Edit tour
Windows
Analysis Report
Purchase Order.xla.xlsx
Overview
General Information
| Sample name: | Purchase Order.xla.xlsx |
| Analysis ID: | 1632080 |
| MD5: | dad37e3090b45447788f8175d0d25a67 |
| SHA1: | be59341ac2a206ddc30a67bdb8951a792a690b96 |
| SHA256: | fc49f63b65f6ec5493e8ac495c22e1ac56ced2531cdbe24c37be758723695c53 |
| Tags: | CVE-2017-0199xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 60 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Excel sheet contains many unusual embedded objects
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w11x64_office
EXCEL.EXE (PID: 7640 cmdline: "C:\Progra m Files\Mi crosoft Of fice\Root\ Office16\E XCEL.EXE" /automatio n -Embeddi ng MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77) 
splwow64.exe (PID: 3536 cmdline: C:\Windows \splwow64. exe 12288 MD5: AF4A7EBF6114EE9E6FBCC910EC3C96E6)
- EXCEL.EXE (PID: 6560 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Root\ Office16\E XCEL.EXE" "C:\Users\ user\Deskt op\Purchas e Order.xl a.xlsx" MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Directory created: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD0026E067/\x1Ole' : | ||
| Source: | Stream path 'MBD0026E067/\x1Ole' : | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Directory created: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD0026E066/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Stream path 'Package' entropy: | ||
| Source: | Stream path 'MBD0026E066/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 3 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 43% | Virustotal | Browse | ||
| 37% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 | ||
| 100% | Avira | W97M/AVI.Agent.nvusu |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
| edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | 217.20.57.36 | true | false | high | |
| link.orai.io | 104.26.0.139 | true | false | high | |
| st3.pro | 5.161.200.29 | true | false | high | |
| a726.dscd.akamai.net | 2.19.11.111 | true | false | high | |
| s-0005.dual-s-msedge.net | 52.123.128.14 | true | false | high | |
| s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | high | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| false | high | ||
| false | high | ||
| false | high | ||
| false |
| unknown | |
| false | high | ||
| false | high | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.26.0.139 | link.orai.io | United States | 13335 | CLOUDFLARENETUS | false | |
| 5.161.200.29 | st3.pro | Germany | 24940 | HETZNER-ASDE | false | |
| 13.107.246.60 | s-part-0032.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1632080 |
| Start date and time: | 2025-03-07 19:23:44 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 57s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09 |
| Run name: | Potential for more IOCs and behavior |
| Number of analysed new started processes analysed: | 24 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Purchase Order.xla.xlsx |
| Detection: | MAL |
| Classification: | mal60.winXLSX@4/14@3/3 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): SecurityHealthHost.exe, dllhost.exe, RuntimeBroker.exe, SystemSettingsBroker.exe, SIHClient.exe, appidcertstorecheck.exe, backgroundTaskHost.exe, sppsvc.exe, ShellExperienceHost.exe, WMIADAP.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.109.68.129, 52.109.89.119, 40.79.141.154, 217.20.57.36, 13.89.179.14, 52.123.128.14, 20.190.160.2, 20.12.23.50, 2.19.11.111
- Excluded domains from analysis (whitelisted): odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, res-1.cdn.office.net, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, onedscolprdfrc06.francecentral.cloudapp.azure.com, osiprod-weu-bronze-azsc-000.westeurope.cloudapp.azure.com, dual-s-0005-office.config.skype.com, login.live.com, frc-azsc-000.roaming.officeapps.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, wu-b-net.trafficmanager.net, assets.msn.com, ecs.office.com, client.wns.windows.com, browser.events.data.msn.cn, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, uci.cdn.office.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, weu-azsc-000.odc.officeapps.live.com, res-stls-prod.edgesuite.net, fe3cr.delivery.mp.microsoft.com, res-prod.trafficmanager.net, config.officeapps.live.com, onedsc
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 13:26:05 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.26.0.139 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 5.161.200.29 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 13.107.246.60 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Metastealer | Browse |
| ||
| Get hash | malicious | AsyncRAT, Batch Injector, VenomRAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | KeyLogger, StormKitty, VenomRAT | Browse |
| ||
| Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
| Get hash | malicious | CobaltStrike, Metasploit | Browse |
| ||
| Get hash | malicious | KillMBR | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| link.orai.io | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Metastealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | AsyncRAT, Batch Injector, VenomRAT | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AsyncRAT, DcRat | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| HETZNER-ASDE | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Go Stealer, Skuld Stealer | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 258a5a1e95b8a911872bae9081526644 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mimikatz | Browse |
| ||
| Get hash | malicious | Hidden Macro 4.0 | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | KnowBe4 | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 091f51a7a1c3a4504a224cc081ce9cee | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | KnowBe4 | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1741371904129198800_83E386B2-5C9C-4779-9D90-E54D2C78EB0E.log
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20971520 |
| Entropy (8bit): | 8.112143835430977E-5 |
| Encrypted: | false |
| SSDEEP: | 3:Tuekk9NJtHFfs1XsExe/t:qeVJ8 |
| MD5: | AFDEAC461EEC32D754D8E6017E845D21 |
| SHA1: | 5D0874C19B70638A0737696AEEE55BFCC80D7ED8 |
| SHA-256: | 3A96B02F6A09F6A6FAC2A44A5842FF9AEB17EB4D633E48ABF6ADDF6FB447C7E2 |
| SHA-512: | CAB6B8F9FFDBD80210F42219BAC8F1124D6C0B6995C5128995F7F48CED8EF0F2159EA06A2CD09B1FDCD409719F94A7DB437C708D3B1FDA01FDC80141A4595FC7 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1741371904129542400_83E386B2-5C9C-4779-9D90-E54D2C78EB0E.log
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20971520 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
| SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
| SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
| SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1741371990892645100_2BB7BA75-E205-4045-93E4-09F74107580E.log
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71 |
| Entropy (8bit): | 4.3462513114457515 |
| Encrypted: | false |
| SSDEEP: | 3:Tuekk9NJtHFfs1XsExen:qeVJ8u |
| MD5: | 8F4510F128F81A8BAF2A345D00F7E30C |
| SHA1: | 8C711E6C484881ECDC83B6BDAC41C7A19EDE9C37 |
| SHA-256: | 15AA8B35FC5F139EF0B0FBC641CAA862AED19674625B81D1DC63467BC0AAFED9 |
| SHA-512: | 78695E5E2337703757903B8452E31A98F860022B04972651212C3004FEBE29017380A8BCA9FCCFD935DE00D8BD73AA556C30A3CEA5FC76E7ADF7E7763D68E78F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1741371904125551500_83E386B2-5C9C-4779-9D90-E54D2C78EB0E.log
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20971520 |
| Entropy (8bit): | 0.21480295828349583 |
| Encrypted: | false |
| SSDEEP: | 1536:RPEUFJhLe8LpfnIYQnDYMKRmX48PDgX/d3qHl3ZeCJoUmSnCeXN/lOnh5TaCH0j/:tpFJTIKazrAFssN9buhk+knDBlnd |
| MD5: | 8F440E440B1EED5F25DCE5B1D03C99D1 |
| SHA1: | 5CC358E769CA19DD85002F6529C56D1A70ED15D2 |
| SHA-256: | 2C10F14A40AA7280A4AA277F84AD75D753BE192C82DAEF7CCDA4E61C881CE419 |
| SHA-512: | 67D68FB11F0435F27B273860FDBEAA37D7A97211F9CE0A28614491A9EE8E33A8BF064067293B08C52AC52825F191499559C07DD22216415E1609827A78992B34 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1741371904126068500_83E386B2-5C9C-4779-9D90-E54D2C78EB0E.log
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20971520 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
| SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
| SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
| SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1741371990890509900_2BB7BA75-E205-4045-93E4-09F74107580E.log
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 256022 |
| Entropy (8bit): | 5.146996433332983 |
| Encrypted: | false |
| SSDEEP: | 1536:rG+JbsvT4tJF/PgJh/h4WpnILIOjWCTYhNbrxkqODV2chHgstCmpE5NnlKKBujy1:Dxs0Pgvh4oI9uP7mAyknDBlnxnKW |
| MD5: | D4B375C3920C7F0358A5C306D7A2B667 |
| SHA1: | EA44F70FEE05A4B6B694014F70E8377F6997115A |
| SHA-256: | 3334ACC2AB6473C9DF6B1C57F68878DAA81A4C465E15E0F4E731207C2E6AF99D |
| SHA-512: | 693D30D65BBD22A435EFA213FC8BB6CAE225B7A40F759ACA2D96DBCBCFA962B31B95ED97B7E34359FEA1E454D020E31A1633086E1D14649214C54190A21F71A5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1056768 |
| Entropy (8bit): | 7.965668825589112 |
| Encrypted: | false |
| SSDEEP: | 24576:LfCwF0EtC90qOU48EOIb7QnXtA3hK40UY86TyJIwg:Vq4bckY+zg |
| MD5: | F97B87D5358D55F303F7886809D9E4DD |
| SHA1: | 11CC69F4423F179FA574E44D416D55B8771D383E |
| SHA-256: | 49153D3545B37534897A567397757C0FE0EC18FF3DD7754B6E9BCB770B5ED16C |
| SHA-512: | 33BE090F9F433DBAF41EFF3C4A886592EF7B48946DBC7465C608A083B010D68F33F23D9845D5A0087EF8C72FD91045028F5840E2F062E9E140A5D33FA1D5CB02 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1077760 |
| Entropy (8bit): | 7.936607489988388 |
| Encrypted: | false |
| SSDEEP: | 24576:ufCwF0EtC90qOU48EOIb7QnXtA3hK40UY86TyJIwg:mq4bckY+zg |
| MD5: | 1798FF05258288F1205690290B872C6C |
| SHA1: | 575D536CC86B07946271E7A65F9DF31C2CABFF92 |
| SHA-256: | D5DFB97C24DDF1B76D86754154910D336ACA17F722D8CA5D6C5902F96650019A |
| SHA-512: | FFE672E501980308187F4C3F14E82DACC760D4ED7082AA012DA5226E6B3412F842D1FB86CA6D5B988F0E28DC3058C1F6A26D3D95FFCC8A194AEFF7062350BE78 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1342976 |
| Entropy (8bit): | 7.988858418474517 |
| Encrypted: | false |
| SSDEEP: | 24576:lfCwF0EtC90qOU48EOIb7QnXtA3hK40UY86TyJIwgC142P3:rq4bckY+zgCym3 |
| MD5: | 5F26483FCDFD80E8FC3BAAB90CECC067 |
| SHA1: | 59C84550D615E9FB6DACCC1E32F89655DCC0D2BD |
| SHA-256: | 15A4068C5EB1E73AF452EB267B76403CC130B459FA7B86AF40ECA123FC9C8AB8 |
| SHA-512: | 8FF81DA91682D998C4D388D7BC9EEEDBDF2785962225D4DA8FB1383910CD00AC1524228454D2042F48121170072C8D1AAAF0985B58FE1E04C16A0E3BE6526C46 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1342976 |
| Entropy (8bit): | 7.988858418474517 |
| Encrypted: | false |
| SSDEEP: | 24576:lfCwF0EtC90qOU48EOIb7QnXtA3hK40UY86TyJIwgC142P3:rq4bckY+zgCym3 |
| MD5: | 5F26483FCDFD80E8FC3BAAB90CECC067 |
| SHA1: | 59C84550D615E9FB6DACCC1E32F89655DCC0D2BD |
| SHA-256: | 15A4068C5EB1E73AF452EB267B76403CC130B459FA7B86AF40ECA123FC9C8AB8 |
| SHA-512: | 8FF81DA91682D998C4D388D7BC9EEEDBDF2785962225D4DA8FB1383910CD00AC1524228454D2042F48121170072C8D1AAAF0985B58FE1E04C16A0E3BE6526C46 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.4377382811115937 |
| Encrypted: | false |
| SSDEEP: | 3:EVANFN:EqfN |
| MD5: | 359140EB88A757E2BBEF2F7D32DCC4E5 |
| SHA1: | FD16035441ADF907BBFC594A96470C202E265067 |
| SHA-256: | 42CDE461F058A0C6F6C5A69BD1D21114CD55929011C77BCB9A025B9CA43ED71F |
| SHA-512: | 9ADF6AC24E55AA161D2FFA1AC3BBBF03A7028DEFD8E1722FA52CAF7C730F7CF8AAE2073A50FD8AA004AF46E9A578A3B8088DD89415368E64E1916367CE126741 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.980127087808385 |
| TrID: |
|
| File name: | Purchase Order.xla.xlsx |
| File size: | 1'231'360 bytes |
| MD5: | dad37e3090b45447788f8175d0d25a67 |
| SHA1: | be59341ac2a206ddc30a67bdb8951a792a690b96 |
| SHA256: | fc49f63b65f6ec5493e8ac495c22e1ac56ced2531cdbe24c37be758723695c53 |
| SHA512: | 7780cef11801ccad2ab86ef47bb2b5d7f48268935a75c36d2fd6dc1e3e08b8fa0fc2a504e5ebe63971bdd73210ed5e54ed6a32f0b6b045f266968be21ad1817c |
| SSDEEP: | 24576:xJIwgbtTgdAnIOXR8YhbBWvdp8tLUWBMDcPrhU3Vjo+nQFSMCxpVGWT:xzgZTcM8YkpwLUwhyo+nKSfzVGWT |
| TLSH: | 534523E4ED947E02CF4B867A5B4AD41E9427FE4E3349900B3134775A063BA7C46F6A0E |
| File Content Preview: | ........................>...............................................................................................................y.......{.............................................................................................................. |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-06 02:58:22 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c da a3 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c f9 12 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c 9c 8a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c 95 85 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.226575879994164 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . C . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD0026E066/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD0026E066/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 919251 |
| Entropy: | 7.992716595778883 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . h . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 d5 68 cd d7 f9 01 00 00 da 08 00 00 13 00 c4 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c0 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD0026E067/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 984 |
| Entropy: | 5.527672040042076 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . o . 0 . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . l . i . n . k . . . o . r . a . i . . . i . o . / . b . D . t . O . t . A . ? . & . d . i . s . a . s . t . e . r . = . v . o . l . a . t . i . l . e . & . c . h . i . p . m . u . n . k . = . d . i . z . z . y . & . a . l . a . r . m . = . o . b . s . e . r . v . a . n . t . & . t . u . t . u . . . 7 C P . . H . ? . Y . 4 u ? K . D 0 . . n 2 . b [ 2 . K , O . > a a % A . Y P j . @ . g n < . r " K \\ . * ( * . B . |
| Data Raw: | 01 00 00 02 83 9a f6 6f da 0f ac 30 00 00 00 00 00 00 00 00 00 00 00 00 9e 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 9a 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6c 00 69 00 6e 00 6b 00 2e 00 6f 00 72 00 61 00 69 00 2e 00 69 00 6f 00 2f 00 62 00 44 00 74 00 4f 00 74 00 41 00 3f 00 26 00 64 00 69 00 73 00 61 00 73 00 74 00 65 00 72 00 3d 00 76 00 6f 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 287688 |
| Entropy: | 7.998293666295266 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . . n A @ . l O 6 o 4 Q * . 1 G y K i T J ( ( Z . . . . . . . . . . . . . . . \\ . p . . 1 . 2 . T . 1 . . k ; ] t . f a . . f , > . m " . ) . z . k + ? ~ ) 6 o . K p . . . b H t O } . . O D + . K B . ; b P B . . . E a . . . j & . . . = . . . . u b T & . . . J ~ % y . . q + . . . : . . . . . . . . . . . . u . . . n . . . K . = . . . . E _ x ; q ) . . @ . . . . . . . . . " . . . ? s . . . . } . . . k . . . $ 1 . . . . + \\ . \\ A 1 { 1 . ; n 2 % D ( 1 . . . 6 |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 e9 e7 0e ff 9c dd 6e 41 40 ae d1 a1 6c 4f 36 6f bc e1 34 b6 c5 f6 f4 51 2a 08 8d 31 47 79 4b 69 fc 54 ca 4a a0 ce 28 cd 28 8b 9e b1 b4 5a d9 8c 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 fa 00 e2 00 00 00 5c 00 70 00 06 a7 f3 31 0d 32 96 03 54 c3 db c4 b5 fb 31 1e a1 b1 07 6b 3b 5d f2 74 9d 85 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 525 |
| Entropy: | 5.212796843587302 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { D B 7 8 F 5 A A - 8 A 4 6 - 4 8 A C - 8 0 7 2 - 6 D 5 1 E 0 9 5 E 4 2 1 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 2 7 2 5 C 6 C 4 4 A 4 4 0 8 4 8 0 |
| Data Raw: | 49 44 3d 22 7b 44 42 37 38 46 35 41 41 2d 38 41 34 36 2d 34 38 41 43 2d 38 30 37 32 2d 36 44 35 31 45 30 39 35 45 34 32 31 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.997077137692501 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.3912088754515315 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . u i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 75 9d e0 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 19:25:55.201287985 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:55.201334953 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:55.201476097 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:55.201999903 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:55.202011108 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:55.987062931 CET | 49761 | 443 | 192.168.2.25 | 104.26.0.139 |
| Mar 7, 2025 19:25:55.987102985 CET | 443 | 49761 | 104.26.0.139 | 192.168.2.25 |
| Mar 7, 2025 19:25:55.987178087 CET | 49761 | 443 | 192.168.2.25 | 104.26.0.139 |
| Mar 7, 2025 19:25:55.988290071 CET | 49761 | 443 | 192.168.2.25 | 104.26.0.139 |
| Mar 7, 2025 19:25:55.988312006 CET | 443 | 49761 | 104.26.0.139 | 192.168.2.25 |
| Mar 7, 2025 19:25:57.859817028 CET | 443 | 49761 | 104.26.0.139 | 192.168.2.25 |
| Mar 7, 2025 19:25:57.859957933 CET | 49761 | 443 | 192.168.2.25 | 104.26.0.139 |
| Mar 7, 2025 19:25:57.861279011 CET | 49761 | 443 | 192.168.2.25 | 104.26.0.139 |
| Mar 7, 2025 19:25:57.861287117 CET | 443 | 49761 | 104.26.0.139 | 192.168.2.25 |
| Mar 7, 2025 19:25:57.862499952 CET | 443 | 49761 | 104.26.0.139 | 192.168.2.25 |
| Mar 7, 2025 19:25:57.862565041 CET | 49761 | 443 | 192.168.2.25 | 104.26.0.139 |
| Mar 7, 2025 19:25:57.863945007 CET | 49761 | 443 | 192.168.2.25 | 104.26.0.139 |
| Mar 7, 2025 19:25:57.864023924 CET | 443 | 49761 | 104.26.0.139 | 192.168.2.25 |
| Mar 7, 2025 19:25:57.864085913 CET | 49761 | 443 | 192.168.2.25 | 104.26.0.139 |
| Mar 7, 2025 19:25:57.864094019 CET | 443 | 49761 | 104.26.0.139 | 192.168.2.25 |
| Mar 7, 2025 19:25:57.864139080 CET | 49761 | 443 | 192.168.2.25 | 104.26.0.139 |
| Mar 7, 2025 19:25:57.865849018 CET | 49761 | 443 | 192.168.2.25 | 104.26.0.139 |
| Mar 7, 2025 19:25:57.908323050 CET | 443 | 49761 | 104.26.0.139 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.063901901 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.064088106 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:58.073996067 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:58.074028969 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.074299097 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.116812944 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:58.236160994 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:58.276325941 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.600888968 CET | 443 | 49761 | 104.26.0.139 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.600989103 CET | 443 | 49761 | 104.26.0.139 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.601140022 CET | 49761 | 443 | 192.168.2.25 | 104.26.0.139 |
| Mar 7, 2025 19:25:58.609332085 CET | 49761 | 443 | 192.168.2.25 | 104.26.0.139 |
| Mar 7, 2025 19:25:58.609345913 CET | 443 | 49761 | 104.26.0.139 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.769709110 CET | 49762 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:25:58.769752979 CET | 443 | 49762 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.769834042 CET | 49762 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:25:58.771095037 CET | 49762 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:25:58.771105051 CET | 443 | 49762 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.833153009 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.833178997 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.833190918 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.833204985 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.833240032 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.833272934 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:58.833300114 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.833338022 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:58.833359957 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:58.918277025 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.918304920 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.918380022 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:58.918405056 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.918450117 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:58.951951027 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.951970100 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.952049017 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:58.952054977 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.952105045 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:58.991022110 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.991048098 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.991126060 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:58.991151094 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.991202116 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.011375904 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.011394024 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.011492014 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.011497974 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.011560917 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.030312061 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.030328989 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.030412912 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.030417919 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.030466080 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.052985907 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.053003073 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.053069115 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.053073883 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.053131104 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.080343962 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.080372095 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.080444098 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.080452919 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.080502033 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.091629982 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.091658115 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.091718912 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.091744900 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.091782093 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.091804981 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.103873014 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.103934050 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.103982925 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.104000092 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.104037046 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.104075909 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.113500118 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.113526106 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.113595009 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.113610983 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.113672018 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.124880075 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.124900103 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.124977112 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.125041962 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.125109911 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.134608030 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.134658098 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.134697914 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.134716988 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.134748936 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.134785891 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.143814087 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.143877983 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.143903017 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.143918991 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.143970013 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.143992901 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.158371925 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.158402920 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.158466101 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.158536911 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.158572912 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.158601999 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.187063932 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.187097073 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.187174082 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.187199116 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.187259912 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.193120956 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.193142891 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.193209887 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.193223953 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.193269968 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.204653025 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.204674959 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.204724073 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.204737902 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.204772949 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.204793930 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.211107016 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.211126089 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.211189032 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.211210012 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.211267948 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.215329885 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.215348959 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.215424061 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.215436935 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.215491056 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.227145910 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.227164030 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.227258921 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.227283955 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.227334976 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.237917900 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.237938881 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.238055944 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.238079071 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.238148928 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.246280909 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.246309996 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.246365070 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.246371984 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.246443987 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.246696949 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.246736050 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.246798992 CET | 49760 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.246815920 CET | 443 | 49760 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.432440996 CET | 49763 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.432482004 CET | 443 | 49763 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.432562113 CET | 49763 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.432806015 CET | 49763 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.432817936 CET | 443 | 49763 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.435146093 CET | 49764 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.435208082 CET | 443 | 49764 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:25:59.435270071 CET | 49764 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.435623884 CET | 49764 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:25:59.435651064 CET | 443 | 49764 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:01.333652020 CET | 443 | 49762 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:01.333806992 CET | 49762 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:01.340614080 CET | 49762 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:01.340626001 CET | 443 | 49762 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:01.342078924 CET | 443 | 49762 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:01.342184067 CET | 49762 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:01.343867064 CET | 49762 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:01.343938112 CET | 443 | 49762 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:01.343997955 CET | 49762 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:01.344002962 CET | 443 | 49762 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:01.344039917 CET | 49762 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:01.345614910 CET | 49762 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:01.392317057 CET | 443 | 49762 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:01.923782110 CET | 443 | 49762 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:01.923870087 CET | 443 | 49762 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:01.923916101 CET | 49762 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:01.923990965 CET | 49762 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:01.931349039 CET | 49762 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:01.931379080 CET | 443 | 49762 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:01.932528019 CET | 49765 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:01.932565928 CET | 443 | 49765 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:01.932638884 CET | 49765 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:01.933630943 CET | 49765 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:01.933645964 CET | 443 | 49765 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:02.351516008 CET | 443 | 49764 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:02.356323004 CET | 49764 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:02.356359005 CET | 443 | 49764 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:02.356827974 CET | 49764 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:02.356834888 CET | 443 | 49764 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:02.441054106 CET | 443 | 49763 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:02.442858934 CET | 49763 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:02.442858934 CET | 49763 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:02.442887068 CET | 443 | 49763 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:02.442902088 CET | 443 | 49763 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:02.951905012 CET | 443 | 49764 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:02.951977968 CET | 443 | 49764 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:02.952153921 CET | 49764 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:02.952523947 CET | 49764 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:02.952575922 CET | 443 | 49764 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:02.952605963 CET | 49764 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:02.952631950 CET | 443 | 49764 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:03.014900923 CET | 443 | 49763 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:03.014919043 CET | 443 | 49763 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:03.014990091 CET | 443 | 49763 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:03.015055895 CET | 49763 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:03.015150070 CET | 49763 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:03.015491009 CET | 49763 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:03.015511036 CET | 443 | 49763 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:03.015526056 CET | 49763 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:03.015531063 CET | 443 | 49763 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:03.718734980 CET | 443 | 49765 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:03.718974113 CET | 49765 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:03.720745087 CET | 49765 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:03.720758915 CET | 443 | 49765 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:03.721144915 CET | 443 | 49765 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:03.721354961 CET | 49765 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:03.722095966 CET | 49765 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:03.722166061 CET | 443 | 49765 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:03.722273111 CET | 49765 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:03.722405910 CET | 49765 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:03.764322042 CET | 443 | 49765 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:04.460601091 CET | 443 | 49765 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:04.460741043 CET | 49765 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:04.463017941 CET | 49765 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:04.463057041 CET | 443 | 49765 | 5.161.200.29 | 192.168.2.25 |
| Mar 7, 2025 19:26:04.463143110 CET | 49765 | 443 | 192.168.2.25 | 5.161.200.29 |
| Mar 7, 2025 19:26:11.187223911 CET | 49767 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:11.187263966 CET | 443 | 49767 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:11.187330961 CET | 49767 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:11.187452078 CET | 49768 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:11.187506914 CET | 443 | 49768 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:11.187664032 CET | 49768 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:11.191315889 CET | 49767 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:11.191318035 CET | 49768 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:11.191328049 CET | 443 | 49768 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:11.191329002 CET | 443 | 49767 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:14.416163921 CET | 443 | 49767 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:14.416251898 CET | 49767 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:14.417403936 CET | 443 | 49768 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:14.417578936 CET | 49768 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:14.421194077 CET | 49767 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:14.421206951 CET | 443 | 49767 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:14.421472073 CET | 443 | 49767 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:14.422991991 CET | 49768 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:14.423017025 CET | 443 | 49768 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:14.423325062 CET | 443 | 49768 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:14.423798084 CET | 49767 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:14.424685955 CET | 49768 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:14.464317083 CET | 443 | 49767 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:14.472323895 CET | 443 | 49768 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:15.402401924 CET | 443 | 49768 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:15.402482986 CET | 443 | 49768 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:15.402550936 CET | 49768 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:15.403080940 CET | 49768 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:15.403107882 CET | 443 | 49768 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:15.403167963 CET | 49768 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:15.403177023 CET | 443 | 49768 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:15.738856077 CET | 443 | 49767 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:15.738882065 CET | 443 | 49767 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:15.738939047 CET | 49767 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:15.738946915 CET | 443 | 49767 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:15.738998890 CET | 49767 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:15.739552021 CET | 49767 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:15.739572048 CET | 443 | 49767 | 13.107.246.60 | 192.168.2.25 |
| Mar 7, 2025 19:26:15.739584923 CET | 49767 | 443 | 192.168.2.25 | 13.107.246.60 |
| Mar 7, 2025 19:26:15.739592075 CET | 443 | 49767 | 13.107.246.60 | 192.168.2.25 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 19:25:55.191966057 CET | 57641 | 53 | 192.168.2.25 | 1.1.1.1 |
| Mar 7, 2025 19:25:55.200107098 CET | 53 | 57641 | 1.1.1.1 | 192.168.2.25 |
| Mar 7, 2025 19:25:55.976248026 CET | 57641 | 53 | 192.168.2.25 | 1.1.1.1 |
| Mar 7, 2025 19:25:55.986182928 CET | 53 | 57641 | 1.1.1.1 | 192.168.2.25 |
| Mar 7, 2025 19:25:58.610868931 CET | 57641 | 53 | 192.168.2.25 | 1.1.1.1 |
| Mar 7, 2025 19:25:58.768487930 CET | 53 | 57641 | 1.1.1.1 | 192.168.2.25 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 19:25:55.191966057 CET | 192.168.2.25 | 1.1.1.1 | 0xb268 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 19:25:55.976248026 CET | 192.168.2.25 | 1.1.1.1 | 0x8c9d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 19:25:58.610868931 CET | 192.168.2.25 | 1.1.1.1 | 0x9f04 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 19:25:09.752347946 CET | 1.1.1.1 | 192.168.2.25 | 0xd0ea | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:09.752347946 CET | 1.1.1.1 | 192.168.2.25 | 0xd0ea | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:09.752347946 CET | 1.1.1.1 | 192.168.2.25 | 0xd0ea | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:12.572926044 CET | 1.1.1.1 | 192.168.2.25 | 0xe585 | No error (0) | 217.20.57.36 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:12.572926044 CET | 1.1.1.1 | 192.168.2.25 | 0xe585 | No error (0) | 217.20.57.20 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:12.572926044 CET | 1.1.1.1 | 192.168.2.25 | 0xe585 | No error (0) | 84.201.210.23 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:12.572926044 CET | 1.1.1.1 | 192.168.2.25 | 0xe585 | No error (0) | 84.201.210.39 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:12.572926044 CET | 1.1.1.1 | 192.168.2.25 | 0xe585 | No error (0) | 217.20.57.35 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:12.572926044 CET | 1.1.1.1 | 192.168.2.25 | 0xe585 | No error (0) | 217.20.57.19 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:27.366147995 CET | 1.1.1.1 | 192.168.2.25 | 0x1c77 | No error (0) | 217.20.57.36 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:27.366147995 CET | 1.1.1.1 | 192.168.2.25 | 0x1c77 | No error (0) | 217.20.57.20 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:27.366147995 CET | 1.1.1.1 | 192.168.2.25 | 0x1c77 | No error (0) | 84.201.210.23 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:27.366147995 CET | 1.1.1.1 | 192.168.2.25 | 0x1c77 | No error (0) | 217.20.57.19 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:27.366147995 CET | 1.1.1.1 | 192.168.2.25 | 0x1c77 | No error (0) | 84.201.210.39 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:27.366147995 CET | 1.1.1.1 | 192.168.2.25 | 0x1c77 | No error (0) | 217.20.57.35 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:55.200107098 CET | 1.1.1.1 | 192.168.2.25 | 0xb268 | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:55.200107098 CET | 1.1.1.1 | 192.168.2.25 | 0xb268 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:55.200107098 CET | 1.1.1.1 | 192.168.2.25 | 0xb268 | No error (0) | shed.dual-low.s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:55.200107098 CET | 1.1.1.1 | 192.168.2.25 | 0xb268 | No error (0) | s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:55.200107098 CET | 1.1.1.1 | 192.168.2.25 | 0xb268 | No error (0) | 13.107.246.60 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:55.986182928 CET | 1.1.1.1 | 192.168.2.25 | 0x8c9d | No error (0) | 104.26.0.139 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:55.986182928 CET | 1.1.1.1 | 192.168.2.25 | 0x8c9d | No error (0) | 104.26.1.139 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:55.986182928 CET | 1.1.1.1 | 192.168.2.25 | 0x8c9d | No error (0) | 172.67.68.60 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:25:58.768487930 CET | 1.1.1.1 | 192.168.2.25 | 0x9f04 | No error (0) | 5.161.200.29 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:26:11.233671904 CET | 1.1.1.1 | 192.168.2.25 | 0x4f65 | No error (0) | a726.dscd.akamai.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:26:11.233671904 CET | 1.1.1.1 | 192.168.2.25 | 0x4f65 | No error (0) | 2.19.11.111 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:26:11.233671904 CET | 1.1.1.1 | 192.168.2.25 | 0x4f65 | No error (0) | 2.19.11.98 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:26:13.944972992 CET | 1.1.1.1 | 192.168.2.25 | 0x958 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:26:13.944972992 CET | 1.1.1.1 | 192.168.2.25 | 0x958 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:26:27.659466982 CET | 1.1.1.1 | 192.168.2.25 | 0x2961 | No error (0) | a726.dscd.akamai.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:26:27.659466982 CET | 1.1.1.1 | 192.168.2.25 | 0x2961 | No error (0) | 2.19.11.111 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:26:27.659466982 CET | 1.1.1.1 | 192.168.2.25 | 0x2961 | No error (0) | 2.19.11.98 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:26:47.816586971 CET | 1.1.1.1 | 192.168.2.25 | 0xfc5e | No error (0) | a726.dscd.akamai.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:26:47.816586971 CET | 1.1.1.1 | 192.168.2.25 | 0xfc5e | No error (0) | 2.19.11.111 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:26:47.816586971 CET | 1.1.1.1 | 192.168.2.25 | 0xfc5e | No error (0) | 2.19.11.98 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.25 | 49761 | 104.26.0.139 | 443 | 7640 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:25:57 UTC | 271 | OUT | |
| 2025-03-07 18:25:58 UTC | 1047 | IN | |
| 2025-03-07 18:25:58 UTC | 45 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 1 | 192.168.2.25 | 49760 | 13.107.246.60 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:25:58 UTC | 222 | OUT | |
| 2025-03-07 18:25:58 UTC | 492 | IN | |
| 2025-03-07 18:25:58 UTC | 15892 | IN | |
| 2025-03-07 18:25:58 UTC | 16384 | IN | |
| 2025-03-07 18:25:58 UTC | 16384 | IN | |
| 2025-03-07 18:25:58 UTC | 16384 | IN | |
| 2025-03-07 18:25:59 UTC | 16384 | IN | |
| 2025-03-07 18:25:59 UTC | 16384 | IN | |
| 2025-03-07 18:25:59 UTC | 16384 | IN | |
| 2025-03-07 18:25:59 UTC | 16384 | IN | |
| 2025-03-07 18:25:59 UTC | 16384 | IN | |
| 2025-03-07 18:25:59 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.25 | 49762 | 5.161.200.29 | 443 | 7640 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:26:01 UTC | 212 | OUT | |
| 2025-03-07 18:26:01 UTC | 397 | IN | |
| 2025-03-07 18:26:01 UTC | 38 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 3 | 192.168.2.25 | 49764 | 13.107.246.60 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:26:02 UTC | 199 | OUT | |
| 2025-03-07 18:26:02 UTC | 491 | IN | |
| 2025-03-07 18:26:02 UTC | 204 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 4 | 192.168.2.25 | 49763 | 13.107.246.60 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:26:02 UTC | 199 | OUT | |
| 2025-03-07 18:26:03 UTC | 515 | IN | |
| 2025-03-07 18:26:03 UTC | 2231 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.25 | 49765 | 5.161.200.29 | 443 | 7640 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:26:03 UTC | 208 | OUT | |
| 2025-03-07 18:26:04 UTC | 454 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.25 | 49767 | 13.107.246.60 | 443 | 7640 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:26:14 UTC | 215 | OUT | |
| 2025-03-07 18:26:15 UTC | 515 | IN | |
| 2025-03-07 18:26:15 UTC | 2781 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.25 | 49768 | 13.107.246.60 | 443 | 7640 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:26:14 UTC | 214 | OUT | |
| 2025-03-07 18:26:15 UTC | 491 | IN | |
| 2025-03-07 18:26:15 UTC | 461 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 13:25:03 |
| Start date: | 07/03/2025 |
| Path: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6c9560000 |
| File size: | 70'082'712 bytes |
| MD5 hash: | F9F7B6C42211B06E7AC3E4B60AA8FB77 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | false |
| Target ID: | 10 |
| Start time: | 13:26:05 |
| Start date: | 07/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff689090000 |
| File size: | 192'512 bytes |
| MD5 hash: | AF4A7EBF6114EE9E6FBCC910EC3C96E6 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | false |
| Target ID: | 19 |
| Start time: | 13:26:30 |
| Start date: | 07/03/2025 |
| Path: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6c9560000 |
| File size: | 70'082'712 bytes |
| MD5 hash: | F9F7B6C42211B06E7AC3E4B60AA8FB77 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet1" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet2" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet3" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "ThisWorkbook" |
| 2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |