 | 0x2f47 | No error (0) | shed.dual-low.s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 08:25:23.258398056 CET | 1.1.1.1 | 192.168.2.7 | 0x2f47 | No error (0) | s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 08:25:23.258398056 CET | 1.1.1.1 | 192.168.2.7 | 0x2f47 | No error (0) | 13.107.246.40 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49698 | 209.46.124.102 | 80 | 7144 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 26, 2025 08:25:08.952158928 CET | 257 | OUT | |
| Mar 26, 2025 08:25:09.070231915 CET | 1254 | IN | |
| Mar 26, 2025 08:25:09.070260048 CET | 1254 | IN | |
| Mar 26, 2025 08:25:09.070281029 CET | 1038 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49697 | 147.79.86.93 | 443 | 7144 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 07:25:08 UTC | 199 | OUT | |
| 2025-03-26 07:25:08 UTC | 469 | IN | |
| 2025-03-26 07:25:08 UTC | 109 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49700 | 13.107.246.40 | 443 | 7144 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 07:25:23 UTC | 226 | OUT | |
| 2025-03-26 07:25:23 UTC | 493 | IN | |
| 2025-03-26 07:25:23 UTC | 15891 | IN | |
| 2025-03-26 07:25:23 UTC | 16384 | IN | |
| 2025-03-26 07:25:23 UTC | 16384 | IN | |
| 2025-03-26 07:25:23 UTC | 16384 | IN | |
| 2025-03-26 07:25:23 UTC | 16384 | IN | |
| 2025-03-26 07:25:24 UTC | 16384 | IN | |
| 2025-03-26 07:25:24 UTC | 16384 | IN | |
| 2025-03-26 07:25:24 UTC | 16384 | IN | |
| 2025-03-26 07:25:24 UTC | 16384 | IN | |
| 2025-03-26 07:25:24 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49701 | 13.107.246.40 | 443 | 7144 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 07:25:30 UTC | 214 | OUT | |
| 2025-03-26 07:25:30 UTC | 494 | IN | |
| 2025-03-26 07:25:30 UTC | 2128 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 49702 | 13.107.246.40 | 443 | 7144 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 07:25:30 UTC | 214 | OUT | |
| 2025-03-26 07:25:30 UTC | 470 | IN | |
| 2025-03-26 07:25:30 UTC | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 03:24:14 |
| Start date: | 26/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8c0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 11 |
| Start time: | 03:25:08 |
| Start date: | 26/03/2025 |
| Path: | C:\Windows\SysWOW64\mshta.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x3b0000 |
| File size: | 13'312 bytes |
| MD5 hash: | 06B02D5C097C7DB1F109749C45F3F505 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 13 |
| Start time: | 03:25:16 |
| Start date: | 26/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff61a3d0000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 15 |
| Start time: | 03:25:31 |
| Start date: | 26/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8c0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly
