Edit tour
Windows
Analysis Report
PURCHASE ORDER 517-2025.xla.xlsx
Overview
General Information
| Sample name: | PURCHASE ORDER 517-2025.xla.xlsx |
| Analysis ID: | 1649448 |
| MD5: | 4d57f2dfe4050bf6605af3c1be23d9e2 |
| SHA1: | db1b4d7cd15f21378a456e7fdf49648b39ba731a |
| SHA256: | 2edf703005001488ac02fe1c1b08784c938d944a5e8dd4345b00ea3d6e7b68f6 |
| Tags: | xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 56 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 6896 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
mshta.exe (PID: 7444 cmdline: C:\Windows \SysWOW64\ mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505) 
splwow64.exe (PID: 7536 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 7716 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\P URCHASE OR DER 517-20 25.xla.xls x" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: | ||
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-26T19:48:43.839468+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49699 | 13.107.246.41 | 443 | TCP |
| 2025-03-26T19:48:51.583738+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49701 | 13.107.246.41 | 443 | TCP |
| 2025-03-26T19:48:51.593285+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49702 | 13.107.246.41 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Software Vulnerabilities | |
|---|
| Source: | Process created: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD001A3106/\x1Ole' : | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD001A3105/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 31% | Virustotal | Browse | ||
| 22% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| agr.my | 147.79.86.93 | true | false | high | |
| s-part-0013.t-0009.t-msedge.net | 13.107.246.41 | true | false | high | |
| s-0005.dual-s-dc-msedge.net | 52.123.130.14 | true | false | high | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false |
| unknown | |
| false | high | ||
| false | high | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 147.79.86.93 | agr.my | United States | 208485 | EKSENBILISIMTR | false | |
| 13.107.246.41 | s-part-0013.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 172.245.123.32 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1649448 |
| Start date and time: | 2025-03-26 19:46:35 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 13s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Without Instrumentation |
| Number of analysed new started processes analysed: | 19 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | PURCHASE ORDER 517-2025.xla.xlsx |
| Detection: | MAL |
| Classification: | mal56.expl.winXLSX@6/4@2/3 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, SIHCli ent.exe, SgrmBroker.exe, conho st.exe, svchost.exe, MavInject 32.exe - Excluded IPs from analysis (wh
itelisted): 52.109.0.91, 23.9. 183.29, 52.109.8.36, 23.210.73 .5, 23.210.73.6, 104.208.16.90 , 20.42.65.89, 52.123.130.14, 20.190.151.6, 20.12.23.50 - Excluded domains from analysis
(whitelisted): slscr.update.m icrosoft.com, a767.dspw65.akam ai.net, fs-wildcard.microsoft. com.edgekey.net, fs-wildcard.m icrosoft.com.edgekey.net.globa lredir.akadns.net, e16604.dscf .akamaiedge.net, mobile.events .data.microsoft.com, roaming.o fficeapps.live.com, dual-s-000 5-office.config.skype.com, osi prod-cus-buff-azsc-000.central us.cloudapp.azure.com, login.l ive.com, wus-azsc-config.offic eapps.live.com, officeclient.m icrosoft.com, prod.fs.microsof t.com.akadns.net, c.pki.goog, wu-b-net.trafficmanager.net, e cs.office.com, self-events-dat a.trafficmanager.net, fs.micro soft.com, ctldl.windowsupdate. com.delivery.microsoft.com, pr od.configsvc1.live.com.akadns. net, self.events.data.microsof t.com, ctldl.windowsupdate.com , prod.roaming1.live.com.akadn s.net, onedscolprdcus14.centra lus.cloudapp.azure.com, cus-az sc-000.roaming.officeapps.live .com, fe3cr.delivery.mp.micros oft.com, download.windowsupdat e.com.edgesuite.net, us1.roami ng1.live.com.akadns.net, confi g.officeapps.live.com, us.conf igsv - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 14:48:38 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 147.79.86.93 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 13.107.246.41 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 172.245.123.32 | Get hash | malicious | Cobalt Strike, FormBook | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-0005.dual-s-dc-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| s-part-0013.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | EvilProxy, HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| agr.my | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| EKSENBILISIMTR | Get hash | malicious | Captcha Phish | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| AS-COLOCROSSINGUS | Get hash | malicious | Amadey, Credential Flusher, Healer AV Disabler, LummaC Stealer, Stealc, Vidar | Browse |
| |
| Get hash | malicious | Amadey, DarkVision Rat, LummaC Stealer | Browse |
| ||
| Get hash | malicious | ScreenConnect Tool, Amadey, DarkVision Rat, LummaC Stealer | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Cobalt Strike, FormBook | Browse |
| ||
| Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Cobalt Strike, AgentTesla | Browse |
| ||
| Get hash | malicious | DarkVision Rat | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 784 |
| Entropy (8bit): | 2.7137690747287806 |
| Encrypted: | false |
| SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
| MD5: | 09F73B3902CD3D88E04312787956B654 |
| SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
| SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
| SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.7769794087092887 |
| Encrypted: | false |
| SSDEEP: | 3:iXKG/4N+RMlW8td:iXlMlW8/ |
| MD5: | 37BD8218D560948827D3B948CAFA579C |
| SHA1: | 24347FB0A66F2DA8AD3BAB818E3C24977104E5DA |
| SHA-256: | 189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6 |
| SHA-512: | A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.975743789189764 |
| TrID: |
|
| File name: | PURCHASE ORDER 517-2025.xla.xlsx |
| File size: | 1'064'448 bytes |
| MD5: | 4d57f2dfe4050bf6605af3c1be23d9e2 |
| SHA1: | db1b4d7cd15f21378a456e7fdf49648b39ba731a |
| SHA256: | 2edf703005001488ac02fe1c1b08784c938d944a5e8dd4345b00ea3d6e7b68f6 |
| SHA512: | cb144e71faf5ef0582c4dcddf89cd0e4f264b3a6953309fd3d0e3294bbf3d8b45970c0a2362216f4acbf520e1a4647eb4b30bd4d7d94eb567c541f55be37e1cd |
| SSDEEP: | 24576:zJIwgAIb3nOXYXKFlevIBoyK6wueeBbJYvH:zzgh7O7FlegBoy1deCqvH |
| TLSH: | C03523DABE947E53DB0B00B61B86C4AE540B7F9D264CE10B7634734A1537A6E80F583E |
| File Content Preview: | ........................>...................................E...........................................................................h...................................................................................................................... |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-26 15:55:25 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X < ^ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 58 3c 5e c3 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X < . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 58 3c 0b 02 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X < s . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 58 3c c2 73 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X < _ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 58 3c 5f ee 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.2920681057018664 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . | g . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD001A3105/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD001A3105/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 943862 |
| Entropy: | 7.993297968973981 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . . o ^ . . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 16 6f 5e 0e 16 02 00 00 ce 09 00 00 13 00 cb 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c7 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD001A3106/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 680 |
| Entropy: | 5.337550112710684 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . t . ~ \\ I * . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . a . g . r . . . m . y . / . v . J . c . D . 8 . F . ? . & . s . i . l . k . = . e . n . t . h . u . s . i . a . s . t . i . c . . . . m = . V & 2 . G " a . F . . z B v . + \\ 7 d . c . . U . k . O { u . , 8 . K | . s f . . ' . Q \\ . R < . e . J 1 r l m . d h t ! . . c . < . % ) F . w . ` 7 . . . . . . . . . . . . . . . . ^ . . . 6 . e . L . L . y . k . l . c . W . g . Q . b . V . I . v . 9 . O . Q . F . I . |
| Data Raw: | 01 00 00 02 fb 74 b8 18 7e 5c 49 2a 00 00 00 00 00 00 00 00 00 00 00 00 ea 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b e6 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 61 00 67 00 72 00 2e 00 6d 00 79 00 2f 00 76 00 4a 00 63 00 44 00 38 00 46 00 3f 00 26 00 73 00 69 00 6c 00 6b 00 3d 00 65 00 6e 00 74 00 68 00 75 00 73 00 69 00 61 00 73 00 74 00 69 00 63 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 97639 |
| Entropy: | 7.992089973780545 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . - j . @ . M . . , K 7 h k o . ] . F ` = . F X . . . . . . . . . . ^ . . . \\ . p . c Q W . . . . E u . . W K g _ T \\ . . . u J U . ! c D } . u d E = D O @ B W ? . . Q I . g } $ . k 9 e . B . . . = I a . . . 9 D . . . = . . . . m 9 . . . P g . X L . i . . . . . . . . H . . . . . . . . d . . . . . . J " = . . . q ? . I ` . ? < / . . @ . . . . . . . . } " . . . . . . . . 9 . . . . 1 ` . . . . 1 . . . | T V \\ L . . { f F . C n } P . 9 1 . . . . Q . . F $ ! |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 2d 84 6a c2 a0 40 b5 d5 bc 4d ca f2 95 01 1d bb f4 b1 ea 2c 9e f4 bb 4b f7 37 b1 a9 68 6b 6f ec f9 1d a2 c4 5d b4 05 46 60 cd 3d 89 ba 00 46 58 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 5e c3 e2 00 00 00 5c 00 70 00 63 ab 51 57 b7 09 a8 04 d1 06 03 ae 45 75 e0 ca 00 99 cd 8b c1 57 ae ed f5 fc |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 525 |
| Entropy: | 5.22950296860598 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { E 1 E B 2 6 F C - B 2 9 9 - 4 2 A 8 - A 1 B E - 7 E 1 6 2 1 5 1 C 0 5 7 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 3 E 3 C D D C 2 6 7 4 2 4 0 4 6 4 |
| Data Raw: | 49 44 3d 22 7b 45 31 45 42 32 36 46 43 2d 42 32 39 39 2d 34 32 41 38 2d 41 31 42 45 2d 37 45 31 36 32 31 35 31 43 30 35 37 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.994345845099388 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.368451908832245 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E . |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 86 b1 fb 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeDownload Network PCAP: filtered – full
| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-26T19:48:43.839468+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49699 | 13.107.246.41 | 443 | TCP |
| 2025-03-26T19:48:51.583738+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49701 | 13.107.246.41 | 443 | TCP |
| 2025-03-26T19:48:51.593285+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49702 | 13.107.246.41 | 443 | TCP |
- Total Packets: 203
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 26, 2025 19:48:29.306616068 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 19:48:29.306660891 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 19:48:29.307032108 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 19:48:29.307032108 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 19:48:29.307064056 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 19:48:29.721252918 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 19:48:29.721548080 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 19:48:29.730257988 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 19:48:29.730277061 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 19:48:29.730582952 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 19:48:29.731168985 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 19:48:29.731168985 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 19:48:29.772277117 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 19:48:30.160128117 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 19:48:30.160185099 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 19:48:30.160208941 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 19:48:30.160222054 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 19:48:30.160250902 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 19:48:30.160274982 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 19:48:30.185911894 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 19:48:30.185939074 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 19:48:30.194477081 CET | 49698 | 80 | 192.168.2.7 | 172.245.123.32 |
| Mar 26, 2025 19:48:30.293068886 CET | 80 | 49698 | 172.245.123.32 | 192.168.2.7 |
| Mar 26, 2025 19:48:30.293169975 CET | 49698 | 80 | 192.168.2.7 | 172.245.123.32 |
| Mar 26, 2025 19:48:30.293559074 CET | 49698 | 80 | 192.168.2.7 | 172.245.123.32 |
| Mar 26, 2025 19:48:30.395308971 CET | 80 | 49698 | 172.245.123.32 | 192.168.2.7 |
| Mar 26, 2025 19:48:30.395324945 CET | 80 | 49698 | 172.245.123.32 | 192.168.2.7 |
| Mar 26, 2025 19:48:30.395339012 CET | 80 | 49698 | 172.245.123.32 | 192.168.2.7 |
| Mar 26, 2025 19:48:30.395351887 CET | 80 | 49698 | 172.245.123.32 | 192.168.2.7 |
| Mar 26, 2025 19:48:30.395391941 CET | 49698 | 80 | 192.168.2.7 | 172.245.123.32 |
| Mar 26, 2025 19:48:30.395394087 CET | 80 | 49698 | 172.245.123.32 | 192.168.2.7 |
| Mar 26, 2025 19:48:30.395407915 CET | 80 | 49698 | 172.245.123.32 | 192.168.2.7 |
| Mar 26, 2025 19:48:30.395420074 CET | 80 | 49698 | 172.245.123.32 | 192.168.2.7 |
| Mar 26, 2025 19:48:30.395441055 CET | 49698 | 80 | 192.168.2.7 | 172.245.123.32 |
| Mar 26, 2025 19:48:30.395459890 CET | 49698 | 80 | 192.168.2.7 | 172.245.123.32 |
| Mar 26, 2025 19:48:30.395483017 CET | 49698 | 80 | 192.168.2.7 | 172.245.123.32 |
| Mar 26, 2025 19:48:35.409110069 CET | 80 | 49698 | 172.245.123.32 | 192.168.2.7 |
| Mar 26, 2025 19:48:35.409183979 CET | 49698 | 80 | 192.168.2.7 | 172.245.123.32 |
