Edit tour
Windows
Analysis Report
PO-ARJ-2025-15ACA.xla.xlsx
Overview
General Information
| Sample name: | PO-ARJ-2025-15ACA.xla.xlsx |
| Analysis ID: | 1639278 |
| MD5: | 9d0c7d82a1c18e1006e6075584652e83 |
| SHA1: | 68f97d343b3419df1b2d25c50c0d72d6af4fd59e |
| SHA256: | 34954100e490a77310918573e56868e651855b54ddb0cc0dd334f55e8e195f14 |
| Tags: | xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 60 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Excel sheet contains many unusual embedded objects
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 7940 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
splwow64.exe (PID: 4576 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 6556 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\P O-ARJ-2025 -15ACA.xla .xlsx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-15T08:55:54.980783+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49741 | 13.107.246.60 | 443 | TCP |
| 2025-03-15T08:56:01.127852+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49742 | 13.107.246.60 | 443 | TCP |
| 2025-03-15T08:56:01.169962+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49743 | 13.107.246.60 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | Memory has grown: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD003296A9/\x1Ole' : | ||
| Source: | Stream path 'MBD003296A9/\x1Ole' : | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD003296A8/MBD00320C7F/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Stream path 'MBD003296A8/MBD00320C7F/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Extra Window Memory Injection | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 44% | Virustotal | Browse | ||
| 39% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 | ||
| 100% | Avira | W97M/AVI.Agent.ziexl |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| s-0005.dual-s-msedge.net | 52.123.129.14 | true | false | high | |
| s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | high | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false |
| unknown | |
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 198.12.89.24 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
| 13.107.246.60 | s-part-0032.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1639278 |
| Start date and time: | 2025-03-15 08:53:48 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 55s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 16 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | PO-ARJ-2025-15ACA.xla.xlsx |
| Detection: | MAL |
| Classification: | mal60.winXLSX@4/8@1/2 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, BackgroundTransferHost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.109.89.19, 23.60.203.209, 104.208.16.90, 52.109.28.46, 20.189.173.26, 52.123.129.14, 20.190.160.5, 4.245.163.56, 20.223.36.55, 150.171.28.10, 184.86.251.22
- Excluded domains from analysis (whitelisted): onedscolprdwus19.westus.cloudapp.azure.com, slscr.update.microsoft.com, weu-azsc-000.roaming.officeapps.live.com, g.bing.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, arc.msn.com, mobile.events.data.microsoft.com, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, dual-s-0005-office.config.skype.com, login.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, www.bing.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, onedscolprdcus14.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, config.officeapps.live.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.event
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 03:55:48 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 198.12.89.24 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cobalt Strike, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 13.107.246.60 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-part-0032.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AS-COLOCROSSINGUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer, Xmrig | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
⊘No context
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 784 |
| Entropy (8bit): | 2.7137690747287806 |
| Encrypted: | false |
| SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
| MD5: | 09F73B3902CD3D88E04312787956B654 |
| SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
| SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
| SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 172032 |
| Entropy (8bit): | 6.8296657662663725 |
| Encrypted: | false |
| SSDEEP: | 3072:T0N1c24C19q89NSG61NeNyqzVj62r5Oqtk3ss3:t6O8rSn6yqzV5r0qyss3 |
| MD5: | 606F3B87D72C98845743BACA71172F50 |
| SHA1: | 87AA9D26EFC12361D0CDD26186C80441CB5E698D |
| SHA-256: | 588EB39560786303C6F26E09B4D34FEA9A855851E1A72782CA63F706A5B820F1 |
| SHA-512: | 34A2FC5CE704B016A46657BF9295D04A9DCB42119BD1AF3317C98CED8D1DD1548C484ECFD60B07E566988A58F17A100765B0D689CA09FCE2300D65939B014921 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1071104 |
| Entropy (8bit): | 7.856683874642462 |
| Encrypted: | false |
| SSDEEP: | 24576:I0ZIDHtWjejsk4McukJIwgxIOXR8YhbBWvdp8tLUWBMDcm:VAaejH4MTkzguM8YkpwLUwhm |
| MD5: | 12104561585A0C0742ECEB179E98C628 |
| SHA1: | A0E4578582DC3F0F0A4FC42D1DD56B2DFF919E4D |
| SHA-256: | 437D08253CEFC311963085013A9F19EBAFAE77D9A99276E5D73FEC3555B96940 |
| SHA-512: | DDF3592CA771714E0D79C3F67F6E89ED7063D4E7CB03F8961BD54E5B3F24DCDF7258858AE643585C15DFA9B1968C064B43327F43235D7DB662E7A87E2B1981B5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1071104 |
| Entropy (8bit): | 7.856683874642462 |
| Encrypted: | false |
| SSDEEP: | 24576:I0ZIDHtWjejsk4McukJIwgxIOXR8YhbBWvdp8tLUWBMDcm:VAaejH4MTkzguM8YkpwLUwhm |
| MD5: | 12104561585A0C0742ECEB179E98C628 |
| SHA1: | A0E4578582DC3F0F0A4FC42D1DD56B2DFF919E4D |
| SHA-256: | 437D08253CEFC311963085013A9F19EBAFAE77D9A99276E5D73FEC3555B96940 |
| SHA-512: | DDF3592CA771714E0D79C3F67F6E89ED7063D4E7CB03F8961BD54E5B3F24DCDF7258858AE643585C15DFA9B1968C064B43327F43235D7DB662E7A87E2B1981B5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.5231029153786204 |
| Encrypted: | false |
| SSDEEP: | 3:sYp5lFltt:sYp5Nv |
| MD5: | B77267835A6BEAC785C351BDE8E1A61C |
| SHA1: | FABD93A92989535D43233E3DB9C6579D8174740E |
| SHA-256: | 3B222E766EADC8BC9A8A90AC32FA591F313545B7E8C5D481D378AE307FA798C3 |
| SHA-512: | FFFCBA958E9BD56F284DA19592F124C48B013FCDA2FBE65B3EB38BB644C2B0C978E6DAE99EF213B054813C7212E119B09236A6FFF342D32E52C84DD26DE1E033 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.83097068580852 |
| TrID: |
|
| File name: | PO-ARJ-2025-15ACA.xla.xlsx |
| File size: | 1'172'992 bytes |
| MD5: | 9d0c7d82a1c18e1006e6075584652e83 |
| SHA1: | 68f97d343b3419df1b2d25c50c0d72d6af4fd59e |
| SHA256: | 34954100e490a77310918573e56868e651855b54ddb0cc0dd334f55e8e195f14 |
| SHA512: | 27c408248899964717c7f99e7b5c0a7a1c54e1ba9e99d4f2810ca32b81830f1f42922fe90a2de261bc2490d92adf003868ba461b6afa40af9459cafec1544076 |
| SSDEEP: | 24576:VLA6DHtWjejsk4Mcu+JIwgxIOXR8YhbBWvdp8tLUWBMDcMI:iSaejH4MT+zguM8YkpwLUwhR |
| TLSH: | DC450294BFC05626DA1D03340FE38B1C5A15AEEA5795620F3235BE1D3EB6B3E0B72509 |
| File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-13 07:45:29 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a3 9f c8 b9 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . } . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a3 9f ec 7d 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a3 9f 8b 05 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . { . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a3 9f 7b a2 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.2920681057018664 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD003296A8/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD003296A8/\x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 296 |
| Entropy: | 3.2973193143624515 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . S h e e t 1 ! P r i n t _ A r e a . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 b7 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | MBD003296A8/\x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 31156 |
| Entropy: | 3.1876994904322484 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . y . . . . . . . . . . P . . . . . . . X . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K e n n y C h e u n g . . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . m . . . @ . . . . _ ~ . \\ S . @ . . . . . . . . . . . . G . . . x . . . . . . . . 0 . . . . . . . . . . T < . . . . . . . . . . . . . . & . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 84 79 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 70 00 00 00 12 00 00 00 80 00 00 00 0b 00 00 00 98 00 00 00 0c 00 00 00 a4 00 00 00 0d 00 00 00 b0 00 00 00 13 00 00 00 bc 00 00 00 11 00 00 00 c4 00 00 00 |
General | |
| Stream Path: | MBD003296A8/MBD00320C7F/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.219515110876372 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD003296A8/MBD00320C7F/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 613686 |
| Entropy: | 7.989056691241232 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . . X . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 1a 58 13 82 c0 01 00 00 90 07 00 00 13 00 bb 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 b7 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD003296A8/MBD00321A49/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.219515110876372 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD003296A8/MBD00321A49/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 13665 |
| Entropy: | 7.1661074658165225 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . . ~ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 c8 9d a8 db 7e 01 00 00 85 05 00 00 13 00 cf 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 cb 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD003296A8/Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 392615 |
| Entropy: | 7.73377528201003 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . h : . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
General | |
| Stream Path: | MBD003296A9/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 600 |
| Entropy: | 4.504542341869483 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . I . d J . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . : . / . / . 1 . 9 . 8 . . . 1 . 2 . . . 8 . 9 . . . 2 . 4 . / . x . a . m . p . p . / . k . v . r . m . o . t . / . k . v . r . m . / . g . r . e . a . t . c . o . m . e . b . a . c . k . d . o . i . n . g . f . o . r . e . v . e . r . w . i . t . h . g . r . e . a . t . . . h . t . a . . . } . c 2 k ~ . ; Y . . M . P ~ # . . . . . . . . . . . . . . . . : . . . j . u . l . 8 . i . m . Q . H . R . N . L . i . 4 . k . 6 . a . g . |
| Data Raw: | 01 00 00 02 87 fd 49 10 64 b2 87 4a 00 00 00 00 00 00 00 00 00 00 00 00 be 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b ba 00 00 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 31 00 39 00 38 00 2e 00 31 00 32 00 2e 00 38 00 39 00 2e 00 32 00 34 00 2f 00 78 00 61 00 6d 00 70 00 70 00 2f 00 6b 00 76 00 72 00 6d 00 6f 00 74 00 2f 00 6b 00 76 00 72 00 6d 00 2f 00 67 00 72 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 96277 |
| Entropy: | 7.991704392584178 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . . . u & . . . . # : t . * D J ] 6 [ . . | . . . . . . . . . . . . . . \\ . p . . F . A . F U L L . . . L C . . C 6 | . . D G . @ + . ~ ) u . . . v ] O . - / l ) R 0 0 . - y S f ` . B . . . e a . . . 1 . . . = . . . . J Y . . . . . k . ` . . . . e | . . . . . . . . . . . . . . . W . . . ? . . . K = . . . A z B s . . < @ . . . . H . . . " . . . Y G . . . . 5 w . . . 3 . . . 1 . . . . _ p ; + . & 2 . { 4 + I M . v . 1 . . . . u . 7 . . . I $ } . a . . 2 & 1 |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 c4 a8 d8 a3 75 26 1e d4 aa c5 da 0a 10 f7 9b 23 9e c0 84 9a c1 3a 74 b7 9c ff d2 b1 2a 44 4a 5d 36 ed e6 5b c8 e7 c1 02 0e ac 7c bc a7 e6 83 a9 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 90 c0 e2 00 00 00 5c 00 70 00 04 46 ee c0 1a 41 c6 bd 46 9b 55 b9 4c ce 4c ae f0 05 1f a3 04 4c e8 43 1d ff |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 519 |
| Entropy: | 5.218667437949908 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { A B 1 6 6 2 D 3 - 8 1 F 4 - 4 C E 6 - 9 1 2 E - 3 7 2 5 6 2 5 2 2 6 4 5 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 0 0 0 2 9 C 9 A A 0 9 A A 0 9 A A |
| Data Raw: | 49 44 3d 22 7b 41 42 31 36 36 32 44 33 2d 38 31 46 34 2d 34 43 45 36 2d 39 31 32 45 2d 33 37 32 35 36 32 35 32 32 36 34 35 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 4.000719438931664 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.375463798458224 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . U . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 55 1b ea 69 12 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-15T08:55:54.980783+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49741 | 13.107.246.60 | 443 | TCP |
| 2025-03-15T08:56:01.127852+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49742 | 13.107.246.60 | 443 | TCP |
| 2025-03-15T08:56:01.169962+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49743 | 13.107.246.60 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 15, 2025 08:55:38.612169027 CET | 49738 | 80 | 192.168.2.5 | 198.12.89.24 |
| Mar 15, 2025 08:55:38.619734049 CET | 80 | 49738 | 198.12.89.24 | 192.168.2.5 |
| Mar 15, 2025 08:55:38.620271921 CET | 49738 | 80 | 192.168.2.5 | 198.12.89.24 |
| Mar 15, 2025 08:55:38.620389938 CET | 49738 | 80 | 192.168.2.5 | 198.12.89.24 |
| Mar 15, 2025 08:55:38.627839088 CET | 80 | 49738 | 198.12.89.24 | 192.168.2.5 |
| Mar 15, 2025 08:55:39.105843067 CET | 80 | 49738 | 198.12.89.24 | 192.168.2.5 |
| Mar 15, 2025 08:55:39.106306076 CET | 49738 | 80 | 192.168.2.5 | 198.12.89.24 |
| Mar 15, 2025 08:55:44.097230911 CET | 80 | 49738 | 198.12.89.24 | 192.168.2.5 |
| Mar 15, 2025 08:55:44.097342968 CET | 49738 | 80 | 192.168.2.5 | 198.12.89.24 |
| Mar 15, 2025 08:55:54.238423109 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:54.238477945 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:54.238569021 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:54.238945961 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:54.238960028 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:54.980721951 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:54.980782986 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:54.982223988 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:54.982237101 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:54.982486010 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:54.983669043 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.028317928 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.085833073 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.085856915 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.085871935 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.085911036 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.085941076 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.085956097 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.086132050 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.168165922 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.168189049 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.168229103 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.168241978 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.168267012 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.168292999 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.170054913 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.170073032 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.170110941 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.170118093 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.170145988 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.170161963 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.255217075 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.255243063 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.255299091 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.255310059 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.255565882 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.256014109 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.256042004 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.256069899 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.256076097 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.256115913 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.256115913 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.257936001 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.257961988 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.258025885 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.258025885 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.258033037 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.258243084 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.258636951 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.258662939 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.258714914 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.258714914 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.258722067 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.258811951 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.342900991 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.342928886 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.342998028 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.342998028 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.343008995 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.343197107 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.343677044 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.343696117 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.343770027 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.343770027 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.343779087 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.343887091 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.345041990 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.345062017 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.345124006 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.345124006 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.345132113 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.345310926 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.346240044 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.346266985 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.346318007 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.346318007 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.346323967 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.346430063 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.346502066 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.346517086 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.346554995 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.346560955 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.346612930 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.346612930 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.348088980 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.348112106 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.348150015 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.348156929 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.348180056 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.348207951 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.348922968 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.348939896 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.348995924 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.349005938 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.349173069 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.429045916 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.429073095 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.429167986 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.429168940 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.429183006 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.429769039 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.429790020 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.429852962 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.429856062 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.429857016 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.429866076 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.429886103 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.429924965 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.429924965 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.429935932 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.430553913 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.430578947 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.430644035 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.430644035 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.430653095 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.431291103 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.431307077 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.431381941 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.431382895 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.431391001 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.434761047 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.434786081 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.434871912 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.434871912 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.434881926 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.434894085 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.434909105 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.434947968 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.434954882 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.435103893 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.435601950 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.435621023 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.435662031 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.435671091 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.435703993 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.484169960 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.516495943 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.516531944 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.516565084 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.516571999 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.516592979 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.516614914 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.516644001 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.516652107 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.516669035 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.516690016 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.517201900 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.517220020 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.517277002 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.517285109 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.517294884 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.517399073 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.517775059 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.517798901 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.517837048 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.517846107 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.517868996 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.517889023 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.518069029 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.518085957 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.518141985 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.518141985 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.518151999 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.518337011 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.518836975 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.518852949 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.518923998 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.518937111 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.518949032 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.518961906 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.518969059 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.518978119 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.519013882 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.519035101 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.519035101 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.519042969 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.519087076 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.519087076 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.519087076 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.519102097 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.519119978 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.519162893 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.519162893 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.519171000 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.519345045 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.602554083 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.602607965 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.602631092 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.602659941 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.602695942 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.602746010 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.602766991 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.602798939 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.602829933 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.602837086 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.602874994 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.602906942 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.602917910 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.602943897 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.602972031 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.602978945 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.603019953 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.603019953 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.603267908 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.603291988 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.603343964 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.603353977 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.603374958 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.603410006 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.603499889 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.603542089 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.603598118 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.603598118 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.603605986 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.603684902 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.603893042 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.603944063 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.603976011 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.603984118 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.604017019 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.604017019 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.604093075 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.604118109 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.604156017 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.604161978 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.604214907 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.604255915 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.604497910 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.604518890 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.604561090 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.604572058 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.605006933 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.689291954 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.689337969 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.689389944 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.689424038 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.689439058 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.689481974 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.689516068 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.689569950 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.689569950 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.689580917 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.689663887 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.689740896 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.689757109 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.689834118 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.689841032 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.689934969 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.690026999 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.690046072 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.690107107 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.690115929 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.690212965 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.690236092 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.690251112 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.690306902 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.690314054 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.690357924 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.690357924 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.690633059 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.690653086 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.690702915 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.690711975 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.690745115 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.690745115 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.690975904 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.690999031 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.691061974 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.691068888 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.691174030 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.691185951 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.691205978 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.691287994 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.691296101 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.691418886 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.776292086 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.776324987 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.776387930 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.776418924 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.776438951 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.776473045 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.776506901 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.776520967 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.776527882 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.776563883 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.776684046 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.776699066 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.776755095 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.776763916 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.777112007 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.777131081 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.777153015 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.777262926 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.777297020 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.777307987 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.777334929 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.777348042 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.777585030 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.777600050 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.777688026 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.777698040 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.777904987 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.777928114 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.778002024 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.778012037 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.778175116 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.778192043 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.778239965 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.778249025 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.778263092 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.827841997 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.863986015 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864006996 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864080906 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.864080906 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.864115953 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864167929 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864171982 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.864181995 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864207983 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864232063 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.864239931 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864270926 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.864284992 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.864337921 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864353895 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864398956 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.864404917 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864444017 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.864459991 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.864478111 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864495993 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864536047 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.864542007 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864577055 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.864617109 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864635944 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864742994 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.864753008 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864871025 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864886045 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864964962 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.864972115 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.864995956 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.865022898 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.865066051 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.865072966 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.865082979 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.865114927 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.865241051 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.865257978 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.865317106 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.865317106 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.865324020 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.865482092 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.950586081 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.950611115 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.950666904 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.950678110 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.950687885 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.950750113 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.950769901 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.950809956 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.950818062 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.950833082 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.950987101 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.951091051 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.951107979 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.951148033 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.951153994 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.951193094 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.951283932 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.951411963 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.951428890 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.951497078 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.951503992 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.951531887 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.951606989 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.951729059 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.951742887 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.951826096 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.951832056 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.951859951 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.951932907 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.951958895 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.952023029 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.952023029 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.952039003 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.952055931 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.952070951 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.952193975 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.952320099 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.952320099 CET | 49741 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:55:55.952336073 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:55:55.952343941 CET | 443 | 49741 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:00.492652893 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:00.492703915 CET | 443 | 49742 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:00.492774010 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:00.493227959 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:00.493243933 CET | 443 | 49742 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:00.494431973 CET | 49743 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:00.494465113 CET | 443 | 49743 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:00.494649887 CET | 49743 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:00.494800091 CET | 49743 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:00.494811058 CET | 443 | 49743 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.126184940 CET | 443 | 49742 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.127851963 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:01.127878904 CET | 443 | 49742 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.129139900 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:01.129147053 CET | 443 | 49742 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.169003010 CET | 443 | 49743 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.169961929 CET | 49743 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:01.169991016 CET | 443 | 49743 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.170828104 CET | 49743 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:01.170835972 CET | 443 | 49743 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.224802017 CET | 443 | 49742 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.224822044 CET | 443 | 49742 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.225249052 CET | 443 | 49742 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.225336075 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:01.227992058 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:01.228013039 CET | 443 | 49742 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.228024006 CET | 49742 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:01.228029966 CET | 443 | 49742 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.274621010 CET | 443 | 49743 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.274720907 CET | 443 | 49743 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.275059938 CET | 49743 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:01.275712967 CET | 49743 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:01.275733948 CET | 443 | 49743 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:01.275744915 CET | 49743 | 443 | 192.168.2.5 | 13.107.246.60 |
| Mar 15, 2025 08:56:01.275751114 CET | 443 | 49743 | 13.107.246.60 | 192.168.2.5 |
| Mar 15, 2025 08:56:37.797450066 CET | 49738 | 80 | 192.168.2.5 | 198.12.89.24 |
| Mar 15, 2025 08:56:37.802220106 CET | 80 | 49738 | 198.12.89.24 | 192.168.2.5 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 15, 2025 08:55:54.227648973 CET | 54292 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 15, 2025 08:55:54.237355947 CET | 53 | 54292 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 15, 2025 08:55:54.227648973 CET | 192.168.2.5 | 1.1.1.1 | 0xc65a | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 15, 2025 08:54:49.672856092 CET | 1.1.1.1 | 192.168.2.5 | 0xfd42 | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 15, 2025 08:54:49.672856092 CET | 1.1.1.1 | 192.168.2.5 | 0xfd42 | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 15, 2025 08:54:49.672856092 CET | 1.1.1.1 | 192.168.2.5 | 0xfd42 | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 15, 2025 08:55:54.237355947 CET | 1.1.1.1 | 192.168.2.5 | 0xc65a | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 15, 2025 08:55:54.237355947 CET | 1.1.1.1 | 192.168.2.5 | 0xc65a | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 15, 2025 08:55:54.237355947 CET | 1.1.1.1 | 192.168.2.5 | 0xc65a | No error (0) | shed.dual-low.s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 15, 2025 08:55:54.237355947 CET | 1.1.1.1 | 192.168.2.5 | 0xc65a | No error (0) | s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 15, 2025 08:55:54.237355947 CET | 1.1.1.1 | 192.168.2.5 | 0xc65a | No error (0) | 13.107.246.60 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49738 | 198.12.89.24 | 80 | 7940 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 15, 2025 08:55:38.620389938 CET | 246 | OUT | |
| Mar 15, 2025 08:55:39.105843067 CET | 539 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49741 | 13.107.246.60 | 443 | 7940 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-15 07:55:54 UTC | 226 | OUT | |
| 2025-03-15 07:55:55 UTC | 493 | IN | |
| 2025-03-15 07:55:55 UTC | 15891 | IN | |
| 2025-03-15 07:55:55 UTC | 16384 | IN | |
| 2025-03-15 07:55:55 UTC | 16384 | IN | |
| 2025-03-15 07:55:55 UTC | 16384 | IN | |
| 2025-03-15 07:55:55 UTC | 16384 | IN | |
| 2025-03-15 07:55:55 UTC | 16384 | IN | |
| 2025-03-15 07:55:55 UTC | 16384 | IN | |
| 2025-03-15 07:55:55 UTC | 16384 | IN | |
| 2025-03-15 07:55:55 UTC | 16384 | IN | |
| 2025-03-15 07:55:55 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49742 | 13.107.246.60 | 443 | 7940 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-15 07:56:01 UTC | 214 | OUT | |
| 2025-03-15 07:56:01 UTC | 494 | IN | |
| 2025-03-15 07:56:01 UTC | 2128 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 49743 | 13.107.246.60 | 443 | 7940 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-15 07:56:01 UTC | 214 | OUT | |
| 2025-03-15 07:56:01 UTC | 491 | IN | |
| 2025-03-15 07:56:01 UTC | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 03:54:44 |
| Start date: | 15/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x190000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 8 |
| Start time: | 03:55:48 |
| Start date: | 15/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7b4a30000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 11 |
| Start time: | 03:55:59 |
| Start date: | 15/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x190000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet1" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet2" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet3" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "ThisWorkbook" |
| 2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |