Edit tour
Windows
Analysis Report
ORDER 517-2025.xla.xlsx
Overview
General Information
| Sample name: | ORDER 517-2025.xla.xlsx |
| Analysis ID: | 1649092 |
| MD5: | 307073b336245bffd54f68919948a0aa |
| SHA1: | eb2877643dfacc68c121e9588ff2774e6e7a80f0 |
| SHA256: | 13107d3ff9000f73a501043bb4cdca50408dacb5c0cfcd3c1a0b3e9cdd455c43 |
| Tags: | xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 6192 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
splwow64.exe (PID: 6724 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 5736 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\O RDER 517-2 025.xla.xl sx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-26T14:08:56.593919+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.12 | 49759 | 13.107.246.40 | 443 | TCP |
| 2025-03-26T14:09:04.312411+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.12 | 49760 | 13.107.246.40 | 443 | TCP |
| 2025-03-26T14:09:04.327093+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.12 | 49761 | 13.107.246.40 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD00EB272B/\x1Ole' : | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD00EB272A/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 22% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| s-part-0010.t-0009.t-msedge.net | 13.107.246.38 | true | false | high | |
| s-part-0012.t-0009.t-msedge.net | 13.107.246.40 | true | false | high | |
| agr.my | 147.79.86.93 | true | false | high | |
| s-0005.dual-s-msedge.net | 52.123.128.14 | true | false | high | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false |
| unknown | |
| false |
| unknown | |
| false | high | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 147.79.86.93 | agr.my | United States | 208485 | EKSENBILISIMTR | false | |
| 13.107.246.40 | s-part-0012.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1649092 |
| Start date and time: | 2025-03-26 14:05:52 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 55s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 11 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | ORDER 517-2025.xla.xlsx |
| Detection: | MAL |
| Classification: | mal48.winXLSX@4/4@3/2 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, WMIADA P.exe, conhost.exe, svchost.ex e - Excluded IPs from analysis (wh
itelisted): 52.109.32.97, 52.1 09.8.36, 184.31.69.3, 20.42.65 .90, 20.42.73.26, 52.149.20.21 2, 52.123.128.14, 40.126.24.82 - Excluded domains from analysis
(whitelisted): slscr.update.m icrosoft.com, onedscolprdeus14 .eastus.cloudapp.azure.com, fs -wildcard.microsoft.com.edgeke y.net, fs-wildcard.microsoft.c om.edgekey.net.globalredir.aka dns.net, e16604.dscf.akamaiedg e.net, mobile.events.data.micr osoft.com, roaming.officeapps. live.com, osiprod-cus-buff-azs c-000.centralus.cloudapp.azure .com, dual-s-0005-office.confi g.skype.com, login.live.com, o nedscolprdeus09.eastus.cloudap p.azure.com, officeclient.micr osoft.com, ukw-azsc-config.off iceapps.live.com, prod.fs.micr osoft.com.akadns.net, c.pki.go og, ecs.office.com, self-event s-data.trafficmanager.net, fs. microsoft.com, prod.configsvc1 .live.com.akadns.net, self.eve nts.data.microsoft.com, ctldl. windowsupdate.com, prod.roamin g1.live.com.akadns.net, cus-az sc-000.roaming.officeapps.live .com, fe3cr.delivery.mp.micros oft.com, us1.roaming1.live.com .akadns.net, config.officeapps .live.com, ecs.office.trafficm anager.net, europe.configsvc1. live.com.akadns.net, mobile.ev ents.data.trafficmanager.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 09:08:50 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 147.79.86.93 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 13.107.246.40 | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Gabagool | Browse |
| ||
| s-part-0010.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AsyncRAT, PureLog Stealer, XWorm | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| agr.my | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| s-part-0012.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| EKSENBILISIMTR | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Invisible JS, Tycoon2FA | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 784 |
| Entropy (8bit): | 2.7137690747287806 |
| Encrypted: | false |
| SSDEEP: | 12:YIrxA3rOpKmA4RP7EcJBSiGl6s8ACn2QYKrn2GpQPZRprw+25WHWspMSp:YIrcSpKmNRwcfHGF8A8iWxKZR++2IHWI |
| MD5: | 96F26AC9D00AF170C209932485A93F1B |
| SHA1: | E103D165A1E529CA08D98391E050175C4492BB92 |
| SHA-256: | A370505E61C2FB7827705A4875890DBB0DB3A232514AA75FE99E5A637602D230 |
| SHA-512: | FF680B0C42CC7918DB73ED715841F9AC1DAB27EF10E44101A3ED63A61A03725CF86F02D06A39BB0BA7C4F5EF5635EAB4D0B60F2A1538781D7A94112C9AF2674E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.4377382811115937 |
| Encrypted: | false |
| SSDEEP: | 3:BJbFFFjpQl2fV:/bFFFNQlS |
| MD5: | 037948E5945313159DC8146EB7973386 |
| SHA1: | 4CEF8EE5AF61A21ADB398F6C296F48242158A1AA |
| SHA-256: | E63CBDD61699DD98D41777B269B57916B6E67F51E457D71BF62E8BD56D1362E4 |
| SHA-512: | E2D94EEDAD02B0D8B478DA100F753608C6A3A49E37FB53E11815CEA7806DF045DF96D5C53E41A4AD9B772A63FDF180FFEB2F49078334AB3C267FAC26E3B21F01 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.9729841023173265 |
| TrID: |
|
| File name: | ORDER 517-2025.xla.xlsx |
| File size: | 1'247'744 bytes |
| MD5: | 307073b336245bffd54f68919948a0aa |
| SHA1: | eb2877643dfacc68c121e9588ff2774e6e7a80f0 |
| SHA256: | 13107d3ff9000f73a501043bb4cdca50408dacb5c0cfcd3c1a0b3e9cdd455c43 |
| SHA512: | 351494bea7f8af1a5902a858f496efa4a1ac5b755252485e1604ed1439787d4bc2fb599d6632c5d666bc20a3cda0dde26021eb648d963b0de6241616354d3926 |
| SSDEEP: | 24576:tv2A6lUE6UzfYti5u0s38xN4XZs4z84W9Gtyct8mDubxhz6u2+wTQw:h2AIUE6KfYtGo38xuX+2WUtyct5D6dPL |
| TLSH: | C0452359B9989F17D5CDD97C1CC28BF7022C6D01B683D5AB2B50B31DBAB87A012C60BD |
| File Content Preview: | ........................>...................................B...................................................................E.......g.......i.............................................................................................................. |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-26 06:26:02 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 z f . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 31 7a 66 85 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 z . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 31 7a b5 dc 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 z < . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 31 7a c6 3c 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 z . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 31 7a 0f 0f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.226575879994164 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD00EB272A/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EB272A/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 812455 |
| Entropy: | 7.972532718200243 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . . B . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 03 94 9d 42 d0 01 00 00 d2 07 00 00 13 00 ce 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 ca 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EB272B/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 818 |
| Entropy: | 5.621553867169569 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . Z . D . . . . . . . . . . . . . . . . y . . . K . . . . . h . t . t . p . s . : . / . / . a . g . r . . . m . y . / . k . V . T . C . H . C . ? . & . t . h . a . n . k . s . . . l \\ % i 7 L . . 2 0 , G & K R . m s ` R a . . . H . D . . . . d % . < = . . & . } B Y B . ; ` ` I . a 2 . . / N . . y K 8 : I - * . % y H . _ 9 > ^ - } % . P ` . ' ? [ . W . p u . o . \\ . < h B o A # O . A ~ 5 . < [ C . O ` ~ . 6 a 0 < . . . . . . . . . . . . . . . . . . . C . L . 4 . 9 . F . y . T . K . p . D . U . m . q . |
| Data Raw: | 01 00 00 02 8d e8 bb 5a b3 bc 1a 44 00 00 00 00 00 00 00 00 00 00 00 00 1e 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 1a 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 61 00 67 00 72 00 2e 00 6d 00 79 00 2f 00 6b 00 56 00 54 00 43 00 48 00 43 00 3f 00 26 00 74 00 68 00 61 00 6e 00 6b 00 73 00 00 00 fa 6c 5c 25 f4 69 f7 92 37 ec 4c 07 b7 db 9a 32 8b f0 e3 ac |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 410625 |
| Entropy: | 7.998983668897979 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . * m j 4 u ( O X D b . . v ~ F . . J . . g 0 5 . . . . . . . . . . . . . . \\ . p . x ! p * . - . n | \\ y . . . ' . & b . x o _ i . k { A | e ] . . h . Y . . . | . G . 6 = C . . W . G . s ^ 5 . ? . < i . . B . . . { a . . . 5 . . . . = . . . 3 b . k O . . . Q , Q z . + . . . . l . . . . . . . . . h . . . . . . . c . . . c = . . . . M ~ . L J * $ V p @ . . . . . . . " . . . y , . . . . & . . . . . . . 1 . . . . 9 . > D O o ^ r 0 . . . . x z p . M 1 . . . q |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 2a 6d d5 6a e0 34 75 28 df 4f 58 44 ed 62 d5 af 1d 8f a3 76 7e 46 e8 c0 ee b0 00 eb e6 0d 9d 4a fa 1f 0e 67 30 35 87 fe 9e ef fa 05 b6 cd c7 fb 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 f4 ce e2 00 00 00 5c 00 70 00 ae c3 78 21 70 2a 16 b1 2d cc f6 c8 1b 9e 6e 8b 7c 5c a9 79 02 97 e1 06 1b f6 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 527 |
| Entropy: | 5.277318566589271 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { 0 1 7 1 1 C 5 2 - E 6 E 5 - 4 9 F C - 8 3 A E - D E 4 A 9 E B D 1 D F 7 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " F 8 F A D 8 1 E D C 1 E D C 1 E D |
| Data Raw: | 49 44 3d 22 7b 30 31 37 31 31 43 35 32 2d 45 36 45 35 2d 34 39 46 43 2d 38 33 41 45 2d 44 45 34 41 39 45 42 44 31 44 46 37 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.9905096282794155 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.372676054338537 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . 5 , i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 35 2c fb 69 0d 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeDownload Network PCAP: filtered – full
| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-26T14:08:56.593919+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.12 | 49759 | 13.107.246.40 | 443 | TCP |
| 2025-03-26T14:09:04.312411+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.12 | 49760 | 13.107.246.40 | 443 | TCP |
| 2025-03-26T14:09:04.327093+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.12 | 49761 | 13.107.246.40 | 443 | TCP |
- Total Packets: 233
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 26, 2025 14:08:41.321743011 CET | 49757 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:41.321804047 CET | 443 | 49757 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:41.321881056 CET | 49757 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:41.322211027 CET | 49757 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:41.322225094 CET | 443 | 49757 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:41.775887966 CET | 443 | 49757 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:41.776057005 CET | 49757 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:41.780563116 CET | 49757 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:41.780613899 CET | 443 | 49757 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:41.780972958 CET | 443 | 49757 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:41.781047106 CET | 49757 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:41.781527042 CET | 49757 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:41.824273109 CET | 443 | 49757 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:42.244370937 CET | 443 | 49757 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:42.244472027 CET | 443 | 49757 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:42.244501114 CET | 49757 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:42.244537115 CET | 49757 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:42.250432014 CET | 49757 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:42.250452042 CET | 443 | 49757 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:42.254797935 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:42.254823923 CET | 443 | 49758 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:42.254893064 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:42.255139112 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:42.255147934 CET | 443 | 49758 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:42.696952105 CET | 443 | 49758 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:42.697246075 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:42.702869892 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:42.702887058 CET | 443 | 49758 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:42.703327894 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:42.703335047 CET | 443 | 49758 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:43.172992945 CET | 443 | 49758 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:43.173085928 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:43.173360109 CET | 443 | 49758 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:43.173418045 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:43.173770905 CET | 443 | 49758 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:43.173820019 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:43.173827887 CET | 443 | 49758 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:43.173862934 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:43.173867941 CET | 443 | 49758 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:43.173897028 CET | 443 | 49758 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:43.173903942 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:43.173934937 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:43.175008059 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:43.175020933 CET | 443 | 49758 | 147.79.86.93 | 192.168.2.12 |
| Mar 26, 2025 14:08:43.175031900 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:43.175062895 CET | 49758 | 443 | 192.168.2.12 | 147.79.86.93 |
| Mar 26, 2025 14:08:56.309520960 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:56.309551954 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.310190916 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:56.310627937 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:56.310641050 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.593838930 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.593919039 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:56.595313072 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:56.595328093 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.595591068 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.596940994 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:56.640269041 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.892405987 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.892432928 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.892494917 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.892508984 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:56.892537117 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.892558098 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:56.892584085 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:56.921533108 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.921555996 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.921603918 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:56.921618938 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.921648026 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:56.921660900 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:56.991276026 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.991303921 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.991439104 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:56.991455078 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.991631985 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.008390903 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.008419037 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.008480072 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.008502960 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.008553028 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.008553028 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.035748959 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.035768032 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.036278963 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.036297083 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.036910057 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.094863892 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.094891071 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.094990015 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.094990015 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.095005989 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.095159054 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.123769999 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.123800993 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.123898983 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.123898983 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.123919010 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.124150038 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.150572062 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.150603056 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.150742054 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.150742054 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.150753021 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.150840998 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.191656113 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.191684008 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.191773891 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.191786051 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.192003965 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.192004919 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.221643925 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.221676111 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.223136902 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.223138094 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.223150015 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.224145889 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.245114088 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.245151997 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.245218992 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.245235920 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.245254993 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.246164083 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.287853956 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.287888050 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.287961006 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.287990093 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.288016081 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.288297892 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.314629078 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.314661980 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.314719915 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.314749002 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.314766884 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.318684101 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.342367887 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.342403889 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.342538118 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.342538118 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.342556000 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.342813015 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.371337891 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.371367931 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.371695042 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.371722937 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.371803999 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.401597023 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.401623964 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.401746035 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.401746035 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.401761055 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.402348995 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.429095984 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.429131031 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.429331064 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.429332018 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.429362059 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.429461002 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.454108953 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.454144001 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.454225063 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.454245090 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.454276085 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.454339027 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.487746000 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.487780094 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.487973928 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.488007069 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.488276005 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.508110046 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.508142948 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.508212090 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.508227110 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.508349895 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.508553028 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.536398888 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.536429882 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.536644936 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.536644936 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.536662102 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.536715984 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.564805031 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.564838886 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.564960003 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.564960003 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.564974070 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.565135956 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.591130018 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.591156006 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.591298103 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.591311932 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.591645956 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.614146948 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.614177942 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.614403009 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.614403963 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.614423037 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.614767075 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.636616945 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.636646032 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.636710882 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.636727095 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.636759043 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.636776924 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.664283037 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.664321899 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.664479971 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.664479971 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.664511919 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.664864063 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.689043045 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.689088106 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.689178944 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.689193964 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.689207077 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.689444065 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.710683107 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.710717916 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.711186886 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.711186886 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.711215973 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.711277008 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.735239029 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.735271931 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.735389948 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.735419989 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.735461950 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.735496998 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.757194042 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.757227898 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.758028984 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.758028984 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.758058071 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.758399010 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.780679941 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.780710936 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.780821085 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.780821085 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.780853033 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.780992985 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.806862116 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.806895018 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.807099104 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.807099104 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.807116032 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.807233095 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.819307089 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.819346905 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.819555044 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.819571972 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.819873095 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.851680040 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.851716995 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.852281094 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.852319956 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.852662086 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.982247114 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.982278109 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.982342005 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.982388973 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.982397079 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.982418060 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.982434034 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.982443094 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.982522011 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.982522011 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:57.982522964 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.982537031 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.982547998 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:57.982664108 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.008884907 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.008919954 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.009011984 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.009011984 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.009033918 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.009078979 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.032952070 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.032989025 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.033122063 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.033122063 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.033142090 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.033354044 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.061621904 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.061647892 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.061722994 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.061741114 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.061774015 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.061852932 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.100029945 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.100075006 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.100137949 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.100153923 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.100183964 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.100311995 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.129575968 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.129630089 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.129668951 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.129686117 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.129724979 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.129724979 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.166414022 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.166445971 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.166536093 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.166536093 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.166559935 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.166615009 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.180124998 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.180160046 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.180238008 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.180238008 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.180275917 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.180342913 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.220204115 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.220244884 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.220292091 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.220314026 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.220344067 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.220344067 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.256127119 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.256156921 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.256268024 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.256268024 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.256293058 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.256436110 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.279145002 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.279177904 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.279248953 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.279266119 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.279289961 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.279304981 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.306889057 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.306925058 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.306968927 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.306984901 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.307017088 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.307056904 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.330204010 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.330230951 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.330287933 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.330311060 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.330348015 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.330363035 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.362492085 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.362557888 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.362674952 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.362674952 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.362689018 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.366336107 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.386842966 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.386872053 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.386946917 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.386960983 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.386997938 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.386997938 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.414134026 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.414167881 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.414324999 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.414334059 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.414558887 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.446549892 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.446619034 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.446666002 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.446677923 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.446708918 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.446732998 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.470596075 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.470628023 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.470724106 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.470724106 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.470736027 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.470828056 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.491240978 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.491276026 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.491338015 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.491347075 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.491395950 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.491395950 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.519774914 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.519807100 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.519983053 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.519996881 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.520279884 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.552052021 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.552083969 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.552200079 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.552223921 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.552323103 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.571708918 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.571733952 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.571790934 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.571800947 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.571882963 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.600930929 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.600953102 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.601003885 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.601015091 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.601073027 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.633128881 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.633168936 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.633276939 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.633296013 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.633310080 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.633548021 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.657716990 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.657752991 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.657917976 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.657917976 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.657941103 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.658042908 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.674983025 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.675014019 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.675085068 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.675103903 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.675144911 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.675144911 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.706065893 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.706094980 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.706198931 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.706218004 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.706267118 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.706267118 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.736108065 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.736131907 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.736223936 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.736223936 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.736238956 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.736725092 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.762414932 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.762444973 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.762557983 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.762574911 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.762840986 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.786449909 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.786478043 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.786513090 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.786566973 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.786566973 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.786578894 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.786591053 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.786709070 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.786792994 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.786813974 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:08:58.786823034 CET | 49759 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:08:58.786828041 CET | 443 | 49759 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.024874926 CET | 49761 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.024924040 CET | 443 | 49761 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.024981022 CET | 49760 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.024998903 CET | 443 | 49760 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.025039911 CET | 49761 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.025280952 CET | 49760 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.027806997 CET | 49761 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.027817965 CET | 443 | 49761 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.028040886 CET | 49760 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.028050900 CET | 443 | 49760 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.305918932 CET | 443 | 49760 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.306071043 CET | 443 | 49761 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.312411070 CET | 49760 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.312436104 CET | 443 | 49760 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.326355934 CET | 49760 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.326366901 CET | 443 | 49760 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.327092886 CET | 49761 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.327119112 CET | 443 | 49761 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.347237110 CET | 49761 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.347265959 CET | 443 | 49761 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.488301992 CET | 443 | 49760 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.488331079 CET | 443 | 49760 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.488486052 CET | 49760 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.488502979 CET | 443 | 49760 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.488630056 CET | 443 | 49760 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.488785028 CET | 49760 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.488796949 CET | 443 | 49761 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.489346981 CET | 443 | 49761 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.492270947 CET | 49760 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.492290020 CET | 443 | 49760 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.492537975 CET | 49761 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.522165060 CET | 49761 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.522165060 CET | 49761 | 443 | 192.168.2.12 | 13.107.246.40 |
| Mar 26, 2025 14:09:04.522208929 CET | 443 | 49761 | 13.107.246.40 | 192.168.2.12 |
| Mar 26, 2025 14:09:04.522222042 CET | 443 | 49761 | 13.107.246.40 | 192.168.2.12 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 26, 2025 14:07:28.201853991 CET | 56487 | 53 | 192.168.2.12 | 1.1.1.1 |
| Mar 26, 2025 14:07:28.299495935 CET | 53 | 56487 | 1.1.1.1 | 192.168.2.12 |
| Mar 26, 2025 14:08:41.207173109 CET | 53337 | 53 | 192.168.2.12 | 1.1.1.1 |
| Mar 26, 2025 14:08:41.320658922 CET | 53 | 53337 | 1.1.1.1 | 192.168.2.12 |
| Mar 26, 2025 14:08:56.188347101 CET | 64137 | 53 | 192.168.2.12 | 1.1.1.1 |
| Mar 26, 2025 14:08:56.308496952 CET | 53 | 64137 | 1.1.1.1 | 192.168.2.12 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 26, 2025 14:07:28.201853991 CET | 192.168.2.12 | 1.1.1.1 | 0x7e4e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 26, 2025 14:08:41.207173109 CET | 192.168.2.12 | 1.1.1.1 | 0xce95 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 26, 2025 14:08:56.188347101 CET | 192.168.2.12 | 1.1.1.1 | 0xcea1 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 26, 2025 14:07:28.299495935 CET | 1.1.1.1 | 192.168.2.12 | 0x7e4e | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 14:07:28.299495935 CET | 1.1.1.1 | 192.168.2.12 | 0x7e4e | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 14:07:28.299495935 CET | 1.1.1.1 | 192.168.2.12 | 0x7e4e | No error (0) | shed.dual-low.s-part-0010.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 14:07:28.299495935 CET | 1.1.1.1 | 192.168.2.12 | 0x7e4e | No error (0) | s-part-0010.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 14:07:28.299495935 CET | 1.1.1.1 | 192.168.2.12 | 0x7e4e | No error (0) | 13.107.246.38 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 14:07:52.019475937 CET | 1.1.1.1 | 192.168.2.12 | 0xc1e4 | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 14:07:52.019475937 CET | 1.1.1.1 | 192.168.2.12 | 0xc1e4 | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 14:07:52.019475937 CET | 1.1.1.1 | 192.168.2.12 | 0xc1e4 | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 14:08:41.320658922 CET | 1.1.1.1 | 192.168.2.12 | 0xce95 | No error (0) | 147.79.86.93 | A (IP address) | IN (0x0001) | false | ||
| Mar 26, 2025 14:08:56.308496952 CET | 1.1.1.1 | 192.168.2.12 | 0xcea1 | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 14:08:56.308496952 CET | 1.1.1.1 | 192.168.2.12 | 0xcea1 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 14:08:56.308496952 CET | 1.1.1.1 | 192.168.2.12 | 0xcea1 | No error (0) | shed.dual-low.s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 14:08:56.308496952 CET | 1.1.1.1 | 192.168.2.12 | 0xcea1 | No error (0) | s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 26, 2025 14:08:56.308496952 CET | 1.1.1.1 | 192.168.2.12 | 0xcea1 | No error (0) | 13.107.246.40 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.12 | 49757 | 147.79.86.93 | 443 | 6192 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 13:08:41 UTC | 198 | OUT | |
| 2025-03-26 13:08:42 UTC | 397 | IN | |
| 2025-03-26 13:08:42 UTC | 38 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.12 | 49758 | 147.79.86.93 | 443 | 6192 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 13:08:42 UTC | 187 | OUT | |
| 2025-03-26 13:08:43 UTC | 454 | IN | |
| 2025-03-26 13:08:43 UTC | 2372 | IN | |
| 2025-03-26 13:08:43 UTC | 1724 | IN | |
| 2025-03-26 13:08:43 UTC | 557 | IN | |
| 2025-03-26 13:08:43 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.12 | 49759 | 13.107.246.40 | 443 | 6192 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 13:08:56 UTC | 226 | OUT | |
| 2025-03-26 13:08:56 UTC | 472 | IN | |
| 2025-03-26 13:08:56 UTC | 15912 | IN | |
| 2025-03-26 13:08:56 UTC | 16384 | IN | |
| 2025-03-26 13:08:56 UTC | 16384 | IN | |
| 2025-03-26 13:08:57 UTC | 16384 | IN | |
| 2025-03-26 13:08:57 UTC | 16384 | IN | |
| 2025-03-26 13:08:57 UTC | 16384 | IN | |
| 2025-03-26 13:08:57 UTC | 16384 | IN | |
| 2025-03-26 13:08:57 UTC | 16384 | IN | |
| 2025-03-26 13:08:57 UTC | 16384 | IN | |
| 2025-03-26 13:08:57 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.12 | 49760 | 13.107.246.40 | 443 | 6192 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 13:09:04 UTC | 214 | OUT | |
| 2025-03-26 13:09:04 UTC | 494 | IN | |
| 2025-03-26 13:09:04 UTC | 2128 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.12 | 49761 | 13.107.246.40 | 443 | 6192 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-26 13:09:04 UTC | 214 | OUT | |
| 2025-03-26 13:09:04 UTC | 470 | IN | |
| 2025-03-26 13:09:04 UTC | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 09:07:46 |
| Start date: | 26/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xee0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 6 |
| Start time: | 09:08:50 |
| Start date: | 26/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff76ed70000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 9 |
| Start time: | 09:09:00 |
| Start date: | 26/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xee0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Call Graph
Graph
Hide Legend
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet1" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet2" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet3" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "ThisWorkbook" |
| 2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