| Mar 26, 2025 19:48:43.549446106 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:43.549489021 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:43.549763918 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:43.550236940 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:43.550250053 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:43.839391947 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:43.839468002 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:43.841424942 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:43.841439962 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:43.841726065 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:43.843553066 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:43.884273052 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.111735106 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.111752987 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.111807108 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.111861944 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.111890078 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.111958981 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.111958981 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.134248972 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.134279013 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.134377003 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.134397030 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.134462118 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.201958895 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.201986074 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.202088118 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.202101946 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.202321053 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.220386028 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.220415115 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.220576048 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.220576048 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.220590115 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.220834017 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.242105961 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.242125988 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.242191076 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.242209911 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.242382050 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.297960043 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.297983885 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.298062086 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.298093081 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.298285961 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.327611923 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.327630997 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.327825069 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.327841997 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.328144073 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.352880955 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.352900982 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.352999926 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.353024006 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.353332996 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.394684076 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.394704103 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.394783974 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.394783974 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.394798040 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.395212889 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.423342943 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.423362970 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.423448086 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.423475981 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.423556089 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.452860117 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.452882051 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.453409910 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.453425884 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.453501940 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.489087105 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.489105940 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.489181042 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.489206076 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.489288092 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.517188072 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.517208099 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.517317057 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.517317057 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.517332077 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.517442942 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.540374041 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.540396929 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.540498018 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.540523052 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.540734053 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.575489044 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.575508118 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.575572968 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.575591087 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.575797081 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.576371908 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.603154898 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.603173018 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.603261948 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.603283882 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.603430986 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.625180006 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.625209093 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.625300884 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.625318050 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.625514030 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.652246952 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.652282000 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.652364016 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.652384043 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.652610064 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.682929039 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.682955980 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.683038950 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.683064938 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.684160948 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.709306955 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.709332943 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.709414005 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.709429026 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.709512949 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.709512949 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.733814955 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.733866930 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.733928919 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.733952045 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.734091043 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.761071920 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.761096001 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.761172056 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.761195898 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.761830091 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.787091970 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.787117004 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.787473917 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.787492037 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.787906885 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.815304041 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.815329075 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.815464973 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.815465927 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.815480947 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.815654993 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.838557005 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.838582039 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.838651896 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.838675976 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.838872910 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.861789942 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.861814976 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.861865997 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.861877918 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.861927986 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.883110046 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.883133888 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.883164883 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.883230925 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.883238077 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.883291960 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.913012981 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.913037062 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.913084030 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.913094044 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.913147926 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.934176922 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.934201002 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.934242010 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.934252977 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.934304953 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.956619978 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.956645966 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.956696987 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.956707954 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.956768036 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.981106043 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.981131077 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.981209040 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:44.981219053 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:44.981259108 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.004823923 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.004853964 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.005000114 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.005009890 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.005050898 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.026184082 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.026211023 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.026278019 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.026288986 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.026320934 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.026340008 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.043447018 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.043454885 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.043520927 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.043529987 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.043564081 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.064011097 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.064042091 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.064135075 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.064146042 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.064184904 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.095527887 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.095552921 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.095624924 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.095624924 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.095633030 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.095671892 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.115428925 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.115453959 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.115497112 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.115504026 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.115545988 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.135063887 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.135086060 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.135137081 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.135143995 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.135185003 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.135205030 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.151180983 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.151206970 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.151248932 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.151258945 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.151292086 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.151309967 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.180490971 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.180509090 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.180583000 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.180593967 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.180629015 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.180644035 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.199013948 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.199040890 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.199080944 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.199088097 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.199136972 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.218717098 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.218739033 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.218799114 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.218820095 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.218837976 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.218899012 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.238194942 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.238231897 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.238274097 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.238287926 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.238329887 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.238349915 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.254138947 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.254165888 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.254220963 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.254240990 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.254272938 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.254293919 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.276855946 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.276885033 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.276978016 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.276997089 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.277043104 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.295351982 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.295375109 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.295469046 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.295478106 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.295527935 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.311609030 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.311631918 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.311693907 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.311709881 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.311760902 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.331408978 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.331439018 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.331501007 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.331517935 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.331561089 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.352245092 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.352276087 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.352319002 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.352329969 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.352386951 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.372335911 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.372363091 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.372431040 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.372443914 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.372487068 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.389516115 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.389537096 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.389590979 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.389602900 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.389640093 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.406511068 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.406539917 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.406591892 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.406605959 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.406656027 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.428421021 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.428448915 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.428508043 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.428519011 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.428569078 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.442519903 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.442568064 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.442603111 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.442610979 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.442677021 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.463359118 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.463392019 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.463434935 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.463442087 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.463507891 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.477751970 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.477792025 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.477833986 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.477849960 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.477880955 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.477902889 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.495114088 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.495147943 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.495198965 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.495212078 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.495260000 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.511135101 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.511164904 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.511210918 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.511219978 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.511250019 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.511267900 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.535200119 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.535229921 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.535290003 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.535310030 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.535340071 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.535358906 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.551218987 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.551243067 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.551309109 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.551321983 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.551373959 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.564090014 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.564115047 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.564179897 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.564192057 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.564234972 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.580590963 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.580607891 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.580663919 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.580672026 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.580708981 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.595921993 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.595937967 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.596014977 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.596023083 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.596082926 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.619023085 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.619045973 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.619090080 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.619097948 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.619163036 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.639328003 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.639343977 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.639415026 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.639421940 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.639471054 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.652167082 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.652182102 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.652251005 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.652261019 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.652298927 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.666786909 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.666812897 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.666892052 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.666897058 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.666970015 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.679626942 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.679645061 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.679732084 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.679735899 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.679807901 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.682018995 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.682097912 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.682209969 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.682356119 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.682375908 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:45.682388067 CET | 49699 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:45.682394981 CET | 443 | 49699 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.284827948 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.284881115 CET | 443 | 49701 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.285063982 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.285409927 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.285423040 CET | 443 | 49701 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.290868044 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.290901899 CET | 443 | 49702 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.290992022 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.291224003 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.291235924 CET | 443 | 49702 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.563186884 CET | 443 | 49701 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.570760965 CET | 443 | 49702 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.583738089 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.583776951 CET | 443 | 49701 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.592462063 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.592485905 CET | 443 | 49701 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.593285084 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.593308926 CET | 443 | 49702 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.594703913 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.594708920 CET | 443 | 49702 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.742324114 CET | 443 | 49701 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.742995024 CET | 443 | 49701 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.743088007 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.743213892 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.743231058 CET | 443 | 49701 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.743247986 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.743253946 CET | 443 | 49701 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.755387068 CET | 443 | 49702 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.755417109 CET | 443 | 49702 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.755495071 CET | 443 | 49702 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.755500078 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.755644083 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.767398119 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.767426014 CET | 443 | 49702 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:48:51.767456055 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.41 |
| Mar 26, 2025 19:48:51.767468929 CET | 443 | 49702 | 13.107.246.41 | 192.168.2.7 |
| Mar 26, 2025 19:49:27.030004025 CET | 49698 | 80 | 192.168.2.7 | 172.245.123.32 |
| Mar 26, 2025 19:49:27.127535105 CET | 80 | 49698 | 172.245.123.32 | 192.168.2.7 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 26, 2025 19:48:11.058974028 CET | 53 | 65115 | 162.159.36.2 | 192.168.2.7 |
| Mar 26, 2025 19:48:29.217129946 CET | 53462 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 26, 2025 19:48:29.305866003 CET | 53 | 53462 | 1.1.1.1 | 192.168.2.7 |
| Mar 26, 2025 19:48:43.459641933 CET | 59190 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 26, 2025 19:48:43.547921896 CET | 53 | 59190 | 1.1.1.1 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 26, 2025 19:48:29.217129946 CET | 192.168.2.7 | 1.1.1.1 | 0xc208 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 26, 2025 19:48:43.459641933 CET | 192.168.2.7 | 1.1.1.1 | 0x15d | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 26, 2025 19:47:38.656852961 CET | 1.1.1.1 | 192.168.2.7 | 0x9472 | No error (0) | shed.s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 19:47:38.656852961 CET | 1.1.1.1 | 192.168.2.7 | 0x9472 | No error (0) | s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 19:47:38.656852961 CET | 1.1.1.1 | 192.168.2.7 | 0x9472 | No error (0) | 52.123.130.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 19:47:38.656852961 CET | 1.1.1.1 | 192.168.2.7 | 0x9472 | No error (0) | 52.123.131.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 19:48:29.305866003 CET | 1.1.1.1 | 192.168.2.7 | 0xc208 | No error (0) | 147.79.86.93 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 19:48:43.547921896 CET | 1.1.1.1 | 192.168.2.7 | 0x15d | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 19:48:43.547921896 CET | 1.1.1.1 | 192.168.2.7 | 0x15d | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 19:48:43.547921896 CET | 1.1.1.1 | 192.168.2.7 | 0x15d | No error (0) | shed.dual-low.s-part-0013.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 19:48:43.547921896 CET | 1.1.1.1 | 192.168.2.7 | 0x15d | No error (0) | s-part-0013.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 19:48:43.547921896 CET | 1.1.1.1 | 192.168.2.7 | 0x15d | No error (0) | 13.107.246.41 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49698 | 172.245.123.32 | 80 | 6896 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 26, 2025 19:48:30.293559074 CET | 251 | OUT | |
| Mar 26, 2025 19:48:30.395308971 CET | 1031 | IN | |
| Mar 26, 2025 19:48:30.395324945 CET | 1031 | IN | |
| Mar 26, 2025 19:48:30.395339012 CET | 1031 | IN | |
| Mar 26, 2025 19:48:30.395351887 CET | 1031 | IN | |
| Mar 26, 2025 19:48:30.395394087 CET | 1031 | IN | |
| Mar 26, 2025 19:48:30.395407915 CET | 1031 | IN | |
| Mar 26, 2025 19:48:30.395420074 CET | 228 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49697 | 147.79.86.93 | 443 | 6896 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 18:48:29 UTC | 209 | OUT | |
| 2025-03-26 18:48:30 UTC | 463 | IN | |
| 2025-03-26 18:48:30 UTC | 103 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49699 | 13.107.246.41 | 443 | 6896 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 18:48:43 UTC | 226 | OUT | |
| 2025-03-26 18:48:44 UTC | 493 | IN | |
| 2025-03-26 18:48:44 UTC | 15891 | IN | |
| 2025-03-26 18:48:44 UTC | 16384 | IN | |
| 2025-03-26 18:48:44 UTC | 16384 | IN | |
| 2025-03-26 18:48:44 UTC | 16384 | IN | |
| 2025-03-26 18:48:44 UTC | 16384 | IN | |
| 2025-03-26 18:48:44 UTC | 16384 | IN | |
| 2025-03-26 18:48:44 UTC | 16384 | IN | |
| 2025-03-26 18:48:44 UTC | 16384 | IN | |
| 2025-03-26 18:48:44 UTC | 16384 | IN | |
| 2025-03-26 18:48:44 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49701 | 13.107.246.41 | 443 | 6896 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 18:48:51 UTC | 214 | OUT | |
| 2025-03-26 18:48:51 UTC | 470 | IN | |
| 2025-03-26 18:48:51 UTC | 204 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 49702 | 13.107.246.41 | 443 | 6896 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 18:48:51 UTC | 214 | OUT | |
| 2025-03-26 18:48:51 UTC | 515 | IN | |
| 2025-03-26 18:48:51 UTC | 2128 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 14:47:33 |
| Start date: | 26/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x1d0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 11 |
| Start time: | 14:48:29 |
| Start date: | 26/03/2025 |
| Path: | C:\Windows\SysWOW64\mshta.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xdd0000 |
| File size: | 13'312 bytes |
| MD5 hash: | 06B02D5C097C7DB1F109749C45F3F505 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 13 |
| Start time: | 14:48:38 |
| Start date: | 26/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff611620000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 15 |
| Start time: | 14:48:48 |
| Start date: | 26/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x1d0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly
