Edit tour
Windows
Analysis Report
Transferencia de pago.xla.xlsx
Overview
General Information
| Sample name: | Transferencia de pago.xla.xlsx |
| Analysis ID: | 1648781 |
| MD5: | e2fa9ae74472cc7853c57c2e01e5ca78 |
| SHA1: | 4f3c924772d7ed5767bcd13b2969ea98204ac146 |
| SHA256: | 43c68b7dd1c862d41e95e3db196a0d2005df40d3f19c3ae0b580cc21863ea81d |
| Tags: | xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 56 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 6712 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
mshta.exe (PID: 5280 cmdline: C:\Windows \SysWOW64\ mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505) 
splwow64.exe (PID: 2176 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 2444 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\T ransferenc ia de pago .xla.xlsx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: | ||
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-26T08:03:38.155740+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49700 | 13.107.246.40 | 443 | TCP |
| 2025-03-26T08:03:44.653752+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49702 | 13.107.246.40 | 443 | TCP |
| 2025-03-26T08:03:44.658788+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49701 | 13.107.246.40 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Software Vulnerabilities | |
|---|
| Source: | Process created: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD00BF1C46/\x1Ole' : | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD00BF1C45/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 39% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 | ||
| 29% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| s-part-0012.t-0009.t-msedge.net | 13.107.246.40 | true | false | high | |
| bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
| agr.my | 147.79.86.93 | true | false | unknown | |
| s-0005.dual-s-msedge.net | 52.123.129.14 | true | false | high | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| false | high | ||
| false | high | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 147.79.86.93 | agr.my | United States | 208485 | EKSENBILISIMTR | false | |
| 192.3.216.141 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
| 13.107.246.40 | s-part-0012.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1648781 |
| Start date and time: | 2025-03-26 08:01:25 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 14s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 18 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Transferencia de pago.xla.xlsx |
| Detection: | MAL |
| Classification: | mal56.expl.winXLSX@6/4@2/3 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, SIHCli ent.exe, SgrmBroker.exe, conho st.exe, svchost.exe, MavInject 32.exe - Excluded IPs from analysis (wh
itelisted): 52.109.8.89, 184.3 1.69.3, 52.109.16.112, 199.232 .210.172, 51.105.71.137, 13.69 .239.73, 52.123.129.14, 20.12. 23.50, 40.126.35.151 - Excluded domains from analysis
(whitelisted): slscr.update.m icrosoft.com, cus-config.offic eapps.live.com, fs-wildcard.mi crosoft.com.edgekey.net, fs-wi ldcard.microsoft.com.edgekey.n et.globalredir.akadns.net, e16 604.dscf.akamaiedge.net, osipr od-ncus-buff-azsc-000.northcen tralus.cloudapp.azure.com, ncu s-azsc-000.roaming.officeapps. live.com, mobile.events.data.m icrosoft.com, roaming.officeap ps.live.com, onedscolprduks03. uksouth.cloudapp.azure.com, du al-s-0005-office.config.skype. com, login.live.com, onedscolp rdneu03.northeurope.cloudapp.a zure.com, officeclient.microso ft.com, prod.fs.microsoft.com. akadns.net, c.pki.goog, wu-b-n et.trafficmanager.net, ecs.off ice.com, self-events-data.traf ficmanager.net, fs.microsoft.c om, ctldl.windowsupdate.com.de livery.microsoft.com, prod.con figsvc1.live.com.akadns.net, s elf.events.data.microsoft.com, ctldl.windowsupdate.com, prod .roaming1.live.com.akadns.net, fe3cr.delivery.mp.microsoft.c om, us1.roaming1.live.com.akad ns.net, config.officeapps.live .com, us.configsvc1.live.com.a kadn - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTP raw data packets hav
e been limited to 10 per sessi on. Please view the PCAPs for the complete data. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 03:03:31 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 192.3.216.141 | Get hash | malicious | Cobalt Strike, AgentTesla | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 13.107.246.40 | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| bg.microsoft.map.fastly.net | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
| Get hash | malicious | Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | CryptOne, LummaC Stealer, Socks5Systemz | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | VIP Keylogger | Browse |
| ||
| s-part-0012.t-0009.t-msedge.net | Get hash | malicious | XWorm | Browse |
| |
| Get hash | malicious | AsyncRAT, PureLog Stealer, XWorm | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| EKSENBILISIMTR | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Gabagool | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Gabagool | Browse |
| ||
| AS-COLOCROSSINGUS | Get hash | malicious | XWorm | Browse |
| |
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | DarkVision Rat | Browse |
| ||
| Get hash | malicious | DBatLoader, Remcos | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | AsyncRAT, PureLog Stealer, XWorm | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | CryptOne, LummaC Stealer, Socks5Systemz | Browse |
| ||
| Get hash | malicious | GO Backdoor, LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 784 |
| Entropy (8bit): | 2.7137690747287806 |
| Encrypted: | false |
| SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
| MD5: | 09F73B3902CD3D88E04312787956B654 |
| SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
| SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
| SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.7769794087092887 |
| Encrypted: | false |
| SSDEEP: | 3:iXKG/4N+RMlW8td:iXlMlW8/ |
| MD5: | 37BD8218D560948827D3B948CAFA579C |
| SHA1: | 24347FB0A66F2DA8AD3BAB818E3C24977104E5DA |
| SHA-256: | 189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6 |
| SHA-512: | A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.9821744334496545 |
| TrID: |
|
| File name: | Transferencia de pago.xla.xlsx |
| File size: | 1'263'104 bytes |
| MD5: | e2fa9ae74472cc7853c57c2e01e5ca78 |
| SHA1: | 4f3c924772d7ed5767bcd13b2969ea98204ac146 |
| SHA256: | 43c68b7dd1c862d41e95e3db196a0d2005df40d3f19c3ae0b580cc21863ea81d |
| SHA512: | e0846233d1e0e5a6387942ed500c207075f71a930f40b3b6cfa0aebcbef6813025717cb9bd5b78134d89c485af1607c435fe85852bfd944aa6893f867ce0f070 |
| SSDEEP: | 24576:Qk/BbDqMApAUspxvqbY43WZHzn0M9cWNVDfrsnlbhSpAF:QcRwEpxybY43WF0MtDDTMN4pAF |
| TLSH: | 034533A4BB80DA73C9B244BC459BCA998425FC407799C7633249B34E39317B1829F6CF |
| File Content Preview: | ........................>...................................v...................................................................................y.......{...................................................................................................... |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-25 17:36:20 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 82 ec 0b 30 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 82 ec 20 0f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 82 ec b4 45 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w a . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 82 ec 77 61 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.244124755015799 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . p k . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD00BF1C45/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00BF1C45/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 1099178 |
| Entropy: | 7.995128594036676 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . w 1 . . . . j . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 77 31 d5 0e e3 01 00 00 6a 08 00 00 13 00 cd 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c9 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00BF1C46/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 624 |
| Entropy: | 5.516470831366188 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . % { I R . . . . . . . . . . . . . . . . y . . . K . . . . . h . t . t . p . s . : . / . / . a . g . r . . . m . y . / . K . K . h . F . 4 . w . ? . & . i . n . s . o . l . e . n . c . e . = . n . a . u . s . e . a . t . i . n . g . & . p . r . e . s . i . d . e . n . t . . . . ) _ D . . _ O . . ? S . . , > $ . 5 . . J . . , 7 | . 1 ~ . . $ . . . J p & n e . w . x O ^ 7 . r . V 2 B . - D . . ? . e _ R ~ . W S . 7 ' [ ) . $ i - . l _ m . . ( | C c . Y h . . . . . . . . . . . . . . . . . . . . 1 . G . |
| Data Raw: | 01 00 00 02 9f 25 ab 7b a6 a9 49 52 00 00 00 00 00 00 00 00 00 00 00 00 0e 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 0a 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 61 00 67 00 72 00 2e 00 6d 00 79 00 2f 00 4b 00 4b 00 68 00 46 00 34 00 77 00 3f 00 26 00 69 00 6e 00 73 00 6f 00 6c 00 65 00 6e 00 63 00 65 00 3d 00 6e 00 61 00 75 00 73 00 65 00 61 00 74 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 139413 |
| Entropy: | 7.99483810742049 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . } . . . / O H I . . S : % j . Z e . . M . . . . . . . . . . . 7 . . . \\ . p . . T . . . . o . z l . > | \\ u u z H O . i w S . e E . C ) . U ' q P . . . t . . S o r N 1 3 . . A j . . . 2 . ^ 5 B . . . E a . . . m . . . = . . . o . Q . . . o u ; . . 4 b ] . . . C . . . . L 4 . . . . Q t . . . . k . . . . . . . . = . . . . . . 8 . . x 4 . [ @ . . . ) . . . . I " . . . z . . . . Y . . . r . . . 1 . . . 1 < H 9 ( E Q < . . 2 1 . . l 1 . * W i t 1 . . . ( |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 b6 9c 9a d4 7d a5 a2 04 05 ae d7 85 2f 4f 48 be 8f 49 1c f3 f7 05 9d c3 eb 53 f8 3a 25 d5 6a 94 f3 eb 09 dd 5a 65 07 dc f2 b6 fb a5 88 1a 4d 10 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 b6 37 e2 00 00 00 5c 00 70 00 8a fa da 02 20 54 fe 03 08 02 fc b0 b2 07 6f d3 7f 7a 6c 7f a0 f5 3e 88 7c 9d |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 529 |
| Entropy: | 5.2271416516677 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { 4 F A 9 0 6 3 7 - C 5 6 6 - 4 F 2 9 - B E 2 6 - 0 0 0 0 C 5 F 3 D 8 F D } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 3 5 3 7 E A 0 B 1 A 2 C 1 E 2 C 1 |
| Data Raw: | 49 44 3d 22 7b 34 46 41 39 30 36 33 37 2d 43 35 36 36 2d 34 46 32 39 2d 42 45 32 36 2d 30 30 30 30 43 35 46 33 44 38 46 44 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.982454728658767 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.347887118253599 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . w i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 c1 77 fa 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeDownload Network PCAP: filtered – full
| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-26T08:03:38.155740+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49700 | 13.107.246.40 | 443 | TCP |
| 2025-03-26T08:03:44.653752+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49702 | 13.107.246.40 | 443 | TCP |
| 2025-03-26T08:03:44.658788+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49701 | 13.107.246.40 | 443 | TCP |
- Total Packets: 206
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 26, 2025 08:03:22.498296976 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:03:22.498326063 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:03:22.498420954 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:03:22.498672962 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:03:22.498703957 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:03:22.943947077 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:03:22.944071054 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:03:22.948029041 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:03:22.948034048 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:03:22.948344946 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:03:22.948451042 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:03:22.948779106 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:03:22.996273041 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.410742998 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.410813093 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:03:23.410824060 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.410836935 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.410876036 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:03:23.576432943 CET | 49697 | 443 | 192.168.2.7 | 147.79.86.93 |
| Mar 26, 2025 08:03:23.576443911 CET | 443 | 49697 | 147.79.86.93 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.578300953 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:23.730302095 CET | 80 | 49698 | 192.3.216.141 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.730472088 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:23.730647087 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:23.886694908 CET | 80 | 49698 | 192.3.216.141 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.886714935 CET | 80 | 49698 | 192.3.216.141 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.886784077 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:23.886784077 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:23.890853882 CET | 80 | 49698 | 192.3.216.141 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.890873909 CET | 80 | 49698 | 192.3.216.141 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.890944958 CET | 80 | 49698 | 192.3.216.141 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.890954971 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:23.890954971 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:23.890961885 CET | 80 | 49698 | 192.3.216.141 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.890978098 CET | 80 | 49698 | 192.3.216.141 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.890990973 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:23.890995026 CET | 80 | 49698 | 192.3.216.141 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.891025066 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:23.891025066 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:23.891033888 CET | 80 | 49698 | 192.3.216.141 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.891050100 CET | 80 | 49698 | 192.3.216.141 | 192.168.2.7 |
| Mar 26, 2025 08:03:23.891069889 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:23.891088009 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:23.891088009 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:24.041085005 CET | 80 | 49698 | 192.3.216.141 | 192.168.2.7 |
| Mar 26, 2025 08:03:24.041141987 CET | 80 | 49698 | 192.3.216.141 | 192.168.2.7 |
| Mar 26, 2025 08:03:24.041187048 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:24.041187048 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:24.613662004 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:24.613704920 CET | 49698 | 80 | 192.168.2.7 | 192.3.216.141 |
| Mar 26, 2025 08:03:37.866345882 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:37.866405964 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:37.869461060 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:37.869889021 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:37.869916916 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.155668020 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.155740023 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.157723904 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.157742023 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.157988071 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.159393072 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.200277090 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.469104052 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.469131947 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.469147921 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.469209909 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.469260931 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.469316959 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.500199080 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.500219107 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.500307083 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.500335932 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.501461029 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.566855907 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.566875935 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.566994905 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.567028999 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.569462061 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.585324049 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.585354090 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.585447073 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.585484982 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.589461088 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.606179953 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.606199026 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.606246948 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.606288910 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.606307983 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.609446049 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.663077116 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.663098097 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.663177013 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.663213015 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.665443897 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.691137075 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.691155910 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.691320896 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.691351891 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.693439960 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.719152927 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.719180107 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.719255924 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.719283104 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.719300032 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.720843077 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.758739948 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.758764982 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.758850098 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.758882046 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.761452913 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.786397934 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.786422014 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.786544085 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.786573887 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.788508892 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.813534021 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.813558102 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.813611984 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.813642025 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.813654900 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.814623117 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.851253033 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.851279974 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.851421118 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.851449966 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.851497889 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.877393007 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.877413034 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.877497911 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.877513885 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.877551079 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.903862953 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.903879881 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.903940916 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.903963089 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.904103041 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.933876991 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.933942080 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.933979988 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.934026957 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.934043884 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.934200048 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.964116096 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.964164972 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.964205027 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.964225054 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.964250088 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.964272022 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.986745119 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.986767054 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.986828089 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:38.986843109 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:38.986922979 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.013541937 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.013600111 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.013633013 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.013680935 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.013698101 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.013714075 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.043405056 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.043467045 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.043471098 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.043500900 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.043524027 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.043539047 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.066720963 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.066771984 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.066795111 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.066816092 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.066828012 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.066849947 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.091968060 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.092024088 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.092051029 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.092087984 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.092111111 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.092133045 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.119074106 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.119097948 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.119143009 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.119154930 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.119190931 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.119211912 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.143145084 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.143171072 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.143230915 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.143241882 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.143294096 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.171173096 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.171190023 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.171261072 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.171268940 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.171370983 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.203867912 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.203883886 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.203924894 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.203933954 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.203957081 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.203989983 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.215701103 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.215717077 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.215770960 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.215776920 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.215845108 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.259562016 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.259588003 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.259639025 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.259664059 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.259685040 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.259829998 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.278825998 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.278844118 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.278906107 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.278918028 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.278955936 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.299984932 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.300003052 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.300060987 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.300072908 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.300105095 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.350219011 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.350249052 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.350289106 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.350301027 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.350347042 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.353240013 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.353256941 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.353311062 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.353319883 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.353353024 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.496227026 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.496268034 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.496326923 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.496340036 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.496356964 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.496412992 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.496417999 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.496438980 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.496457100 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.496470928 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.496489048 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.496511936 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.496546984 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.496548891 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.496562004 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.496579885 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.496625900 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.496635914 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.496654034 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.496686935 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.509257078 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.509290934 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.509344101 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.509352922 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.509402990 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.547384977 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.547416925 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.547475100 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.547502995 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.547548056 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.547548056 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.583385944 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.583422899 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.583473921 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.583504915 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.583518982 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.583544016 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.616614103 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.616645098 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.616691113 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.616719007 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.616733074 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.616759062 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.652071953 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.652110100 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.652160883 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.652189016 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.652204037 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.652230978 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.680545092 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.680571079 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.680668116 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.680708885 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.681446075 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.713833094 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.713861942 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.713921070 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.713957071 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.713973045 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.714016914 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.745758057 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.745788097 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.745830059 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.745862961 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.745878935 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.745973110 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.779381037 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.779409885 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.779458046 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.779494047 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.779510975 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.779532909 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.804419041 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.804447889 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.804512978 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.804547071 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.804568052 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.804688931 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.837140083 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.837165117 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.837241888 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.837272882 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.837291956 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.837318897 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.866771936 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.866803885 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.866837978 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.866867065 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.866883993 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.866933107 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.896038055 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.896075964 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.896105051 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.896130085 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.896150112 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.896316051 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.926702023 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.926737070 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.926774025 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.926800966 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.926821947 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.926845074 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.948242903 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.948273897 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.948368073 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.948406935 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.948422909 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.948611021 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.980961084 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.980988026 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.981026888 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.981041908 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:39.981053114 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:39.981082916 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.013916969 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.013952017 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.014014006 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.014044046 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.014059067 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.014435053 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.037549973 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.037576914 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.037632942 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.037642002 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.037689924 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.061263084 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.061290026 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.061352968 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.061363935 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.061383009 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.061405897 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.095912933 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.095940113 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.096036911 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.096064091 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.096152067 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.117346048 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.117372036 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.117430925 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.117460966 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.117479086 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.117538929 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.147501945 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.147526979 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.147589922 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.147620916 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.147645950 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.147757053 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.183965921 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.183990002 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.184056044 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.184086084 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.184293032 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.205974102 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.206007004 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.206046104 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.206058025 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.206098080 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.232496023 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.232532024 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.232577085 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.232587099 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.232624054 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.262846947 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.262873888 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.262928009 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.262954950 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.262969971 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.262994051 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.290483952 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.290507078 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.290572882 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.290595055 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.290616989 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.290647030 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.313654900 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.313679934 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.313755035 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.313776016 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.313805103 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.334048986 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.334070921 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.334156990 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.334178925 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.334192991 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.334214926 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.368294954 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.368315935 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.368364096 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.368381977 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.368412971 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.368431091 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.393579960 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.393614054 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.393663883 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.393699884 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.393713951 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.393754959 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.416323900 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.416351080 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.416410923 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.416420937 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.416456938 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.417926073 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.418009996 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.418081999 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.418107986 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.418122053 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.418122053 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:40.418131113 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:40.418137074 CET | 443 | 49700 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.365361929 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.365412951 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.366121054 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.366296053 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.366306067 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.366771936 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.366816998 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.366910934 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.367124081 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.367141962 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.652460098 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.653752089 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.653790951 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.654886007 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.654898882 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.658170938 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.658787966 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.658802032 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.659764051 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.659770012 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.835969925 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.835994959 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.836056948 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.836071968 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.836107969 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.836363077 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.836384058 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.836394072 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.836400032 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.845886946 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.846369982 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.846565008 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.846635103 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.846652031 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Mar 26, 2025 08:03:44.846664906 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.40 |
| Mar 26, 2025 08:03:44.846669912 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.7 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 26, 2025 08:03:22.383100033 CET | 53769 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 26, 2025 08:03:22.497399092 CET | 53 | 53769 | 1.1.1.1 | 192.168.2.7 |
| Mar 26, 2025 08:03:37.742518902 CET | 60033 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 26, 2025 08:03:37.864866018 CET | 53 | 60033 | 1.1.1.1 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 26, 2025 08:03:22.383100033 CET | 192.168.2.7 | 1.1.1.1 | 0xaabe | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 26, 2025 08:03:37.742518902 CET | 192.168.2.7 | 1.1.1.1 | 0x657c | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 26, 2025 08:02:33.005079031 CET | 1.1.1.1 | 192.168.2.7 | 0x47ae | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 08:02:33.005079031 CET | 1.1.1.1 | 192.168.2.7 | 0x47ae | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 08:02:33.005079031 CET | 1.1.1.1 | 192.168.2.7 | 0x47ae | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 08:02:33.517287016 CET | 1.1.1.1 | 192.168.2.7 | 0x25cd | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 08:02:33.517287016 CET | 1.1.1.1 | 192.168.2.7 | 0x25cd | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 08:03:22.497399092 CET | 1.1.1.1 | 192.168.2.7 | 0xaabe | No error (0) | 147.79.86.93 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 08:03:37.864866018 CET | 1.1.1.1 | 192.168.2.7 | 0x657c | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 08:03:37.864866018 CET | 1.1.1.1 | 192.168.2.7 | 0x657c | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 08:03:37.864866018 CET | 1.1.1.1 | 192.168.2.7 | 0x657c | No error (0) | shed.dual-low.s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 08:03:37.864866018 CET | 1.1.1.1 | 192.168.2.7 | 0x657c | No error (0) | s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 08:03:37.864866018 CET | 1.1.1.1 | 192.168.2.7 | 0x657c | No error (0) | 13.107.246.40 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49698 | 192.3.216.141 | 80 | 6712 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 26, 2025 08:03:23.730647087 CET | 241 | OUT | |
| Mar 26, 2025 08:03:23.886694908 CET | 1254 | IN | |
| Mar 26, 2025 08:03:23.886714935 CET | 1254 | IN | |
| Mar 26, 2025 08:03:23.890853882 CET | 1254 | IN | |
| Mar 26, 2025 08:03:23.890873909 CET | 1254 | IN | |
| Mar 26, 2025 08:03:23.890944958 CET | 1254 | IN | |
| Mar 26, 2025 08:03:23.890961885 CET | 1254 | IN | |
| Mar 26, 2025 08:03:23.890978098 CET | 1254 | IN | |
| Mar 26, 2025 08:03:23.890995026 CET | 1254 | IN | |
| Mar 26, 2025 08:03:23.891033888 CET | 1254 | IN | |
| Mar 26, 2025 08:03:23.891050100 CET | 1254 | IN | |
| Mar 26, 2025 08:03:24.041085005 CET | 1254 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49697 | 147.79.86.93 | 443 | 6712 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 07:03:22 UTC | 222 | OUT | |
| 2025-03-26 07:03:23 UTC | 452 | IN | |
| 2025-03-26 07:03:23 UTC | 93 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49700 | 13.107.246.40 | 443 | 6712 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 07:03:38 UTC | 226 | OUT | |
| 2025-03-26 07:03:38 UTC | 500 | IN | |
| 2025-03-26 07:03:38 UTC | 15884 | IN | |
| 2025-03-26 07:03:38 UTC | 16384 | IN | |
| 2025-03-26 07:03:38 UTC | 16384 | IN | |
| 2025-03-26 07:03:38 UTC | 16384 | IN | |
| 2025-03-26 07:03:38 UTC | 16384 | IN | |
| 2025-03-26 07:03:38 UTC | 16384 | IN | |
| 2025-03-26 07:03:38 UTC | 16384 | IN | |
| 2025-03-26 07:03:38 UTC | 16384 | IN | |
| 2025-03-26 07:03:38 UTC | 16384 | IN | |
| 2025-03-26 07:03:38 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49702 | 13.107.246.40 | 443 | 6712 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 07:03:44 UTC | 214 | OUT | |
| 2025-03-26 07:03:44 UTC | 494 | IN | |
| 2025-03-26 07:03:44 UTC | 2128 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 49701 | 13.107.246.40 | 443 | 6712 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 07:03:44 UTC | 214 | OUT | |
| 2025-03-26 07:03:44 UTC | 470 | IN | |
| 2025-03-26 07:03:44 UTC | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 03:02:28 |
| Start date: | 26/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb90000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 10 |
| Start time: | 03:03:22 |
| Start date: | 26/03/2025 |
| Path: | C:\Windows\SysWOW64\mshta.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8e0000 |
| File size: | 13'312 bytes |
| MD5 hash: | 06B02D5C097C7DB1F109749C45F3F505 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 12 |
| Start time: | 03:03:31 |
| Start date: | 26/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64df60000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 14 |
| Start time: | 03:03:45 |
| Start date: | 26/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xb90000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Call Graph
Graph
Hide Legend
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet1" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet2" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet3" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "ThisWorkbook" |
| 2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
