Edit tour
Windows
Analysis Report
PO-ARJ-2025-15ACA.xla.xlsx
Overview
General Information
| Sample name: | PO-ARJ-2025-15ACA.xla.xlsx |
| Analysis ID: | 1639278 |
| MD5: | 9d0c7d82a1c18e1006e6075584652e83 |
| SHA1: | 68f97d343b3419df1b2d25c50c0d72d6af4fd59e |
| SHA256: | 34954100e490a77310918573e56868e651855b54ddb0cc0dd334f55e8e195f14 |
| Tags: | xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 60 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Excel sheet contains many unusual embedded objects
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 7860 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
splwow64.exe (PID: 1860 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 5112 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\P O-ARJ-2025 -15ACA.xla .xlsx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-15T09:08:23.188920+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49732 | 13.107.246.60 | 443 | TCP |
| 2025-03-15T09:08:29.737992+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49735 | 13.107.246.60 | 443 | TCP |
| 2025-03-15T09:08:29.783652+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49734 | 13.107.246.60 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | Memory has grown: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD003296A9/\x1Ole' : | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD003296A8/MBD00320C7F/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Extra Window Memory Injection | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 44% | Virustotal | Browse | ||
| 39% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 | ||
| 100% | Avira | W97M/AVI.Agent.ziexl |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
| s-0005.dual-s-msedge.net | 52.123.128.14 | true | false | high | |
| s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | high | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false |
| unknown | |
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 198.12.89.24 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
| 13.107.246.60 | s-part-0032.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1639278 |
| Start date and time: | 2025-03-15 09:05:58 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 38s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Without Instrumentation |
| Number of analysed new started processes analysed: | 19 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | PO-ARJ-2025-15ACA.xla.xlsx |
| Detection: | MAL |
| Classification: | mal60.winXLSX@4/4@1/2 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.32.97, 23.60.203.209, 52.109.28.47, 199.232.214.172, 13.89.178.27, 23.199.214.10, 52.123.128.14, 40.126.32.68, 172.202.163.200
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, ocsp.digicert.com, login.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprdcus03.centralus.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, uks-azsc-000.roaming.officeapps.live.com, config.officeapps.live.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.ak
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 04:08:18 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 198.12.89.24 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cobalt Strike, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 13.107.246.60 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-part-0032.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | ScreenConnect Tool | Browse |
| ||
| Get hash | malicious | MicroClip | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AS-COLOCROSSINGUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 836 |
| Entropy (8bit): | 2.7151910322565733 |
| Encrypted: | false |
| SSDEEP: | 24:J3fIxk+vpKAk6ScvoGA8xpiOnAvJ5yoIHWK:h3+RfkpcvoGAYcvJ5LIHD |
| MD5: | 92A7E6E963E0E668F6585E8694F68380 |
| SHA1: | 9CFB8F0EA9A80C54FEBF664E2E8DA3A20C6F5DAE |
| SHA-256: | F09EE04026948847263A11CC3D3276A676246EF074A985681DBEF03D76801482 |
| SHA-512: | F3E94DC16458B4CE76A18D44360256A233CDF918A34FDB0AB3A85AF5FA3ADEB8B0BBB173CE658D8344939FE77AEB467C04D111A887424A65BA2833897DE3F4E2 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.4377382811115937 |
| Encrypted: | false |
| SSDEEP: | 3:KVC+cAmltV:KVC+cR |
| MD5: | 9C7132B2A8CABF27097749F4D8447635 |
| SHA1: | 71D7F78718A7AFC3EAB22ED395321F6CBE2F9899 |
| SHA-256: | 7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83 |
| SHA-512: | 333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.83097068580852 |
| TrID: |
|
| File name: | PO-ARJ-2025-15ACA.xla.xlsx |
| File size: | 1'172'992 bytes |
| MD5: | 9d0c7d82a1c18e1006e6075584652e83 |
| SHA1: | 68f97d343b3419df1b2d25c50c0d72d6af4fd59e |
| SHA256: | 34954100e490a77310918573e56868e651855b54ddb0cc0dd334f55e8e195f14 |
| SHA512: | 27c408248899964717c7f99e7b5c0a7a1c54e1ba9e99d4f2810ca32b81830f1f42922fe90a2de261bc2490d92adf003868ba461b6afa40af9459cafec1544076 |
| SSDEEP: | 24576:VLA6DHtWjejsk4Mcu+JIwgxIOXR8YhbBWvdp8tLUWBMDcMI:iSaejH4MT+zguM8YkpwLUwhR |
| TLSH: | DC450294BFC05626DA1D03340FE38B1C5A15AEEA5795620F3235BE1D3EB6B3E0B72509 |
| File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-13 07:45:29 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a3 9f c8 b9 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . } . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a3 9f ec 7d 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a3 9f 8b 05 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . { . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a3 9f 7b a2 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.2920681057018664 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD003296A8/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD003296A8/\x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 296 |
| Entropy: | 3.2973193143624515 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . S h e e t 1 ! P r i n t _ A r e a . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 b7 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | MBD003296A8/\x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 31156 |
| Entropy: | 3.1876994904322484 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . y . . . . . . . . . . P . . . . . . . X . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K e n n y C h e u n g . . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . m . . . @ . . . . _ ~ . \\ S . @ . . . . . . . . . . . . G . . . x . . . . . . . . 0 . . . . . . . . . . T < . . . . . . . . . . . . . . & . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 84 79 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 70 00 00 00 12 00 00 00 80 00 00 00 0b 00 00 00 98 00 00 00 0c 00 00 00 a4 00 00 00 0d 00 00 00 b0 00 00 00 13 00 00 00 bc 00 00 00 11 00 00 00 c4 00 00 00 |
General | |
| Stream Path: | MBD003296A8/MBD00320C7F/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.219515110876372 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD003296A8/MBD00320C7F/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 613686 |
| Entropy: | 7.989056691241232 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . . X . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 1a 58 13 82 c0 01 00 00 90 07 00 00 13 00 bb 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 b7 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD003296A8/MBD00321A49/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.219515110876372 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD003296A8/MBD00321A49/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 13665 |
| Entropy: | 7.1661074658165225 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . . ~ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 c8 9d a8 db 7e 01 00 00 85 05 00 00 13 00 cf 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 cb 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD003296A8/Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 392615 |
| Entropy: | 7.73377528201003 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . h : . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
General | |
| Stream Path: | MBD003296A9/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 600 |
| Entropy: | 4.504542341869483 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . I . d J . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . : . / . / . 1 . 9 . 8 . . . 1 . 2 . . . 8 . 9 . . . 2 . 4 . / . x . a . m . p . p . / . k . v . r . m . o . t . / . k . v . r . m . / . g . r . e . a . t . c . o . m . e . b . a . c . k . d . o . i . n . g . f . o . r . e . v . e . r . w . i . t . h . g . r . e . a . t . . . h . t . a . . . } . c 2 k ~ . ; Y . . M . P ~ # . . . . . . . . . . . . . . . . : . . . j . u . l . 8 . i . m . Q . H . R . N . L . i . 4 . k . 6 . a . g . |
| Data Raw: | 01 00 00 02 87 fd 49 10 64 b2 87 4a 00 00 00 00 00 00 00 00 00 00 00 00 be 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b ba 00 00 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 31 00 39 00 38 00 2e 00 31 00 32 00 2e 00 38 00 39 00 2e 00 32 00 34 00 2f 00 78 00 61 00 6d 00 70 00 70 00 2f 00 6b 00 76 00 72 00 6d 00 6f 00 74 00 2f 00 6b 00 76 00 72 00 6d 00 2f 00 67 00 72 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 96277 |
| Entropy: | 7.991704392584178 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . . . u & . . . . # : t . * D J ] 6 [ . . | . . . . . . . . . . . . . . \\ . p . . F . A . F U L L . . . L C . . C 6 | . . D G . @ + . ~ ) u . . . v ] O . - / l ) R 0 0 . - y S f ` . B . . . e a . . . 1 . . . = . . . . J Y . . . . . k . ` . . . . e | . . . . . . . . . . . . . . . W . . . ? . . . K = . . . A z B s . . < @ . . . . H . . . " . . . Y G . . . . 5 w . . . 3 . . . 1 . . . . _ p ; + . & 2 . { 4 + I M . v . 1 . . . . u . 7 . . . I $ } . a . . 2 & 1 |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 c4 a8 d8 a3 75 26 1e d4 aa c5 da 0a 10 f7 9b 23 9e c0 84 9a c1 3a 74 b7 9c ff d2 b1 2a 44 4a 5d 36 ed e6 5b c8 e7 c1 02 0e ac 7c bc a7 e6 83 a9 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 90 c0 e2 00 00 00 5c 00 70 00 04 46 ee c0 1a 41 c6 bd 46 9b 55 b9 4c ce 4c ae f0 05 1f a3 04 4c e8 43 1d ff |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 519 |
| Entropy: | 5.218667437949908 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { A B 1 6 6 2 D 3 - 8 1 F 4 - 4 C E 6 - 9 1 2 E - 3 7 2 5 6 2 5 2 2 6 4 5 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 0 0 0 2 9 C 9 A A 0 9 A A 0 9 A A |
| Data Raw: | 49 44 3d 22 7b 41 42 31 36 36 32 44 33 2d 38 31 46 34 2d 34 43 45 36 2d 39 31 32 45 2d 33 37 32 35 36 32 35 32 32 36 34 35 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 4.000719438931664 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.375463798458224 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . U . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 55 1b ea 69 12 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-15T09:08:23.188920+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49732 | 13.107.246.60 | 443 | TCP |
| 2025-03-15T09:08:29.737992+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49735 | 13.107.246.60 | 443 | TCP |
| 2025-03-15T09:08:29.783652+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49734 | 13.107.246.60 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 15, 2025 09:08:07.329216957 CET | 49729 | 80 | 192.168.2.4 | 198.12.89.24 |
| Mar 15, 2025 09:08:07.333942890 CET | 80 | 49729 | 198.12.89.24 | 192.168.2.4 |
| Mar 15, 2025 09:08:07.336731911 CET | 49729 | 80 | 192.168.2.4 | 198.12.89.24 |
| Mar 15, 2025 09:08:07.336937904 CET | 49729 | 80 | 192.168.2.4 | 198.12.89.24 |
| Mar 15, 2025 09:08:07.341701984 CET | 80 | 49729 | 198.12.89.24 | 192.168.2.4 |
| Mar 15, 2025 09:08:07.804723024 CET | 80 | 49729 | 198.12.89.24 | 192.168.2.4 |
| Mar 15, 2025 09:08:07.804847956 CET | 49729 | 80 | 192.168.2.4 | 198.12.89.24 |
| Mar 15, 2025 09:08:12.814197063 CET | 80 | 49729 | 198.12.89.24 | 192.168.2.4 |
| Mar 15, 2025 09:08:12.814270020 CET | 49729 | 80 | 192.168.2.4 | 198.12.89.24 |
| Mar 15, 2025 09:08:22.492908955 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:22.492948055 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:22.493066072 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:22.493459940 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:22.493473053 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.188730955 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.188920021 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.190766096 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.190788984 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.191076994 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.193684101 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.236331940 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.290680885 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.290704966 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.290719032 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.290788889 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.290790081 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.290808916 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.290869951 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.376214981 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.376241922 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.376302958 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.376326084 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.376339912 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.376507044 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.377666950 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.377682924 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.377743006 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.377767086 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.377787113 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.377928019 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.462610960 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.462630033 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.462713003 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.462747097 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.462789059 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.463499069 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.463515997 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.463593960 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.463608027 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.463754892 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.464270115 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.464287043 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.464334011 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.464349985 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.464574099 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.464963913 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.464977980 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.465034962 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.465049028 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.465066910 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.465140104 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.549566031 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.549592972 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.549640894 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.549664021 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.549674988 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.549706936 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.550164938 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.550185919 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.550246954 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.550256014 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.550457954 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.550484896 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.550514936 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.550522089 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.550550938 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.550570965 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.550647974 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.550668955 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.550717115 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.550717115 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.550724030 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.551012039 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.551156044 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.551170111 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.551217079 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.551223040 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.551395893 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.551642895 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.551657915 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.551698923 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.551704884 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.551745892 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.551745892 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.552126884 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.552139997 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.552185059 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.552191973 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.552247047 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.552325010 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.636805058 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.636840105 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.636871099 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.636900902 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.636914968 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.636933088 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.636951923 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.636969090 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.636975050 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.636996031 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.637017965 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.637042999 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.637212038 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.637227058 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.637269020 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.637275934 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.637293100 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.637298107 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.637320042 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.637365103 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.637365103 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.637372017 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.637439966 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.637551069 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.637566090 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.637605906 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.637612104 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.637638092 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.637881994 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.637887001 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.637892962 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.637928963 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.637969017 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.637978077 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.638029099 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.638283014 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.638299942 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.638350964 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.638359070 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.638370037 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.638569117 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.638609886 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.638624907 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.638689995 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.638695002 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.638756990 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.723598003 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.723629951 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.723681927 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.723705053 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.723717928 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.723731995 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.723742008 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.723752975 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.723761082 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.723781109 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.723819017 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.724354029 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.724376917 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.724432945 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.724438906 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.724498987 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.724519014 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.724549055 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.724555016 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.724576950 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.724596024 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.724683046 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.724699020 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.724730968 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.724736929 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.724750042 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.724883080 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.725183010 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.725207090 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.725236893 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.725241899 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.725265026 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.725277901 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.725347996 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.725364923 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.725394964 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.725399971 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.725434065 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.725447893 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.725465059 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.725481033 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.725512028 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.725517988 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.725542068 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.725554943 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.810082912 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.810117960 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.810175896 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.810193062 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.810211897 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.810220957 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.810333014 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.810348988 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.810394049 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.810400963 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.810513973 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.810606003 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.810621977 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.810669899 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.810676098 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.810759068 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.810869932 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.810884953 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.810933113 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.810939074 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.811021090 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.811398029 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.811415911 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.811460018 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.811465979 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.811517954 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.811531067 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.811547041 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.811597109 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.811602116 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.811678886 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.811948061 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.811964035 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.812016010 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.812021017 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.812105894 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.812443018 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.812464952 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.812505007 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.812510014 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.812549114 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.896935940 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.896961927 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.897002935 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.897013903 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.897030115 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.897044897 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.897389889 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.897404909 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.897454977 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.897460938 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.897485018 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.897495031 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.897547007 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.897562027 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.897598982 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.897604942 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.897624016 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.897640944 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.898333073 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.898346901 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.898411036 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.898416996 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.898490906 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.898509026 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.898544073 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.898550034 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.898569107 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.898574114 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.898583889 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.898590088 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.898612022 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.898616076 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.898637056 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.898641109 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.898664951 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.898691893 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.899055958 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.899070978 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.899118900 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.899125099 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.899164915 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.899184942 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.899219036 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.899225950 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.899251938 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.899262905 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.984075069 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.984097004 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.984139919 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.984148026 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.984174967 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.984224081 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.984344959 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.984359980 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.984397888 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.984405994 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.984469891 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.984491110 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.984524012 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.984530926 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.984540939 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.984566927 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.984883070 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.984903097 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.984961033 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.984966993 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.985002995 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.985025883 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.985246897 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.985268116 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.985301018 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.985306025 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.985337019 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.985409975 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.985456944 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.985472918 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.985516071 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.985522032 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.985538960 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.985558033 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.985939980 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.985955000 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.986011982 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.986017942 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.986042023 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.986068964 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.986155987 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.986172915 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.986205101 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.986211061 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:23.986222029 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:23.986247063 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.071007967 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.071026087 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.071084976 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.071099997 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.071147919 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.071240902 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.071255922 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.071295023 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.071302891 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.071348906 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.071419001 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.071436882 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.071475029 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.071480036 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.071736097 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.071780920 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.071798086 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.071835995 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.071841955 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.072146893 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.072150946 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.072160006 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.072187901 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.072212934 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.072221041 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.072231054 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.072258949 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.073008060 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.073024988 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.073065996 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.073074102 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.073126078 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.074388027 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.074404955 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.074443102 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.074449062 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.074489117 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.074531078 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.075154066 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.075176954 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.075217962 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.075237036 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.075319052 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.158009052 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.158032894 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.158080101 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.158092022 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.158121109 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.158150911 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.158386946 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.158404112 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.158449888 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.158457994 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.158555984 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.158556938 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.158569098 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.158592939 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.158597946 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.158613920 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.158617973 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.158642054 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.158669949 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.158742905 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.158759117 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.158787012 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.158792973 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.158818960 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.158835888 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.159015894 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.159032106 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.159066916 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.159073114 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.159100056 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.159110069 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.159941912 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.159972906 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.160001040 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.160007000 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.160037041 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.160060883 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.161068916 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.161150932 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.161199093 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.161226034 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.161237955 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.161237955 CET | 49732 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:24.161247969 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:24.161254883 CET | 443 | 49732 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.056768894 CET | 49734 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.056797981 CET | 443 | 49734 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.057447910 CET | 49734 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.059914112 CET | 49735 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.059947014 CET | 443 | 49735 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.060277939 CET | 49735 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.060616970 CET | 49734 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.060630083 CET | 443 | 49734 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.061273098 CET | 49735 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.061284065 CET | 443 | 49735 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.694494963 CET | 443 | 49735 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.735517025 CET | 443 | 49734 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.737992048 CET | 49735 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.783652067 CET | 49734 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.783653975 CET | 49735 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.783663034 CET | 443 | 49735 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.783663034 CET | 443 | 49734 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.784230947 CET | 49735 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.784235954 CET | 443 | 49735 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.785887957 CET | 49734 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.785892963 CET | 443 | 49734 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.880345106 CET | 443 | 49735 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.880404949 CET | 443 | 49735 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.880490065 CET | 49735 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.880742073 CET | 49735 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.880757093 CET | 443 | 49735 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.880765915 CET | 49735 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.880773067 CET | 443 | 49735 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.886096001 CET | 443 | 49734 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.886121988 CET | 443 | 49734 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.886169910 CET | 49734 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.886181116 CET | 443 | 49734 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.886296034 CET | 443 | 49734 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.886346102 CET | 49734 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.886862993 CET | 49734 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.886879921 CET | 443 | 49734 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:08:29.886888981 CET | 49734 | 443 | 192.168.2.4 | 13.107.246.60 |
| Mar 15, 2025 09:08:29.886894941 CET | 443 | 49734 | 13.107.246.60 | 192.168.2.4 |
| Mar 15, 2025 09:09:05.285116911 CET | 49729 | 80 | 192.168.2.4 | 198.12.89.24 |
| Mar 15, 2025 09:09:05.289863110 CET | 80 | 49729 | 198.12.89.24 | 192.168.2.4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 15, 2025 09:08:22.472992897 CET | 58447 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 15, 2025 09:08:22.491887093 CET | 53 | 58447 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 15, 2025 09:08:22.472992897 CET | 192.168.2.4 | 1.1.1.1 | 0x543a | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 15, 2025 09:07:17.132972002 CET | 1.1.1.1 | 192.168.2.4 | 0x2271 | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 15, 2025 09:07:17.132972002 CET | 1.1.1.1 | 192.168.2.4 | 0x2271 | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 15, 2025 09:07:17.132972002 CET | 1.1.1.1 | 192.168.2.4 | 0x2271 | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 15, 2025 09:07:18.457608938 CET | 1.1.1.1 | 192.168.2.4 | 0xb238 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 15, 2025 09:07:18.457608938 CET | 1.1.1.1 | 192.168.2.4 | 0xb238 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 15, 2025 09:08:22.491887093 CET | 1.1.1.1 | 192.168.2.4 | 0x543a | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 15, 2025 09:08:22.491887093 CET | 1.1.1.1 | 192.168.2.4 | 0x543a | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 15, 2025 09:08:22.491887093 CET | 1.1.1.1 | 192.168.2.4 | 0x543a | No error (0) | shed.dual-low.s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 15, 2025 09:08:22.491887093 CET | 1.1.1.1 | 192.168.2.4 | 0x543a | No error (0) | s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 15, 2025 09:08:22.491887093 CET | 1.1.1.1 | 192.168.2.4 | 0x543a | No error (0) | 13.107.246.60 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49729 | 198.12.89.24 | 80 | 7860 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 15, 2025 09:08:07.336937904 CET | 246 | OUT | |
| Mar 15, 2025 09:08:07.804723024 CET | 539 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49732 | 13.107.246.60 | 443 | 7860 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-15 08:08:23 UTC | 226 | OUT | |
| 2025-03-15 08:08:23 UTC | 472 | IN | |
| 2025-03-15 08:08:23 UTC | 15912 | IN | |
| 2025-03-15 08:08:23 UTC | 16384 | IN | |
| 2025-03-15 08:08:23 UTC | 16384 | IN | |
| 2025-03-15 08:08:23 UTC | 16384 | IN | |
| 2025-03-15 08:08:23 UTC | 16384 | IN | |
| 2025-03-15 08:08:23 UTC | 16384 | IN | |
| 2025-03-15 08:08:23 UTC | 16384 | IN | |
| 2025-03-15 08:08:23 UTC | 16384 | IN | |
| 2025-03-15 08:08:23 UTC | 16384 | IN | |
| 2025-03-15 08:08:23 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49735 | 13.107.246.60 | 443 | 7860 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-15 08:08:29 UTC | 214 | OUT | |
| 2025-03-15 08:08:29 UTC | 491 | IN | |
| 2025-03-15 08:08:29 UTC | 204 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49734 | 13.107.246.60 | 443 | 7860 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-15 08:08:29 UTC | 214 | OUT | |
| 2025-03-15 08:08:29 UTC | 494 | IN | |
| 2025-03-15 08:08:29 UTC | 2128 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 04:07:12 |
| Start date: | 15/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xa30000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 14 |
| Start time: | 04:08:18 |
| Start date: | 15/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff626c00000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 16 |
| Start time: | 04:08:26 |
| Start date: | 15/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xa30000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly