Edit tour
Windows
Analysis Report
Purchase Inquiry.xla.xlsx
Overview
General Information
| Sample name: | Purchase Inquiry.xla.xlsx |
| Analysis ID: | 1633348 |
| MD5: | c672b4eeec39f46454b43c1214ef293f |
| SHA1: | 2e706822d8e8f6250ff0d0dad46ce3886f71c08e |
| SHA256: | 081c752918d77ca90b7c46d538720c4a64b04593acd3d68f0ba9a5decbc99061 |
| Tags: | xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 56 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 7088 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
mshta.exe (PID: 2136 cmdline: C:\Windows \SysWOW64\ mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505) 
splwow64.exe (PID: 336 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 5324 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\P urchase In quiry.xla. xlsx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: | ||
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-10T09:13:39.805073+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49704 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:13:48.205241+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49706 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:13:48.227540+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49707 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:13:50.888269+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49709 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:13:50.976760+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49708 | 13.107.253.72 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Software Vulnerabilities | |
|---|
| Source: | Process created: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD004F96D3/\x1Ole' : | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD004F96D2/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 25% | Virustotal | Browse | ||
| 21% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| s-part-0044.t-0009.fb-t-msedge.net | 13.107.253.72 | true | false | high | |
| s-0005.dual-s-dc-msedge.net | 52.123.131.14 | true | false | high | |
| service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | 3.39.153.44 | true | false | unknown | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high | |
| link.saja.market | unknown | unknown | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false |
| unknown | |
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 198.23.187.151 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
| 13.107.253.72 | s-part-0044.t-0009.fb-t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 3.39.153.44 | service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | United States | 8987 | AMAZONEXPANSIONGB | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1633348 |
| Start date and time: | 2025-03-10 09:11:17 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 27s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 22 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Purchase Inquiry.xla.xlsx |
| Detection: | MAL |
| Classification: | mal56.expl.winXLSX@6/4@2/3 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, MavInject32.exe
- Excluded IPs from analysis (whitelisted): 52.109.89.18, 23.60.203.209, 52.109.89.19, 20.189.173.25, 52.109.28.46, 20.42.65.93, 52.149.20.212, 52.123.131.14, 20.190.160.131, 2.23.227.208, 2.23.227.202
- Excluded domains from analysis (whitelisted): onedscolprdeus20.eastus.cloudapp.azure.com, slscr.update.microsoft.com, weu-azsc-000.roaming.officeapps.live.com, weu-azsc-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, dual-s-0005-office.config.skype.com, login.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, www.bing.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, fe3cr.delivery.mp.microsoft.com, config.officeapps.live.com, e16604.f.akamaiedge.net, onedscolprdwus20.westus.cloudapp.azure.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanag
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 04:13:32 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 13.107.253.72 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mimikatz | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-0005.dual-s-dc-msedge.net | Get hash | malicious | unknown | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Mimikatz | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Hidden Macro 4.0 | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| s-part-0044.t-0009.fb-t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | KeyLogger, StormKitty, VenomRAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Microsoft Phishing | Browse |
| ||
| Get hash | malicious | Mimikatz | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AS-COLOCROSSINGUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cobalt Strike, FormBook | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| AMAZONEXPANSIONGB | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cobalt Strike, FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Amadey, GCleaner, LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
⊘No context
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 784 |
| Entropy (8bit): | 2.7137690747287806 |
| Encrypted: | false |
| SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
| MD5: | 09F73B3902CD3D88E04312787956B654 |
| SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
| SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
| SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.7769794087092887 |
| Encrypted: | false |
| SSDEEP: | 3:iXKG/4N+RMlW8td:iXlMlW8/ |
| MD5: | 37BD8218D560948827D3B948CAFA579C |
| SHA1: | 24347FB0A66F2DA8AD3BAB818E3C24977104E5DA |
| SHA-256: | 189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6 |
| SHA-512: | A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.9788139371410525 |
| TrID: |
|
| File name: | Purchase Inquiry.xla.xlsx |
| File size: | 1'199'616 bytes |
| MD5: | c672b4eeec39f46454b43c1214ef293f |
| SHA1: | 2e706822d8e8f6250ff0d0dad46ce3886f71c08e |
| SHA256: | 081c752918d77ca90b7c46d538720c4a64b04593acd3d68f0ba9a5decbc99061 |
| SHA512: | 80f9c1e0894327bca8f8d45de997a566027abe1a912c9b631426db0289b34708c4b450034dbfff914cc75c0ece9058dd40fb970b1436a191981bc8a6299a40d2 |
| SSDEEP: | 24576:wJIwgJIb3nOXYXKFlQB0Nu/KU+0hPCwTKrsJ39TdjndVOo:wzgG7O7Fl2OP66BrsJ39Tdbi |
| TLSH: | 9E4523D0BD847B06CF17023A5F9ED46E580BBE6F1688950B7634779A1232D7D81F223A |
| File Content Preview: | ........................>...............................................................................................................{.......}.............................................................................................................. |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-10 05:34:50 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a4 77 0e 8a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w , j . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a4 77 2c 6a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w = . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a4 77 e6 3d 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a4 77 da 90 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.226575879994164 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . c $ ~ . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD004F96D2/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD004F96D2/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 904446 |
| Entropy: | 7.992262426764061 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . h . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 d5 68 cd d7 f9 01 00 00 da 08 00 00 13 00 c4 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c0 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD004F96D3/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 756 |
| Entropy: | 5.21668721763852 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . Q . x . . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . l . i . n . k . . . s . a . j . a . . . m . a . r . k . e . t . / . q . h . F . d . y . e . U . k . n . z . ? . & . l . o . v . e . = . w . a . g . g . i . s . h . & . n . e . p . h . e . w . . . l . D ] j . D & } . Q n . : L R v . . C J 2 [ . . . J . . P . m . . w t L P ; p ~ . w F + 7 . . ! 1 { g _ @ . . . _ C j . , { & O | \\ f . % 2 d B } . . . . . . . . . . . . . . . . . . . . . I . V . B . r . h . y . |
| Data Raw: | 01 00 00 02 f7 ec da 0d 51 1b bf 78 00 00 00 00 00 00 00 00 00 00 00 00 02 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b fe 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6c 00 69 00 6e 00 6b 00 2e 00 73 00 61 00 6a 00 61 00 2e 00 6d 00 61 00 72 00 6b 00 65 00 74 00 2f 00 71 00 68 00 46 00 64 00 79 00 65 00 55 00 6b 00 6e 00 7a 00 3f 00 26 00 6c 00 6f 00 76 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 270887 |
| Entropy: | 7.998386624139689 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . m z . F @ . ; _ . h . . 0 . . 8 d % . . . + e { / m | . . . . . . . . . . . . . . \\ . p . . 3 7 t . . U w g < } I . . i 6 R J h 5 F , - L 9 . o ? * + @ Y C . K A W H x a V X . . 6 B = / g . . B 1 b N . . . m z B . . . # a . . . . . . . = . . . ~ = _ . . . . . 1 . ^ % r . . . . . . . . w S . . . . 7 . . . . . . . { . . . . o = . . . S ) . N < - * . . @ . . . K . . . . E " . . . . . . . . . . . . . . W 1 . . . I _ s ' f . " H V . . 1 . . . . z u r y . |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 6d b5 c6 7a 16 46 b3 a9 40 93 1e d1 3b 5f 02 9a 68 1c 06 85 30 0b 00 b4 38 64 f8 25 b7 8f e4 bf e8 f2 09 c0 f8 cf 16 0b 2b bc 65 ff 7b 2f 6d 7c 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 d4 98 e2 00 00 00 5c 00 70 00 9d f2 13 95 82 33 37 d9 74 bc 04 85 ca d3 9d 8b bc 92 fc de cb c0 84 55 77 f9 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 531 |
| Entropy: | 5.20073532122586 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { A 1 C 2 C C 0 0 - E 7 E 6 - 4 A E A - A B 7 6 - A F 3 A 0 A 6 7 5 B 0 8 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 3 6 3 4 2 5 C B 3 D D B C D D F C |
| Data Raw: | 49 44 3d 22 7b 41 31 43 32 43 43 30 30 2d 45 37 45 36 2d 34 41 45 41 2d 41 42 37 36 2d 41 46 33 41 30 41 36 37 35 42 30 38 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.980477309748237 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.356512508349015 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . # . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 23 08 e6 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-10T09:13:39.805073+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49704 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:13:48.205241+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49706 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:13:48.227540+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49707 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:13:50.888269+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49709 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:13:50.976760+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49708 | 13.107.253.72 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 10, 2025 09:13:21.652290106 CET | 49700 | 443 | 192.168.2.7 | 3.39.153.44 |
| Mar 10, 2025 09:13:21.652338028 CET | 443 | 49700 | 3.39.153.44 | 192.168.2.7 |
| Mar 10, 2025 09:13:21.652410984 CET | 49700 | 443 | 192.168.2.7 | 3.39.153.44 |
| Mar 10, 2025 09:13:21.652719021 CET | 49700 | 443 | 192.168.2.7 | 3.39.153.44 |
| Mar 10, 2025 09:13:21.652736902 CET | 443 | 49700 | 3.39.153.44 | 192.168.2.7 |
| Mar 10, 2025 09:13:24.214797020 CET | 443 | 49700 | 3.39.153.44 | 192.168.2.7 |
| Mar 10, 2025 09:13:24.214873075 CET | 49700 | 443 | 192.168.2.7 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.218827963 CET | 49700 | 443 | 192.168.2.7 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.218836069 CET | 443 | 49700 | 3.39.153.44 | 192.168.2.7 |
| Mar 10, 2025 09:13:24.219086885 CET | 443 | 49700 | 3.39.153.44 | 192.168.2.7 |
| Mar 10, 2025 09:13:24.219218969 CET | 49700 | 443 | 192.168.2.7 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.219686031 CET | 49700 | 443 | 192.168.2.7 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.260330915 CET | 443 | 49700 | 3.39.153.44 | 192.168.2.7 |
| Mar 10, 2025 09:13:24.760257959 CET | 443 | 49700 | 3.39.153.44 | 192.168.2.7 |
| Mar 10, 2025 09:13:24.760369062 CET | 443 | 49700 | 3.39.153.44 | 192.168.2.7 |
| Mar 10, 2025 09:13:24.760481119 CET | 49700 | 443 | 192.168.2.7 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.761049032 CET | 49700 | 443 | 192.168.2.7 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.764611006 CET | 49700 | 443 | 192.168.2.7 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.764653921 CET | 443 | 49700 | 3.39.153.44 | 192.168.2.7 |
| Mar 10, 2025 09:13:24.768268108 CET | 49702 | 80 | 192.168.2.7 | 198.23.187.151 |
| Mar 10, 2025 09:13:24.773344994 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:24.773556948 CET | 49702 | 80 | 192.168.2.7 | 198.23.187.151 |
| Mar 10, 2025 09:13:24.773556948 CET | 49702 | 80 | 192.168.2.7 | 198.23.187.151 |
| Mar 10, 2025 09:13:24.778574944 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.276870966 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.276885033 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.277031898 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.277044058 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.277043104 CET | 49702 | 80 | 192.168.2.7 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.277054071 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.277062893 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.277072906 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.277084112 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.277091026 CET | 49702 | 80 | 192.168.2.7 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.277093887 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.277103901 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.277112961 CET | 49702 | 80 | 192.168.2.7 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.277184010 CET | 49702 | 80 | 192.168.2.7 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.285687923 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.285701036 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.285712004 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.285761118 CET | 49702 | 80 | 192.168.2.7 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.285878897 CET | 49702 | 80 | 192.168.2.7 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.363637924 CET | 80 | 49702 | 198.23.187.151 | 192.168.2.7 |
| Mar 10, 2025 09:13:25.363737106 CET | 49702 | 80 | 192.168.2.7 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.532649994 CET | 49702 | 80 | 192.168.2.7 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.532819986 CET | 49702 | 80 | 192.168.2.7 | 198.23.187.151 |
| Mar 10, 2025 09:13:37.757530928 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:37.757580996 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:37.757654905 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:37.758141994 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:37.758162975 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:39.804989100 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:39.805073023 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:39.807946920 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:39.807964087 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:39.808222055 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:39.815634966 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:39.860333920 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.295557976 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.295583963 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.295605898 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.295676947 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.295691967 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.295762062 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.295773983 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.376688957 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.376713991 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.376797915 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.376817942 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.376827955 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.376986980 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.407505989 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.407526970 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.407761097 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.407761097 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.407773972 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.407916069 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.453453064 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.453476906 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.453644037 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.453658104 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.454387903 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.478460073 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.478478909 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.478583097 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.478604078 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.478888035 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.497587919 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.497607946 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.497709036 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.497709036 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.497721910 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.498105049 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.520232916 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.520261049 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.520332098 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.520344019 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.520531893 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.547969103 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.547992945 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.548080921 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.548098087 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.548295975 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.557076931 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.557106972 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.557194948 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.557210922 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.557229042 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.557401896 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.571783066 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.571805000 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.571855068 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.571867943 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.571958065 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.583324909 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.583345890 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.583494902 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.583504915 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.583679914 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.594769001 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.594786882 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.594857931 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.594870090 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.595073938 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.619579077 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.619602919 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.619671106 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.619684935 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.619728088 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.619728088 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.627692938 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.627711058 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.627780914 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.627799988 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.627819061 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.627898932 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.674654007 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.674679995 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.674783945 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.674798965 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.674890041 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.681307077 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.681324959 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.681431055 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.681442976 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.681730986 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.704641104 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.704667091 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.704736948 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.704749107 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.704850912 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.704850912 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.710639000 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.710665941 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.710767984 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.710779905 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.710947990 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.715128899 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.715153933 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.715248108 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.715248108 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.715265989 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.715346098 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.720730066 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.720746994 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.720804930 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.720815897 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.720877886 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.720877886 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.731762886 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.731791019 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.731863022 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.731899977 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.731899977 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.731918097 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.732003927 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.768066883 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.768093109 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.768197060 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.768197060 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.768213034 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.773155928 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.773179054 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.773252964 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.773252964 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.773276091 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.794634104 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.794651985 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.794821024 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.794842958 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.798559904 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.798582077 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.798676968 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.798676968 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.798693895 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.805619001 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.805644035 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.805733919 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.805742979 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.811491966 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.811517000 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.811562061 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.811572075 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.811609030 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.815393925 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.815409899 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.815507889 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.815507889 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.815519094 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.820705891 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.820724964 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.820782900 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.820801020 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.820811987 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.860872030 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.860894918 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.860958099 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.860980988 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.861021042 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.866117954 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.866137981 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.866255999 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.866255999 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.866276026 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.888190985 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.888216019 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.888276100 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.888290882 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.888322115 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.892662048 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.892680883 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.892952919 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.892952919 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.892965078 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.898699999 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.898720026 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.898844957 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.898858070 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.904045105 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.904067039 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.904141903 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.904155970 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.904192924 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.909398079 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.909415960 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.909560919 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.909576893 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.914511919 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.914530039 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.914630890 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.914649963 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.956219912 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.956240892 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.956324100 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.956340075 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.956350088 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.960223913 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.960242987 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.960323095 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.960345030 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.960365057 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.985172033 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.985189915 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.985449076 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.985467911 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.988100052 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.988126993 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.988245010 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.988245010 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.988260984 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.992634058 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.992649078 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:40.992727041 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.992746115 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.000762939 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.000782013 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.000819921 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.000832081 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.000880003 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.006453037 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.006468058 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.006572962 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.006584883 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.011718988 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.011745930 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.011795044 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.011806965 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.011832952 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.051862001 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.051882982 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.051944971 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.051959991 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.051992893 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.060172081 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.060193062 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.060276031 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.060291052 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.079668045 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.079684973 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.079750061 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.079766035 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.084273100 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.084294081 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.084525108 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.084525108 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.084553003 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.088443995 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.088458061 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.088506937 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.088515997 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.088557959 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.095480919 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.095499039 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.095552921 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.095565081 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.095593929 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.100622892 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.100636959 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.100733042 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.100733042 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.100747108 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.105842113 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.105880976 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.105945110 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.105954885 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.106070042 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.146033049 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.146051884 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.146136045 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.146151066 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.156685114 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.156708002 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.156794071 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.156809092 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.173243999 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.173265934 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.173459053 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.173475981 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.177741051 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.177762032 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.177802086 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.177824020 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.177947998 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.183459044 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.183475971 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.183517933 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.183533907 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.183568001 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.189472914 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.189493895 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.189532995 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.189548969 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.189696074 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.194183111 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.194207907 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.194441080 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.194454908 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.199985027 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.200005054 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.200117111 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.200117111 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.200129032 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.239800930 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.239828110 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.240334988 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.240365028 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.250623941 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.250657082 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.250705004 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.250718117 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.250895023 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.264195919 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.264218092 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.264338017 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.264338017 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.264353037 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.268388987 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.268409967 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.268570900 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.268570900 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.268584013 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.274297953 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.274313927 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.274626017 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.274638891 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.279861927 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.279882908 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.280025005 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.280025005 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.280036926 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.284185886 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:41.284636974 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.284636974 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.284636974 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.594221115 CET | 49704 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.594245911 CET | 443 | 49704 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:46.194590092 CET | 49706 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:46.194629908 CET | 443 | 49706 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:46.194703102 CET | 49706 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:46.194787979 CET | 49707 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:46.194834948 CET | 443 | 49707 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:46.194960117 CET | 49707 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:46.195023060 CET | 49706 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:46.195045948 CET | 443 | 49706 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:46.195765972 CET | 49707 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:46.195794106 CET | 443 | 49707 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.204514980 CET | 443 | 49706 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.205240965 CET | 49706 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.205260992 CET | 443 | 49706 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.206361055 CET | 49706 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.206367016 CET | 443 | 49706 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.226932049 CET | 443 | 49707 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.227540016 CET | 49707 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.227559090 CET | 443 | 49707 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.228969097 CET | 49707 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.228974104 CET | 443 | 49707 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.800518990 CET | 443 | 49706 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.803256035 CET | 443 | 49706 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.803303957 CET | 49706 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.825098991 CET | 443 | 49707 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.825129032 CET | 443 | 49707 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.825190067 CET | 49707 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.825206041 CET | 443 | 49707 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.825248957 CET | 443 | 49707 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.825294971 CET | 49707 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.847234964 CET | 49706 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.847259998 CET | 443 | 49706 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.847271919 CET | 49706 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.847279072 CET | 443 | 49706 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.855309010 CET | 49707 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.855333090 CET | 443 | 49707 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.855344057 CET | 49707 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.855350971 CET | 443 | 49707 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.867810011 CET | 49708 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.867832899 CET | 443 | 49708 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.867928028 CET | 49708 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.868365049 CET | 49708 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.868385077 CET | 443 | 49708 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.869757891 CET | 49709 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.869791031 CET | 443 | 49709 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:48.869851112 CET | 49709 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.870038986 CET | 49709 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.870055914 CET | 443 | 49709 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:50.888206005 CET | 443 | 49709 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:50.888268948 CET | 49709 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:50.889693022 CET | 49709 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:50.889703035 CET | 443 | 49709 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:50.889911890 CET | 443 | 49709 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:50.891402006 CET | 49709 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:50.932323933 CET | 443 | 49709 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:50.976636887 CET | 443 | 49708 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:50.976759911 CET | 49708 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:50.977988005 CET | 49708 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:50.978001118 CET | 443 | 49708 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:50.978271008 CET | 443 | 49708 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:50.980206966 CET | 49708 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:51.020330906 CET | 443 | 49708 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:51.340208054 CET | 443 | 49709 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:51.340260029 CET | 443 | 49709 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:51.340352058 CET | 49709 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:51.340684891 CET | 49709 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:51.340701103 CET | 443 | 49709 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:51.340712070 CET | 49709 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:51.340717077 CET | 443 | 49709 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:51.436269999 CET | 443 | 49708 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:51.436289072 CET | 443 | 49708 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:51.436371088 CET | 443 | 49708 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:51.436372042 CET | 49708 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:51.436417103 CET | 49708 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:51.436750889 CET | 49708 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:51.436750889 CET | 49708 | 443 | 192.168.2.7 | 13.107.253.72 |
| Mar 10, 2025 09:13:51.436769962 CET | 443 | 49708 | 13.107.253.72 | 192.168.2.7 |
| Mar 10, 2025 09:13:51.436778069 CET | 443 | 49708 | 13.107.253.72 | 192.168.2.7 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 10, 2025 09:13:21.612929106 CET | 59656 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 10, 2025 09:13:21.651396036 CET | 53 | 59656 | 1.1.1.1 | 192.168.2.7 |
| Mar 10, 2025 09:13:37.739823103 CET | 50161 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 10, 2025 09:13:37.749355078 CET | 53 | 50161 | 1.1.1.1 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 10, 2025 09:13:21.612929106 CET | 192.168.2.7 | 1.1.1.1 | 0x1298 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 10, 2025 09:13:37.739823103 CET | 192.168.2.7 | 1.1.1.1 | 0xd24e | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 10, 2025 09:12:35.098664045 CET | 1.1.1.1 | 192.168.2.7 | 0x56e | No error (0) | shed.s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:12:35.098664045 CET | 1.1.1.1 | 192.168.2.7 | 0x56e | No error (0) | s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:12:35.098664045 CET | 1.1.1.1 | 192.168.2.7 | 0x56e | No error (0) | 52.123.131.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:12:35.098664045 CET | 1.1.1.1 | 192.168.2.7 | 0x56e | No error (0) | 52.123.130.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:21.651396036 CET | 1.1.1.1 | 192.168.2.7 | 0x1298 | No error (0) | istio.saja.market | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:21.651396036 CET | 1.1.1.1 | 192.168.2.7 | 0x1298 | No error (0) | service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:21.651396036 CET | 1.1.1.1 | 192.168.2.7 | 0x1298 | No error (0) | 3.39.153.44 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:21.651396036 CET | 1.1.1.1 | 192.168.2.7 | 0x1298 | No error (0) | 3.39.89.152 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:37.749355078 CET | 1.1.1.1 | 192.168.2.7 | 0xd24e | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:37.749355078 CET | 1.1.1.1 | 192.168.2.7 | 0xd24e | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:37.749355078 CET | 1.1.1.1 | 192.168.2.7 | 0xd24e | No error (0) | shed.dual-low.s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:37.749355078 CET | 1.1.1.1 | 192.168.2.7 | 0xd24e | No error (0) | azurefd-t-fb-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:37.749355078 CET | 1.1.1.1 | 192.168.2.7 | 0xd24e | No error (0) | dual.s-part-0044.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:37.749355078 CET | 1.1.1.1 | 192.168.2.7 | 0xd24e | No error (0) | s-part-0044.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:37.749355078 CET | 1.1.1.1 | 192.168.2.7 | 0xd24e | No error (0) | 13.107.253.72 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49702 | 198.23.187.151 | 80 | 7088 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 10, 2025 09:13:24.773556948 CET | 248 | OUT | |
| Mar 10, 2025 09:13:25.276870966 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.276885033 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.277031898 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.277044058 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.277054071 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.277062893 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.277072906 CET | 776 | IN | |
| Mar 10, 2025 09:13:25.277084112 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.277093887 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.277103901 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.285687923 CET | 1236 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49700 | 3.39.153.44 | 443 | 7088 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:13:24 UTC | 225 | OUT | |
| 2025-03-10 08:13:24 UTC | 515 | IN | |
| 2025-03-10 08:13:24 UTC | 100 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49704 | 13.107.253.72 | 443 | 7088 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:13:39 UTC | 226 | OUT | |
| 2025-03-10 08:13:40 UTC | 493 | IN | |
| 2025-03-10 08:13:40 UTC | 15891 | IN | |
| 2025-03-10 08:13:40 UTC | 16384 | IN | |
| 2025-03-10 08:13:40 UTC | 16384 | IN | |
| 2025-03-10 08:13:40 UTC | 16384 | IN | |
| 2025-03-10 08:13:40 UTC | 16384 | IN | |
| 2025-03-10 08:13:40 UTC | 16384 | IN | |
| 2025-03-10 08:13:40 UTC | 16384 | IN | |
| 2025-03-10 08:13:40 UTC | 16384 | IN | |
| 2025-03-10 08:13:40 UTC | 16384 | IN | |
| 2025-03-10 08:13:40 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49706 | 13.107.253.72 | 443 | 7088 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:13:48 UTC | 214 | OUT | |
| 2025-03-10 08:13:48 UTC | 471 | IN | |
| 2025-03-10 08:13:48 UTC | 204 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 49707 | 13.107.253.72 | 443 | 7088 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:13:48 UTC | 214 | OUT | |
| 2025-03-10 08:13:48 UTC | 495 | IN | |
| 2025-03-10 08:13:48 UTC | 2128 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.7 | 49709 | 13.107.253.72 | 443 | 5324 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:13:50 UTC | 214 | OUT | |
| 2025-03-10 08:13:51 UTC | 491 | IN | |
| 2025-03-10 08:13:51 UTC | 204 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.7 | 49708 | 13.107.253.72 | 443 | 5324 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:13:50 UTC | 214 | OUT | |
| 2025-03-10 08:13:51 UTC | 494 | IN | |
| 2025-03-10 08:13:51 UTC | 2128 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 04:12:23 |
| Start date: | 10/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x670000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 14 |
| Start time: | 04:13:24 |
| Start date: | 10/03/2025 |
| Path: | C:\Windows\SysWOW64\mshta.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xae0000 |
| File size: | 13'312 bytes |
| MD5 hash: | 06B02D5C097C7DB1F109749C45F3F505 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 16 |
| Start time: | 04:13:32 |
| Start date: | 10/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff63ea20000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 18 |
| Start time: | 04:13:42 |
| Start date: | 10/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x670000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet1" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet2" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet3" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "ThisWorkbook" |
| 2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |