Windows
Analysis Report
PURCHASE ORDER 5172025.xla.xlsx
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w11x64_office
EXCEL.EXE (PID: 8128 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Root\ Office16\E XCEL.EXE" /automatio n -Embeddi ng MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77) splwow64.exe (PID: 8164 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 4C1F48431A4C5DE7841216C32CD98C46)
appidpolicyconverter.exe (PID: 2180 cmdline:
"C:\Window s\system32 \appidpoli cyconverte r.exe" MD5: 6567D9CF2545FAAC60974D9D682700D4) conhost.exe (PID: 3756 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 9698384842DA735D80D278A427A229AB)
EXCEL.EXE (PID: 6620 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Root\ Office16\E XCEL.EXE" "C:\Users\ user\Deskt op\PURCHAS E ORDER 51 72025.xla. xlsx" MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)
- cleanup
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Directory created: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Memory has grown: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | OLE indicator, VBA macros: |
Source: | Stream path 'MBD00A6776F/\x1Ole' : |
Source: | Window title found: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Directory created: | Jump to behavior |
Source: | Static file information: |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'MBD00A6776E/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Source: | Window / User API: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 3 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Extra Window Memory Injection | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | Virustotal | Browse | ||
22% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
s-part-0012.t-0009.t-msedge.net | 13.107.246.40 | true | false | high | |
host1.emobility.energy | 162.19.137.157 | true | false | high | |
a726.dscd.akamai.net | 23.44.136.151 | true | false | high | |
s-0005.dual-s-msedge.net | 52.123.129.14 | true | false | high | |
otelrules.svc.static.microsoft | unknown | unknown | false | high | |
t.emobility.energy | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.246.40 | s-part-0012.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
162.19.137.157 | host1.emobility.energy | United States | 209 | CENTURYLINK-US-LEGACY-QWESTUS | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1648273 |
Start date and time: | 2025-03-25 17:49:09 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 23 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | PURCHASE ORDER 5172025.xla.xlsx |
Detection: | MAL |
Classification: | mal48.winXLSX@6/9@2/2 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, SIHCli ent.exe, appidcertstorecheck.e xe, conhost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 52.109.6.53, 52.10 9.4.7, 52.109.13.127, 52.168.1 17.175, 52.109.8.89, 52.168.11 7.168, 172.202.163.200, 52.123 .129.14, 20.190.135.16, 184.31 .69.3, 20.42.73.28, 23.44.136. 151, 23.44.136.179 - Excluded domains from analysis
(whitelisted): us1.odcsm1.liv e.com.akadns.net, odc.officeap ps.live.com, slscr.update.micr osoft.com, res-1.cdn.office.ne t, cus-config.officeapps.live. com, mobile.events.data.micros oft.com, roaming.officeapps.li ve.com, dual-s-0005-office.con fig.skype.com, login.live.com, eus2-azsc-config.officeapps.l ive.com, officeclient.microsof t.com, osiprod-eus2-bronze-azs c-000.eastus2.cloudapp.azure.c om, c.pki.goog, assets.msn.com , ecs.office.com, fs.microsoft .com, eus-azsc-000.roaming.off iceapps.live.com, prod.configs vc1.live.com.akadns.net, uci.c dn.office.net, ctldl.windowsup date.com, onedscolprdeus19.eas tus.cloudapp.azure.com, prod.r oaming1.live.com.akadns.net, r es-stls-prod.edgesuite.net, fe 3cr.delivery.mp.microsoft.com, us1.roaming1.live.com.akadns. net, eus2-azsc-000.odc.officea pps.live.com, res-prod.traffic manager.net, config.officeapps .live.com, us.configsvc1.live. com.akadns.net, onedscolprdeus 07.eastus.cloudapp.azure.com, ecs.office.trafficmanager.net, res.cdn.office.net, prod.odcs m1.l - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Report size getting too big, t
oo many NtSetValueKey calls fo und.
Time | Type | Description |
---|---|---|
12:51:17 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.246.40 | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
162.19.137.157 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AnarchyGrabber, AsyncRAT, DBatLoader, Discord Token Stealer, FritzFrog, HawkEye, Lokibot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
host1.emobility.energy | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
a726.dscd.akamai.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
s-part-0012.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CENTURYLINK-US-LEGACY-QWESTUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
258a5a1e95b8a911872bae9081526644 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 118 |
Entropy (8bit): | 3.5700810731231707 |
Encrypted: | false |
SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
MD5: | 573220372DA4ED487441611079B623CD |
SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 8.112143835430977E-5 |
Encrypted: | false |
SSDEEP: | 3:Tuekk9NJtHFfs1XsExe/t:qeVJ8 |
MD5: | AFDEAC461EEC32D754D8E6017E845D21 |
SHA1: | 5D0874C19B70638A0737696AEEE55BFCC80D7ED8 |
SHA-256: | 3A96B02F6A09F6A6FAC2A44A5842FF9AEB17EB4D633E48ABF6ADDF6FB447C7E2 |
SHA-512: | CAB6B8F9FFDBD80210F42219BAC8F1124D6C0B6995C5128995F7F48CED8EF0F2159EA06A2CD09B1FDCD409719F94A7DB437C708D3B1FDA01FDC80141A4595FC7 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 71 |
Entropy (8bit): | 4.3462513114457515 |
Encrypted: | false |
SSDEEP: | 3:Tuekk9NJtHFfs1XsExen:qeVJ8u |
MD5: | 8F4510F128F81A8BAF2A345D00F7E30C |
SHA1: | 8C711E6C484881ECDC83B6BDAC41C7A19EDE9C37 |
SHA-256: | 15AA8B35FC5F139EF0B0FBC641CAA862AED19674625B81D1DC63467BC0AAFED9 |
SHA-512: | 78695E5E2337703757903B8452E31A98F860022B04972651212C3004FEBE29017380A8BCA9FCCFD935DE00D8BD73AA556C30A3CEA5FC76E7ADF7E7763D68E78F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.21642373320021804 |
Encrypted: | false |
SSDEEP: | 1536:/RxNgYuqWKjSPXs7NqTf10YhElCCyjj4wT8W2Fs7v2i1/2vmcnyzJtoO+PTgEjXk:f+XLd0YnCyDR0W288B9ZBr7 |
MD5: | FF4F8E88E02001D667DB23A6E7EEA175 |
SHA1: | F94E4AF746849E075F9AD23F36080B14169C04B3 |
SHA-256: | 76319F389920E2A78041ED938CAB9390E21C3B4A6056362ABE7147AC07F9B459 |
SHA-512: | D0CE7FC9F89BB7BA4E0DAD97B47DF859CABEC3F30DBF850349D9E84DB7CBC12CDC0662CE6C375BE05CC07621DE39369B2214E65487091F920E951B0D5105D081 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 261360 |
Entropy (8bit): | 5.150946418525623 |
Encrypted: | false |
SSDEEP: | 1536:+yjmk2lqze636Nouywz+7qZkIt0jbmTKdYtHMd347btcZkb3N9FDDBukbcxdgsM5:NSkr6NOwz4gp99ZBr7LvJ |
MD5: | C9366DF5AC8EB603F9336596ECD03F34 |
SHA1: | CD1D64283F94C067813C86910348BED2D88EB2FF |
SHA-256: | AC8416C2DEACE647FED00ADA1E2CFB032DC20BFF5A0CDA1830CBA02D55FE7BE2 |
SHA-512: | EB9276268D882A7D9344231A5D9BAFE367A9D17651F433BA31BF704713BBED1A8DD2D1C31B656E930AD68E8FD14DA7464DD9151D30A2389421B4D5B07B1F3B2C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:ZaFuMulv:ZaFutv |
MD5: | FBC4AD8A314E46493E8D3E9CABCCC98F |
SHA1: | 2B63B4CE7BDDE94EE0340E9F889E9DD51F7CF5F1 |
SHA-256: | 7A3B16347DDDFCB28958C144FD51FFFC60301893AA3327708F698771F628FBD7 |
SHA-512: | 7D570241B7B9DD20B443BF3CE2CFB1989A603DAB40ED33ED440D6AB5486E68898A622041280D60F41CF450B1E07F465F7DE1C416493EECE5E31AA2577A3C91B3 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.982615142561084 |
TrID: |
|
File name: | PURCHASE ORDER 5172025.xla.xlsx |
File size: | 1'268'224 bytes |
MD5: | e79caec024d0abddc288e30c2c974945 |
SHA1: | 2e56b64b76874ae950f7d71b115fff184e0b33f3 |
SHA256: | fb12a393e8260ef0e83bb670f86e19ce598b14bb9bbb8f90d27b573a310180f5 |
SHA512: | b4870c6be966a5c016f5a16d911bfb792c43a6f1c78b8cfe34bf989e01479ed4b845dfd9d356303985063988d8f18524cfe65abe08d68ffd851fdbb927bb2267 |
SSDEEP: | 24576:YN/dT0Hr47PD4UTqRgJ+pn0M9cWNVDfrsnlf:YNFTs4DD4hg00MtDDTM1 |
TLSH: | 694523A87BC1CFA6C5FB55FD48A6A9154006FCC0A26B97477241B7CE7530378838B68B |
File Content Preview: | ........................>...................................v...................................................................................y.......{...................................................................................................... |
Icon Hash: | 35e58a8c0c8a85b9 |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2025-03-25 10:25:39 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 bd e1 ca 7f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 bd e1 e5 40 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 bd e1 69 15 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . t 1 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 bd e1 74 31 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.2603503175049817 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . S . A p . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD00A6776E/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 99 |
Entropy: | 3.631242196770981 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00A6776E/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 1099154 |
Entropy: | 7.995034746087403 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . w 1 . . . . j . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 77 31 d5 0e e3 01 00 00 6a 08 00 00 13 00 cd 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c9 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00A6776F/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 494 |
Entropy: | 5.845279778686223 |
Base64 Encoded: | False |
Data ASCII: | . . . . H . . . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . t . . . e . m . o . b . i . l . i . t . y . . . e . n . e . r . g . y . / . k . q . Q . 8 . b . I . . . i 2 h A $ . 9 v . M . | " | . ^ } . . . 2 . . p 4 1 = M [ z T E ^ ~ I i . - = . A X ' ` . . r G | p . B ' $ G * z F v . \\ x w Y Y n B Z X " ] \\ H . l $ W J d , W | J . S A / g } . ] . . . . . . . . . . . . . . . . . . . Z . D . L . b . T . 8 . c . a . d . B . E . l . R . x . 8 . V . v . N . 0 . Y . M . s . R . |
Data Raw: | 01 00 00 02 8f 48 a6 20 03 b0 a1 13 00 00 00 00 00 00 00 00 00 00 00 00 f6 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b f2 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 74 00 2e 00 65 00 6d 00 6f 00 62 00 69 00 6c 00 69 00 74 00 79 00 2e 00 65 00 6e 00 65 00 72 00 67 00 79 00 2f 00 6b 00 71 00 51 00 38 00 62 00 49 00 00 00 69 df 32 68 8c dc 41 24 13 39 fb 76 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 144844 |
Entropy: | 7.99545252584344 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . . ; / @ ] ; ] X . . . 2 z u : Z 6 . : . ~ . : @ D o . * E . ~ } . . . . . . . . . . . U . . . \\ . p . . W g b O . l N f y I . : ~ . . . U 6 . p ; Z z " N 3 j ] > . ` , . 4 . 0 . # ^ . F v ! . g e b e V q . T o . . C h G B . . . a . . . " . . . = . . . . x . . . n Y : . . ; o . j . . . . . . . . . . . y a . . . . w . . . . . . . = . . . X ^ . . ? O 5 . i G @ . . . . . . . } " . . . L r . . . . . . . r . . . A 1 . . . w R ? ( Y " G j k r . . > . e . 1 . |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 18 3b 2f 40 f2 5d 3b 5d 58 d7 9a 01 ef cf 85 ec 32 7a af 75 3a 5a e4 f3 36 d5 a5 3a 1d 7e 7f 3a 84 40 ac 44 6f 0e 2a 9a 20 45 f5 dc 9a 7e 7d 12 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 55 b0 e2 00 00 00 5c 00 70 00 aa b5 e6 a6 b9 f0 57 67 62 94 4f 1b ba 6c 4e d1 cb d8 66 f9 e2 79 b6 a0 49 d8 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 531 |
Entropy: | 5.22065657326829 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 1 2 F 7 0 6 2 C - 6 A 4 9 - 4 1 0 5 - B F D 6 - F 4 8 3 3 1 8 3 3 3 5 E } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " C 7 C 5 6 C A 4 9 4 A C 6 C B 0 6 |
Data Raw: | 49 44 3d 22 7b 31 32 46 37 30 36 32 43 2d 36 41 34 39 2d 34 31 30 35 2d 42 46 44 36 2d 46 34 38 33 33 31 38 33 33 33 35 45 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2644 |
Entropy: | 3.989996811732665 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.357006260243376 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . S . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 53 12 fa 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Download Network PCAP: filtered – full
- Total Packets: 46
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 25, 2025 17:51:09.285326958 CET | 49723 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:09.285372019 CET | 443 | 49723 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:09.285501003 CET | 49723 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:09.286550999 CET | 49723 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:09.286569118 CET | 443 | 49723 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:09.680623055 CET | 443 | 49723 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:09.680818081 CET | 49723 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:09.686080933 CET | 49723 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:09.686088085 CET | 443 | 49723 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:09.687295914 CET | 443 | 49723 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:09.687374115 CET | 49723 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:09.688914061 CET | 49723 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:09.689302921 CET | 443 | 49723 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:09.689507961 CET | 49723 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:09.689516068 CET | 443 | 49723 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:09.689694881 CET | 49723 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:09.690588951 CET | 49723 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:09.732275009 CET | 443 | 49723 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.077702999 CET | 443 | 49723 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.077790022 CET | 443 | 49723 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.077903986 CET | 49723 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.084120035 CET | 49723 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.084135056 CET | 443 | 49723 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.086297989 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.086319923 CET | 443 | 49724 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.086477041 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.087414980 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.087425947 CET | 443 | 49724 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.462282896 CET | 443 | 49724 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.462791920 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.463980913 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.463985920 CET | 443 | 49724 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.464361906 CET | 443 | 49724 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.464431047 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.466022015 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.466090918 CET | 443 | 49724 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.466140032 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.466140032 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.512280941 CET | 443 | 49724 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.843539000 CET | 443 | 49724 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.843574047 CET | 443 | 49724 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.843647003 CET | 443 | 49724 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.843717098 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.843717098 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.854444027 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.854444027 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:10.854465008 CET | 443 | 49724 | 162.19.137.157 | 192.168.2.27 |
Mar 25, 2025 17:51:10.854578018 CET | 49724 | 443 | 192.168.2.27 | 162.19.137.157 |
Mar 25, 2025 17:51:24.760730028 CET | 49730 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:24.760795116 CET | 443 | 49730 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:24.760869026 CET | 49730 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:24.760935068 CET | 49731 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:24.760983944 CET | 443 | 49731 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:24.761128902 CET | 49731 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:24.761284113 CET | 49730 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:24.761300087 CET | 443 | 49730 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:24.761528015 CET | 49731 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:24.761550903 CET | 443 | 49731 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.069134951 CET | 443 | 49731 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.069225073 CET | 49731 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:25.070225000 CET | 443 | 49730 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.070297956 CET | 49730 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:25.073126078 CET | 49731 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:25.073137999 CET | 443 | 49731 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.073260069 CET | 49730 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:25.073271036 CET | 443 | 49730 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.073441029 CET | 443 | 49731 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.073549032 CET | 443 | 49730 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.084428072 CET | 49731 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:25.084455967 CET | 49730 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:25.128262997 CET | 443 | 49731 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.128278971 CET | 443 | 49730 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.261396885 CET | 443 | 49731 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.261604071 CET | 443 | 49731 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.261764050 CET | 49731 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:25.262283087 CET | 49731 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:25.262305021 CET | 443 | 49731 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.262315035 CET | 49731 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:25.262320995 CET | 443 | 49731 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.294441938 CET | 443 | 49730 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.294460058 CET | 443 | 49730 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.294512987 CET | 443 | 49730 | 13.107.246.40 | 192.168.2.27 |
Mar 25, 2025 17:51:25.294560909 CET | 49730 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:25.294586897 CET | 49730 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:25.294868946 CET | 49730 | 443 | 192.168.2.27 | 13.107.246.40 |
Mar 25, 2025 17:51:25.294889927 CET | 443 | 49730 | 13.107.246.40 | 192.168.2.27 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 25, 2025 17:51:09.132519960 CET | 59737 | 53 | 192.168.2.27 | 1.1.1.1 |
Mar 25, 2025 17:51:09.284486055 CET | 53 | 59737 | 1.1.1.1 | 192.168.2.27 |
Mar 25, 2025 17:51:24.603542089 CET | 59737 | 53 | 192.168.2.27 | 1.1.1.1 |
Mar 25, 2025 17:51:24.759725094 CET | 53 | 59737 | 1.1.1.1 | 192.168.2.27 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 25, 2025 17:51:09.132519960 CET | 192.168.2.27 | 1.1.1.1 | 0x6df5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 25, 2025 17:51:24.603542089 CET | 192.168.2.27 | 1.1.1.1 | 0xba2c | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 25, 2025 17:50:22.220992088 CET | 1.1.1.1 | 192.168.2.27 | 0x45aa | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 17:50:22.220992088 CET | 1.1.1.1 | 192.168.2.27 | 0x45aa | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:50:22.220992088 CET | 1.1.1.1 | 192.168.2.27 | 0x45aa | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:09.284486055 CET | 1.1.1.1 | 192.168.2.27 | 0x6df5 | No error (0) | host1.emobility.energy | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:09.284486055 CET | 1.1.1.1 | 192.168.2.27 | 0x6df5 | No error (0) | 162.19.137.157 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:20.438862085 CET | 1.1.1.1 | 192.168.2.27 | 0xbb69 | No error (0) | a726.dscd.akamai.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:20.438862085 CET | 1.1.1.1 | 192.168.2.27 | 0xbb69 | No error (0) | 23.44.136.151 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:20.438862085 CET | 1.1.1.1 | 192.168.2.27 | 0xbb69 | No error (0) | 23.44.136.161 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:20.438862085 CET | 1.1.1.1 | 192.168.2.27 | 0xbb69 | No error (0) | 23.44.136.159 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:20.438862085 CET | 1.1.1.1 | 192.168.2.27 | 0xbb69 | No error (0) | 23.44.136.155 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:20.438862085 CET | 1.1.1.1 | 192.168.2.27 | 0xbb69 | No error (0) | 23.44.136.152 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:20.438862085 CET | 1.1.1.1 | 192.168.2.27 | 0xbb69 | No error (0) | 23.44.136.147 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:20.438862085 CET | 1.1.1.1 | 192.168.2.27 | 0xbb69 | No error (0) | 23.44.136.156 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:20.438862085 CET | 1.1.1.1 | 192.168.2.27 | 0xbb69 | No error (0) | 23.44.136.150 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:20.438862085 CET | 1.1.1.1 | 192.168.2.27 | 0xbb69 | No error (0) | 23.44.136.157 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:24.759725094 CET | 1.1.1.1 | 192.168.2.27 | 0xba2c | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:24.759725094 CET | 1.1.1.1 | 192.168.2.27 | 0xba2c | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:24.759725094 CET | 1.1.1.1 | 192.168.2.27 | 0xba2c | No error (0) | shed.dual-low.s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:24.759725094 CET | 1.1.1.1 | 192.168.2.27 | 0xba2c | No error (0) | s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:24.759725094 CET | 1.1.1.1 | 192.168.2.27 | 0xba2c | No error (0) | 13.107.246.40 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:36.909840107 CET | 1.1.1.1 | 192.168.2.27 | 0xe296 | No error (0) | a726.dscd.akamai.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:36.909840107 CET | 1.1.1.1 | 192.168.2.27 | 0xe296 | No error (0) | 23.44.136.179 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:36.909840107 CET | 1.1.1.1 | 192.168.2.27 | 0xe296 | No error (0) | 23.44.136.184 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:36.909840107 CET | 1.1.1.1 | 192.168.2.27 | 0xe296 | No error (0) | 23.44.136.175 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:36.909840107 CET | 1.1.1.1 | 192.168.2.27 | 0xe296 | No error (0) | 23.44.136.185 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:36.909840107 CET | 1.1.1.1 | 192.168.2.27 | 0xe296 | No error (0) | 23.44.136.183 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:36.909840107 CET | 1.1.1.1 | 192.168.2.27 | 0xe296 | No error (0) | 23.44.136.182 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:36.909840107 CET | 1.1.1.1 | 192.168.2.27 | 0xe296 | No error (0) | 23.44.136.180 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:36.909840107 CET | 1.1.1.1 | 192.168.2.27 | 0xe296 | No error (0) | 23.44.136.186 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 17:51:36.909840107 CET | 1.1.1.1 | 192.168.2.27 | 0xe296 | No error (0) | 23.44.136.181 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.27 | 49723 | 162.19.137.157 | 443 | 8128 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 16:51:09 UTC | 222 | OUT | |
2025-03-25 16:51:10 UTC | 539 | IN | |
2025-03-25 16:51:10 UTC | 38 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.27 | 49724 | 162.19.137.157 | 443 | 8128 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 16:51:10 UTC | 219 | OUT | |
2025-03-25 16:51:10 UTC | 590 | IN | |
2025-03-25 16:51:10 UTC | 4645 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.27 | 49731 | 13.107.246.40 | 443 | 8128 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 16:51:25 UTC | 214 | OUT | |
2025-03-25 16:51:25 UTC | 491 | IN | |
2025-03-25 16:51:25 UTC | 461 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.27 | 49730 | 13.107.246.40 | 443 | 8128 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 16:51:25 UTC | 215 | OUT | |
2025-03-25 16:51:25 UTC | 515 | IN | |
2025-03-25 16:51:25 UTC | 2781 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 12:50:14 |
Start date: | 25/03/2025 |
Path: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6879a0000 |
File size: | 70'082'712 bytes |
MD5 hash: | F9F7B6C42211B06E7AC3E4B60AA8FB77 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 8 |
Start time: | 12:50:31 |
Start date: | 25/03/2025 |
Path: | C:\Windows\System32\appidpolicyconverter.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7dd3c0000 |
File size: | 155'648 bytes |
MD5 hash: | 6567D9CF2545FAAC60974D9D682700D4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 9 |
Start time: | 12:50:31 |
Start date: | 25/03/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7639b0000 |
File size: | 1'040'384 bytes |
MD5 hash: | 9698384842DA735D80D278A427A229AB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 14 |
Start time: | 12:51:17 |
Start date: | 25/03/2025 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff679610000 |
File size: | 192'512 bytes |
MD5 hash: | 4C1F48431A4C5DE7841216C32CD98C46 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Target ID: | 18 |
Start time: | 12:51:31 |
Start date: | 25/03/2025 |
Path: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6879a0000 |
File size: | 70'082'712 bytes |
MD5 hash: | F9F7B6C42211B06E7AC3E4B60AA8FB77 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet1" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet2" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet3" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "ThisWorkbook" |
2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |