Windows
Analysis Report
Bijlage 2 Vragenlijst.xlsx
Overview
General Information
Detection
Score: | 4 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook |
No malicious behavior found, analyze the document also on other version of Office / Acrobat |
- System is w10x64
- EXCEL.EXE (PID: 1216 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) - splwow64.exe (PID: 5228 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- cleanup
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Memory has grown: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Extra Window Memory Injection | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
part-0012.t-0009.t-msedge.net | 13.107.246.40 | true | false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.246.40 | part-0012.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417448 |
Start date and time: | 2024-03-29 10:21:27 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Bijlage 2 Vragenlijst.xlsx |
Detection: | CLEAN |
Classification: | clean4.winXLSX@3/5@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.8.89, 52.113.194.132, 23.221.242.90, 52.109.8.36, 72.21.81.240, 20.189.173.8
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, cus-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, onedscolprdwus07.westus.cloudapp.azure.com, osiprod-cus-buff-azsc-000.centralus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, wu.ec.azureedge.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, wu-bg-shim.trafficmanager.net, cus-azsc-000.roaming.officeapps.live.com, fe3cr.delivery.mp.microsoft.com, us1.roaming1.li
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
10:23:13 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.246.40 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
part-0012.t-0009.t-msedge.net | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | RisePro Stealer | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | DBatLoader, Remcos | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4770 |
Entropy (8bit): | 7.946747821604857 |
Encrypted: | false |
SSDEEP: | 96:9/nBu64pydcvOHRUfu0xK1bQYMRSRNoYmxYvk56sHMZhh4m:9/nBuP2cGxUfu6K1bpWJ6vfh4m |
MD5: | 1BFE591A4FE3D91B03CDF26EAACD8F89 |
SHA1: | 719C37C320F518AC168C86723724891950911CEA |
SHA-256: | 9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8 |
SHA-512: | 02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 3.1630232436556387 |
Encrypted: | false |
SSDEEP: | 3:kkFkl2PtfllXlE/0htlX16pFRltB+SliQlP8F+RlTRe86A+iRlERMta9b3+AL0Wy:kKuN+SkQlPlEGYRMY9z+s3Ql2DUevat |
MD5: | A03CB2229D0E105B8B2778959BC904C5 |
SHA1: | 57EE9535EF6B80F62C8D71E89F1CDB0319B69903 |
SHA-256: | 6EE74FF142A14A705A89B41E30D57C42B325BFA130EBD16E48C33066A519C793 |
SHA-512: | D374747920E4FD25A8E8BB55ED486F630CC4C6CD555E3A800066210066196C6E659DB3774F6515AF858C400BAC90C81BF834FF4BFDF542C9310F2ABC29228A73 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 1.1464700112623651 |
Encrypted: | false |
SSDEEP: | 3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X |
MD5: | 72F5C05B7EA8DD6059BF59F50B22DF33 |
SHA1: | D5AF52E129E15E3A34772806F6C5FBF132E7408E |
SHA-256: | 1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164 |
SHA-512: | 6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.5231029153786204 |
Encrypted: | false |
SSDEEP: | 3:sYp5lFltt:sYp5Nv |
MD5: | B77267835A6BEAC785C351BDE8E1A61C |
SHA1: | FABD93A92989535D43233E3DB9C6579D8174740E |
SHA-256: | 3B222E766EADC8BC9A8A90AC32FA591F313545B7E8C5D481D378AE307FA798C3 |
SHA-512: | FFFCBA958E9BD56F284DA19592F124C48B013FCDA2FBE65B3EB38BB644C2B0C978E6DAE99EF213B054813C7212E119B09236A6FFF342D32E52C84DD26DE1E033 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.108971734911262 |
TrID: |
|
File name: | Bijlage 2 Vragenlijst.xlsx |
File size: | 23'829 bytes |
MD5: | fd2cb6ad9501c1a33d41c48e6e0d29c7 |
SHA1: | f97c475da86fc2a88211e5f4813ce19d0cadf54b |
SHA256: | 4d75da97852c7a36c17b8dabf791be20e03bfaeb3f47db1309ecef8507dd3f72 |
SHA512: | e190002fb10ee274891ae679ec0a38549ec1f66179deef387ed27aab01749a8c9b5ee9c6497b433e4519c6dc09a363ae9e66bcd7cbf8083f7246d694cb31fa02 |
SSDEEP: | 384:8eikQT/MeC9hRUyuOxriw0kBpBVpV3lyv8J8nhnpv:8RXEfRNkkBpb3lyNnN |
TLSH: | BCB2AE39DD18A858C277667E810D44F33929B282D395AB6F3C94F25D0B90A8F577F2C8 |
File Content Preview: | PK..........!.................[Content_Types].xml ...(......................................................................................................................................................................................................... |
Icon Hash: | 35e58a8c0c8a85b9 |
Document Type: | OpenXML |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 10:23:18.568190098 CET | 49733 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.568233013 CET | 443 | 49733 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.568417072 CET | 49733 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.568608999 CET | 49734 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.568645000 CET | 443 | 49734 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.568768978 CET | 49734 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.568927050 CET | 49735 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.568954945 CET | 443 | 49735 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.569010019 CET | 49735 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.569149017 CET | 49736 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.569190025 CET | 443 | 49736 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.569242001 CET | 49736 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.569600105 CET | 49737 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.569641113 CET | 443 | 49737 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.569844961 CET | 49737 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.571302891 CET | 49733 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.571316004 CET | 443 | 49733 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.571590900 CET | 49737 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.571608067 CET | 443 | 49737 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.571681976 CET | 49734 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.571692944 CET | 443 | 49734 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.571719885 CET | 49735 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.571738005 CET | 443 | 49735 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.571830988 CET | 49736 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.571845055 CET | 443 | 49736 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.900166035 CET | 443 | 49736 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.900281906 CET | 49736 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.902586937 CET | 49736 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.902597904 CET | 443 | 49736 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.902810097 CET | 443 | 49736 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.903315067 CET | 443 | 49734 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.903518915 CET | 49734 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.904525995 CET | 49736 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.904526949 CET | 49734 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.904534101 CET | 443 | 49734 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.904736996 CET | 443 | 49734 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.905766964 CET | 49734 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.914100885 CET | 443 | 49735 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.914200068 CET | 49735 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.915031910 CET | 49735 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.915045023 CET | 443 | 49735 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.915258884 CET | 443 | 49735 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.915337086 CET | 443 | 49733 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.915446043 CET | 49733 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.916275978 CET | 49733 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.916280031 CET | 49735 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.916282892 CET | 443 | 49733 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.916507959 CET | 443 | 49733 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.917371988 CET | 49733 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.919514894 CET | 443 | 49737 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.919584990 CET | 49737 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.920675993 CET | 49737 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.920686960 CET | 443 | 49737 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.920945883 CET | 443 | 49737 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.921902895 CET | 49737 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:18.952231884 CET | 443 | 49734 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.952245951 CET | 443 | 49736 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.960232973 CET | 443 | 49733 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.960239887 CET | 443 | 49735 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:18.968225956 CET | 443 | 49737 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.095771074 CET | 443 | 49736 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.095990896 CET | 443 | 49736 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.096101046 CET | 49736 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.096486092 CET | 49736 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.096498013 CET | 443 | 49736 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.096532106 CET | 49736 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.096537113 CET | 443 | 49736 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.107445002 CET | 49738 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.107477903 CET | 443 | 49738 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.107609034 CET | 49738 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.107748985 CET | 49738 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.107763052 CET | 443 | 49738 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.114646912 CET | 443 | 49733 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.114685059 CET | 443 | 49733 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.114708900 CET | 443 | 49733 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.114787102 CET | 443 | 49733 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.114820004 CET | 49733 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.114937067 CET | 49733 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.114950895 CET | 443 | 49733 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.114974976 CET | 49733 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.114974976 CET | 49733 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.114980936 CET | 443 | 49733 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.114988089 CET | 443 | 49733 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.118907928 CET | 443 | 49737 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.119163990 CET | 443 | 49737 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.119260073 CET | 49737 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.119323015 CET | 49737 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.119323015 CET | 49737 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.119333029 CET | 443 | 49737 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.119347095 CET | 443 | 49737 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.126102924 CET | 49739 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.126130104 CET | 443 | 49739 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.126259089 CET | 49739 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.127155066 CET | 49739 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.127168894 CET | 443 | 49739 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.128356934 CET | 443 | 49734 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.128380060 CET | 443 | 49734 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.128427982 CET | 443 | 49734 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.128513098 CET | 49734 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.128513098 CET | 49734 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.130225897 CET | 49740 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.130253077 CET | 443 | 49740 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.130657911 CET | 49740 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.130821943 CET | 49734 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.130847931 CET | 443 | 49734 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.130886078 CET | 49734 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.130901098 CET | 443 | 49734 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.131946087 CET | 49740 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.131954908 CET | 443 | 49740 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.144701004 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.144718885 CET | 443 | 49741 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.145092010 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.145148039 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.145154953 CET | 443 | 49741 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.165999889 CET | 443 | 49735 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.167450905 CET | 443 | 49735 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.167624950 CET | 49735 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.167624950 CET | 49735 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.167660952 CET | 49735 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.167675018 CET | 443 | 49735 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.174509048 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.174539089 CET | 443 | 49742 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.174962044 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.175054073 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.175072908 CET | 443 | 49742 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.411408901 CET | 443 | 49738 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.412240982 CET | 49738 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.412261963 CET | 443 | 49738 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.412882090 CET | 49738 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.412889004 CET | 443 | 49738 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.442997932 CET | 443 | 49740 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.443437099 CET | 443 | 49739 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.443480968 CET | 49740 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.443494081 CET | 443 | 49740 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.444143057 CET | 49739 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.444165945 CET | 443 | 49739 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.444478989 CET | 49740 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.444483995 CET | 443 | 49740 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.445410967 CET | 49739 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.445416927 CET | 443 | 49739 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.449839115 CET | 443 | 49741 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.450242043 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.450264931 CET | 443 | 49741 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.451055050 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.451061964 CET | 443 | 49741 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.485167980 CET | 443 | 49742 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.487315893 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.487315893 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.487344980 CET | 443 | 49742 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.487371922 CET | 443 | 49742 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.613784075 CET | 443 | 49738 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.614032030 CET | 443 | 49738 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.614166021 CET | 49738 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.614166021 CET | 49738 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.614743948 CET | 49738 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.614756107 CET | 443 | 49738 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.635957003 CET | 443 | 49739 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.636189938 CET | 443 | 49739 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.636553049 CET | 49739 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.636553049 CET | 49739 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.636723995 CET | 49739 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.636734009 CET | 443 | 49739 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.638411045 CET | 443 | 49740 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.638740063 CET | 443 | 49740 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.638808012 CET | 49740 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.638856888 CET | 49740 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.638856888 CET | 49740 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.638875961 CET | 443 | 49740 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.638885975 CET | 443 | 49740 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.650685072 CET | 443 | 49741 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.650969028 CET | 443 | 49741 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.651070118 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.651070118 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.651103973 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.651118994 CET | 443 | 49741 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.686269045 CET | 443 | 49742 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.686484098 CET | 443 | 49742 | 13.107.246.40 | 192.168.2.5 |
Mar 29, 2024 10:23:19.686731100 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.686731100 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.686965942 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.40 |
Mar 29, 2024 10:23:19.686985016 CET | 443 | 49742 | 13.107.246.40 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 29, 2024 10:23:18.566688061 CET | 1.1.1.1 | 192.168.2.5 | 0xd70b | No error (0) | part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 29, 2024 10:23:18.566688061 CET | 1.1.1.1 | 192.168.2.5 | 0xd70b | No error (0) | 13.107.246.40 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 10:23:18.566688061 CET | 1.1.1.1 | 192.168.2.5 | 0xd70b | No error (0) | 13.107.213.40 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49736 | 13.107.246.40 | 443 | 1216 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 09:23:18 UTC | 207 | OUT | |
2024-03-29 09:23:19 UTC | 545 | IN | |
2024-03-29 09:23:19 UTC | 513 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49734 | 13.107.246.40 | 443 | 1216 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 09:23:18 UTC | 208 | OUT | |
2024-03-29 09:23:19 UTC | 638 | IN | |
2024-03-29 09:23:19 UTC | 1523 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49735 | 13.107.246.40 | 443 | 1216 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 09:23:18 UTC | 207 | OUT | |
2024-03-29 09:23:19 UTC | 525 | IN | |
2024-03-29 09:23:19 UTC | 777 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49733 | 13.107.246.40 | 443 | 1216 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 09:23:18 UTC | 206 | OUT | |
2024-03-29 09:23:19 UTC | 638 | IN | |
2024-03-29 09:23:19 UTC | 2871 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49737 | 13.107.246.40 | 443 | 1216 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 09:23:18 UTC | 207 | OUT | |
2024-03-29 09:23:19 UTC | 545 | IN | |
2024-03-29 09:23:19 UTC | 833 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49738 | 13.107.246.40 | 443 | 1216 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 09:23:19 UTC | 207 | OUT | |
2024-03-29 09:23:19 UTC | 545 | IN | |
2024-03-29 09:23:19 UTC | 716 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49740 | 13.107.246.40 | 443 | 1216 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 09:23:19 UTC | 207 | OUT | |
2024-03-29 09:23:19 UTC | 545 | IN | |
2024-03-29 09:23:19 UTC | 599 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49739 | 13.107.246.40 | 443 | 1216 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 09:23:19 UTC | 207 | OUT | |
2024-03-29 09:23:19 UTC | 545 | IN | |
2024-03-29 09:23:19 UTC | 738 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49741 | 13.107.246.40 | 443 | 1216 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 09:23:19 UTC | 207 | OUT | |
2024-03-29 09:23:19 UTC | 545 | IN | |
2024-03-29 09:23:19 UTC | 599 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 49742 | 13.107.246.40 | 443 | 1216 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 09:23:19 UTC | 207 | OUT | |
2024-03-29 09:23:19 UTC | 545 | IN | |
2024-03-29 09:23:19 UTC | 611 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:22:09 |
Start date: | 29/03/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8d0000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 6 |
Start time: | 10:23:13 |
Start date: | 29/03/2024 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6365c0000 |
File size: | 163'840 bytes |
MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |