Edit tour
Windows
Analysis Report
Purchase Inquiry.xla.xlsx
Overview
General Information
| Sample name: | Purchase Inquiry.xla.xlsx |
| Analysis ID: | 1633348 |
| MD5: | c672b4eeec39f46454b43c1214ef293f |
| SHA1: | 2e706822d8e8f6250ff0d0dad46ce3886f71c08e |
| SHA256: | 081c752918d77ca90b7c46d538720c4a64b04593acd3d68f0ba9a5decbc99061 |
| Tags: | xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 60 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 7288 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
mshta.exe (PID: 4344 cmdline: C:\Windows \SysWOW64\ mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505) 
splwow64.exe (PID: 5000 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 3876 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\P urchase In quiry.xla. xlsx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: | ||
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-10T09:27:02.716460+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49730 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:27:10.227086+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49731 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:27:10.304675+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49732 | 13.107.253.72 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Software Vulnerabilities | |
|---|
| Source: | Process created: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD004F96D3/\x1Ole' : | ||
| Source: | Stream path 'MBD004F96D3/\x1Ole' : | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD004F96D2/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Stream path 'Package' entropy: | ||
| Source: | Stream path 'MBD004F96D2/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 25% | Virustotal | Browse | ||
| 21% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| s-part-0044.t-0009.fb-t-msedge.net | 13.107.253.72 | true | false | high | |
| s-0005.dual-s-dc-msedge.net | 52.123.131.14 | true | false | high | |
| service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | 3.39.153.44 | true | false | unknown | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high | |
| link.saja.market | unknown | unknown | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false |
| unknown | |
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 198.23.187.151 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
| 13.107.253.72 | s-part-0044.t-0009.fb-t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 3.39.153.44 | service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | United States | 8987 | AMAZONEXPANSIONGB | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1633348 |
| Start date and time: | 2025-03-10 09:24:29 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 44s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Without Instrumentation |
| Number of analysed new started processes analysed: | 22 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Purchase Inquiry.xla.xlsx |
| Detection: | MAL |
| Classification: | mal60.expl.winXLSX@6/9@2/3 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, audiodg.exe, sppsvc.exe, ShellExperienceHost.exe, WMIADAP.exe, conhost.exe, svchost.exe, MavInject32.exe
- Excluded IPs from analysis (whitelisted): 52.109.89.18, 23.60.203.209, 52.109.28.47, 20.189.173.16, 52.182.143.215, 52.123.131.14, 172.202.163.200, 40.126.31.73
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, weu-azsc-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, login.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, onedscolprdcus22.centralus.cloudapp.azure.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, prod.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, onedscolprdwus17.westus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, uks-azsc-000.roaming.officeapps.live.com, config.officeapps.live.com, e16604.f.akamaiedge.net, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadFile calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 04:27:00 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 198.23.187.151 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| 13.107.253.72 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mimikatz | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 3.39.153.44 | Get hash | malicious | Unknown | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| s-0005.dual-s-dc-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Mimikatz | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| s-part-0044.t-0009.fb-t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | KeyLogger, StormKitty, VenomRAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AS-COLOCROSSINGUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cobalt Strike, FormBook | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| AMAZONEXPANSIONGB | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cobalt Strike, FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Moobot | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
⊘No context
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 836 |
| Entropy (8bit): | 2.7151910322565733 |
| Encrypted: | false |
| SSDEEP: | 24:J3fIxk+vpKAk6ScvoGA8xpiOnAvJ5yoIHWK:h3+RfkpcvoGAYcvJ5LIHD |
| MD5: | 92A7E6E963E0E668F6585E8694F68380 |
| SHA1: | 9CFB8F0EA9A80C54FEBF664E2E8DA3A20C6F5DAE |
| SHA-256: | F09EE04026948847263A11CC3D3276A676246EF074A985681DBEF03D76801482 |
| SHA-512: | F3E94DC16458B4CE76A18D44360256A233CDF918A34FDB0AB3A85AF5FA3ADEB8B0BBB173CE658D8344939FE77AEB467C04D111A887424A65BA2833897DE3F4E2 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1040384 |
| Entropy (8bit): | 7.964079055908874 |
| Encrypted: | false |
| SSDEEP: | 24576:Ahjj9AYF2FzhrHJc9E4Z5/iYySeTlCXE5cUJIwg:PNRDO5/iY/ksTUzg |
| MD5: | 710D26BC900A8B72CB530E80E8D00C20 |
| SHA1: | 9C7EFCD5DA1D01B27583C0107B73E1DF70C0EAB3 |
| SHA-256: | 87615FF58BED952A4D4DF3F87425C836775873E24E079BDEF87FB7FDA4056C24 |
| SHA-512: | C0A65048439A1DF537322A0F94F412060D88B817E93F99DED1B012635AF9E88A5B6F6140FD5E65060DF98E2498B382846C66D324133318A5E34E3412260BE6AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1061376 |
| Entropy (8bit): | 7.934198088792555 |
| Encrypted: | false |
| SSDEEP: | 24576:mhjj9AYF2FzhrHJc9E4Z5/iYySeTlCXE5cUJIwg:1NRDO5/iY/ksTUzg |
| MD5: | C5CC68B3A34D802123536C55259A1F82 |
| SHA1: | 30E06023E41AED7DE5480B5A8247B0696A942206 |
| SHA-256: | CC359291C407D1ED0844111164C4556A6ED4D41B811DAD62059031904EEF2366 |
| SHA-512: | B6D7376C1FFF84AD3467F319EF3D75F217E645F3B41DA6B13543F21E2EB5F13D38AA135575282DC1E13383072DCCAE52366BFCBB9D15966BC5F468F7A09772A8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1302016 |
| Entropy (8bit): | 7.988511215330575 |
| Encrypted: | false |
| SSDEEP: | 24576:4hjj9AYF2FzhrHJc9E4Z5/iYySeTlCXE5cUJIwgZrUg2VvCN+:3NRDO5/iY/ksTUzgZQFVC |
| MD5: | 1A1B51D06E31D519B93B741AE0959A96 |
| SHA1: | AFC1C054FC3252791047BEDED84D7B0149DB2ADC |
| SHA-256: | C9DFF46AD75F831C0653AE30F88B46BA58624D9D635679CFF337979713E1D083 |
| SHA-512: | A5E8F9719441419A285AE5F33E6167CF38397207A0AE0527AFA204C8416CE7A6777F8ECD37A21A182AA05293CAA493E039DEE8F5F08C2C44ED1C00359072FBB0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | modified |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1302016 |
| Entropy (8bit): | 7.988511215330575 |
| Encrypted: | false |
| SSDEEP: | 24576:4hjj9AYF2FzhrHJc9E4Z5/iYySeTlCXE5cUJIwgZrUg2VvCN+:3NRDO5/iY/ksTUzgZQFVC |
| MD5: | 1A1B51D06E31D519B93B741AE0959A96 |
| SHA1: | AFC1C054FC3252791047BEDED84D7B0149DB2ADC |
| SHA-256: | C9DFF46AD75F831C0653AE30F88B46BA58624D9D635679CFF337979713E1D083 |
| SHA-512: | A5E8F9719441419A285AE5F33E6167CF38397207A0AE0527AFA204C8416CE7A6777F8ECD37A21A182AA05293CAA493E039DEE8F5F08C2C44ED1C00359072FBB0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.4377382811115937 |
| Encrypted: | false |
| SSDEEP: | 3:KVC+cAmltV:KVC+cR |
| MD5: | 9C7132B2A8CABF27097749F4D8447635 |
| SHA1: | 71D7F78718A7AFC3EAB22ED395321F6CBE2F9899 |
| SHA-256: | 7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83 |
| SHA-512: | 333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.9788139371410525 |
| TrID: |
|
| File name: | Purchase Inquiry.xla.xlsx |
| File size: | 1'199'616 bytes |
| MD5: | c672b4eeec39f46454b43c1214ef293f |
| SHA1: | 2e706822d8e8f6250ff0d0dad46ce3886f71c08e |
| SHA256: | 081c752918d77ca90b7c46d538720c4a64b04593acd3d68f0ba9a5decbc99061 |
| SHA512: | 80f9c1e0894327bca8f8d45de997a566027abe1a912c9b631426db0289b34708c4b450034dbfff914cc75c0ece9058dd40fb970b1436a191981bc8a6299a40d2 |
| SSDEEP: | 24576:wJIwgJIb3nOXYXKFlQB0Nu/KU+0hPCwTKrsJ39TdjndVOo:wzgG7O7Fl2OP66BrsJ39Tdbi |
| TLSH: | 9E4523D0BD847B06CF17023A5F9ED46E580BBE6F1688950B7634779A1232D7D81F223A |
| File Content Preview: | ........................>...............................................................................................................{.......}.............................................................................................................. |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-10 05:34:50 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a4 77 0e 8a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w , j . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a4 77 2c 6a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w = . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a4 77 e6 3d 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a4 77 da 90 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.226575879994164 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . c $ ~ . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD004F96D2/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD004F96D2/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 904446 |
| Entropy: | 7.992262426764061 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . h . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 d5 68 cd d7 f9 01 00 00 da 08 00 00 13 00 c4 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c0 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD004F96D3/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 756 |
| Entropy: | 5.21668721763852 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . Q . x . . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . l . i . n . k . . . s . a . j . a . . . m . a . r . k . e . t . / . q . h . F . d . y . e . U . k . n . z . ? . & . l . o . v . e . = . w . a . g . g . i . s . h . & . n . e . p . h . e . w . . . l . D ] j . D & } . Q n . : L R v . . C J 2 [ . . . J . . P . m . . w t L P ; p ~ . w F + 7 . . ! 1 { g _ @ . . . _ C j . , { & O | \\ f . % 2 d B } . . . . . . . . . . . . . . . . . . . . . I . V . B . r . h . y . |
| Data Raw: | 01 00 00 02 f7 ec da 0d 51 1b bf 78 00 00 00 00 00 00 00 00 00 00 00 00 02 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b fe 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6c 00 69 00 6e 00 6b 00 2e 00 73 00 61 00 6a 00 61 00 2e 00 6d 00 61 00 72 00 6b 00 65 00 74 00 2f 00 71 00 68 00 46 00 64 00 79 00 65 00 55 00 6b 00 6e 00 7a 00 3f 00 26 00 6c 00 6f 00 76 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 270887 |
| Entropy: | 7.998386624139689 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . m z . F @ . ; _ . h . . 0 . . 8 d % . . . + e { / m | . . . . . . . . . . . . . . \\ . p . . 3 7 t . . U w g < } I . . i 6 R J h 5 F , - L 9 . o ? * + @ Y C . K A W H x a V X . . 6 B = / g . . B 1 b N . . . m z B . . . # a . . . . . . . = . . . ~ = _ . . . . . 1 . ^ % r . . . . . . . . w S . . . . 7 . . . . . . . { . . . . o = . . . S ) . N < - * . . @ . . . K . . . . E " . . . . . . . . . . . . . . W 1 . . . I _ s ' f . " H V . . 1 . . . . z u r y . |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 6d b5 c6 7a 16 46 b3 a9 40 93 1e d1 3b 5f 02 9a 68 1c 06 85 30 0b 00 b4 38 64 f8 25 b7 8f e4 bf e8 f2 09 c0 f8 cf 16 0b 2b bc 65 ff 7b 2f 6d 7c 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 d4 98 e2 00 00 00 5c 00 70 00 9d f2 13 95 82 33 37 d9 74 bc 04 85 ca d3 9d 8b bc 92 fc de cb c0 84 55 77 f9 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 531 |
| Entropy: | 5.20073532122586 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { A 1 C 2 C C 0 0 - E 7 E 6 - 4 A E A - A B 7 6 - A F 3 A 0 A 6 7 5 B 0 8 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 3 6 3 4 2 5 C B 3 D D B C D D F C |
| Data Raw: | 49 44 3d 22 7b 41 31 43 32 43 43 30 30 2d 45 37 45 36 2d 34 41 45 41 2d 41 42 37 36 2d 41 46 33 41 30 41 36 37 35 42 30 38 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.980477309748237 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.356512508349015 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . # . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 23 08 e6 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-10T09:27:02.716460+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49730 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:27:10.227086+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49731 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:27:10.304675+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49732 | 13.107.253.72 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 10, 2025 09:26:45.199500084 CET | 49728 | 443 | 192.168.2.4 | 3.39.153.44 |
| Mar 10, 2025 09:26:45.199552059 CET | 443 | 49728 | 3.39.153.44 | 192.168.2.4 |
| Mar 10, 2025 09:26:45.199645042 CET | 49728 | 443 | 192.168.2.4 | 3.39.153.44 |
| Mar 10, 2025 09:26:45.200027943 CET | 49728 | 443 | 192.168.2.4 | 3.39.153.44 |
| Mar 10, 2025 09:26:45.200046062 CET | 443 | 49728 | 3.39.153.44 | 192.168.2.4 |
| Mar 10, 2025 09:26:47.947541952 CET | 443 | 49728 | 3.39.153.44 | 192.168.2.4 |
| Mar 10, 2025 09:26:47.947704077 CET | 49728 | 443 | 192.168.2.4 | 3.39.153.44 |
| Mar 10, 2025 09:26:47.952183962 CET | 49728 | 443 | 192.168.2.4 | 3.39.153.44 |
| Mar 10, 2025 09:26:47.952214956 CET | 443 | 49728 | 3.39.153.44 | 192.168.2.4 |
| Mar 10, 2025 09:26:47.952545881 CET | 443 | 49728 | 3.39.153.44 | 192.168.2.4 |
| Mar 10, 2025 09:26:47.952646017 CET | 49728 | 443 | 192.168.2.4 | 3.39.153.44 |
| Mar 10, 2025 09:26:47.953007936 CET | 49728 | 443 | 192.168.2.4 | 3.39.153.44 |
| Mar 10, 2025 09:26:47.996334076 CET | 443 | 49728 | 3.39.153.44 | 192.168.2.4 |
| Mar 10, 2025 09:26:48.524729967 CET | 443 | 49728 | 3.39.153.44 | 192.168.2.4 |
| Mar 10, 2025 09:26:48.524883032 CET | 49728 | 443 | 192.168.2.4 | 3.39.153.44 |
| Mar 10, 2025 09:26:48.524912119 CET | 443 | 49728 | 3.39.153.44 | 192.168.2.4 |
| Mar 10, 2025 09:26:48.524967909 CET | 49728 | 443 | 192.168.2.4 | 3.39.153.44 |
| Mar 10, 2025 09:26:48.531327009 CET | 49728 | 443 | 192.168.2.4 | 3.39.153.44 |
| Mar 10, 2025 09:26:48.531399012 CET | 443 | 49728 | 3.39.153.44 | 192.168.2.4 |
| Mar 10, 2025 09:26:48.531471014 CET | 49728 | 443 | 192.168.2.4 | 3.39.153.44 |
| Mar 10, 2025 09:26:48.533490896 CET | 49729 | 80 | 192.168.2.4 | 198.23.187.151 |
| Mar 10, 2025 09:26:48.539343119 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:48.539494991 CET | 49729 | 80 | 192.168.2.4 | 198.23.187.151 |
| Mar 10, 2025 09:26:48.539660931 CET | 49729 | 80 | 192.168.2.4 | 198.23.187.151 |
| Mar 10, 2025 09:26:48.544954062 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.042288065 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.042310953 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.042324066 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.042412996 CET | 49729 | 80 | 192.168.2.4 | 198.23.187.151 |
| Mar 10, 2025 09:26:49.042494059 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.042505980 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.042519093 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.042576075 CET | 49729 | 80 | 192.168.2.4 | 198.23.187.151 |
| Mar 10, 2025 09:26:49.042953014 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.042967081 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.042979002 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.042993069 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.043016911 CET | 49729 | 80 | 192.168.2.4 | 198.23.187.151 |
| Mar 10, 2025 09:26:49.043040991 CET | 49729 | 80 | 192.168.2.4 | 198.23.187.151 |
| Mar 10, 2025 09:26:49.049762011 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.049776077 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.049787045 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.051281929 CET | 49729 | 80 | 192.168.2.4 | 198.23.187.151 |
| Mar 10, 2025 09:26:49.132396936 CET | 80 | 49729 | 198.23.187.151 | 192.168.2.4 |
| Mar 10, 2025 09:26:49.132512093 CET | 49729 | 80 | 192.168.2.4 | 198.23.187.151 |
| Mar 10, 2025 09:26:49.281081915 CET | 49729 | 80 | 192.168.2.4 | 198.23.187.151 |
| Mar 10, 2025 09:26:49.281125069 CET | 49729 | 80 | 192.168.2.4 | 198.23.187.151 |
| Mar 10, 2025 09:27:00.531716108 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:00.531754971 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:00.531826019 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:00.532115936 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:00.532129049 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:02.716372013 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:02.716459990 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:02.718075991 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:02.718084097 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:02.718332052 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:02.719527006 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:02.764331102 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.251636028 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.251666069 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.251683950 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.251740932 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.251759052 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.251777887 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.251792908 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.321614981 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.321645021 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.321696043 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.321722984 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.321736097 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.322576046 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.360817909 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.360846043 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.361016035 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.361016035 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.361031055 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.361531019 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.407188892 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.407217026 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.407282114 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.407300949 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.407347918 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.419548035 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.419565916 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.419617891 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.419632912 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.419658899 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.419675112 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.441304922 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.441323042 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.441381931 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.441395998 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.441418886 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.441473961 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.458745003 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.458772898 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.458820105 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.458834887 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.458869934 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.458883047 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.525408030 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.525434971 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.525509119 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.525527954 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.525553942 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.525577068 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.534943104 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.534964085 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.535073042 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.535089016 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.535157919 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.545157909 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.545186996 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.545241117 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.545259953 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.545285940 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.545308113 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.553699017 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.553729057 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.553775072 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.553792000 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.553821087 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.553839922 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.562836885 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.562855005 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.562910080 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.562926054 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.563163996 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.571510077 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.571527958 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.571573973 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.571588993 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.571691990 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.578598976 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.578615904 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.578656912 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.578669071 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.578696966 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.578715086 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.587703943 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.587722063 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.587763071 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.587805033 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.587811947 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.587922096 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.619189978 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.619221926 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.619259119 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.619277000 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.619291067 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.619311094 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.623709917 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.623733044 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.623815060 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.623828888 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.624037981 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.634483099 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.634500027 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.634602070 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.634617090 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.634908915 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.644643068 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.644664049 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.644737005 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.644752979 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.644922018 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.652477026 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.652494907 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.652555943 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.652570963 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.652611971 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.661676884 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.661695004 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.661799908 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.661815882 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.661957979 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.669047117 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.669063091 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.669137001 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.669148922 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.669645071 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.678262949 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.678288937 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.678390980 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.678402901 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.678726912 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.685858011 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.685885906 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.685965061 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.685981035 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.686228037 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.717669964 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.717704058 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.717753887 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.717773914 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.717807055 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.717818022 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.730293036 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.730315924 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.730376005 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.730396032 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.730411053 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.730432987 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.740444899 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.740467072 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.740513086 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.740526915 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.740549088 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.740566969 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.748848915 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.748867989 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.748905897 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.748919964 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.748943090 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.748969078 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.757668018 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.757688046 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.757742882 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.757759094 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.757829905 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.764898062 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.764924049 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.764969110 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.764986992 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.765007019 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.765024900 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.771528959 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.771545887 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.771600008 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.771614075 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.771652937 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.780023098 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.780040026 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.780101061 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.780114889 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.780162096 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.816695929 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.816724062 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.816771984 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.816790104 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.816824913 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.816840887 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.827245951 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.827265978 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.827325106 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.827339888 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.827496052 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.835508108 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.835526943 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.835611105 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.835624933 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.835670948 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.845103979 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.845122099 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.845172882 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.845186949 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.845215082 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.845230103 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.853720903 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.853738070 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.853837013 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.853851080 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.854016066 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.860785961 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.860811949 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.860867977 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.860884905 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.860909939 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.860924959 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.869985104 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.870003939 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.870048046 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.870064020 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.870086908 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.870100975 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.903101921 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.903124094 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.903187037 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.903202057 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.903258085 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.910729885 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.910747051 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.910809040 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.910821915 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.910888910 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.933727026 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.933747053 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.933805943 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.933823109 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.933871031 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.935148001 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.935164928 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.935254097 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.935261011 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.935350895 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.938994884 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.939011097 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.939060926 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.939071894 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.939146996 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.947675943 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.947694063 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.947793961 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.947804928 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.948014021 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.954891920 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.954915047 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.954972029 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.954987049 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.955013990 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.955029964 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.963860989 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.963888884 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.963942051 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.963954926 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.963980913 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.964004040 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.997397900 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.997426033 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.997483969 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:03.997502089 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:03.997644901 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.004899979 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.004920006 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.004981995 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.004993916 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.005109072 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.016742945 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.016765118 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.016834021 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.016848087 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.017025948 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.023916006 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.023936033 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.023984909 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.023996115 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.024025917 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.024040937 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.032901049 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.032918930 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.032983065 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.032995939 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.033040047 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.041671038 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.041698933 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.041774035 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.041790009 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.041862011 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.049002886 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.049021006 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.049078941 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.049092054 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.049115896 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.049137115 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.057933092 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.057950020 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.058003902 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.058017015 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.058041096 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.058058023 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.091275930 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.091304064 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.091362000 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.091377974 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.091409922 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.091429949 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.098867893 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.098886013 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.098936081 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.098947048 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.098978043 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.098995924 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.109472036 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.109488964 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.109546900 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.109559059 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.109610081 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.118031979 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.118048906 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.118104935 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.118115902 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.118237972 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.130259991 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.130279064 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.130337000 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.130350113 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.130471945 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.135907888 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.135925055 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.136004925 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.136014938 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.136296988 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.143373013 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.143388987 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.143450975 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.143461943 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.143497944 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.153465033 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.153486013 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.153558016 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.153572083 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.153727055 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.185592890 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.185616016 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.185678959 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.185695887 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.185714006 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.185725927 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.193273067 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.193289995 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.193361044 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.193376064 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.193416119 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.204842091 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.204862118 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.204916954 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.204932928 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.204943895 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.204973936 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.211766958 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.211785078 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.211848974 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.211860895 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.211884975 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.211904049 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.221787930 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.221810102 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.221841097 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.221867085 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.221880913 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.221909046 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.221920967 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.221961975 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.222119093 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.222140074 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:04.222151041 CET | 49730 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:04.222156048 CET | 443 | 49730 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:08.150105953 CET | 49731 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:08.150162935 CET | 443 | 49731 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:08.150438070 CET | 49731 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:08.150733948 CET | 49731 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:08.150753021 CET | 443 | 49731 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:08.151688099 CET | 49732 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:08.151731014 CET | 443 | 49732 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:08.151887894 CET | 49732 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:08.152139902 CET | 49732 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:08.152154922 CET | 443 | 49732 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.226449013 CET | 443 | 49731 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.227086067 CET | 49731 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:10.227117062 CET | 443 | 49731 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.228214979 CET | 49731 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:10.228234053 CET | 443 | 49731 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.304083109 CET | 443 | 49732 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.304675102 CET | 49732 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:10.304699898 CET | 443 | 49732 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.305684090 CET | 49732 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:10.305690050 CET | 443 | 49732 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.727385998 CET | 443 | 49731 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.727412939 CET | 443 | 49731 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.727510929 CET | 49731 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:10.727531910 CET | 443 | 49731 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.727885008 CET | 49731 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:10.727885008 CET | 49731 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:10.727902889 CET | 443 | 49731 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.728106976 CET | 443 | 49731 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.728142023 CET | 443 | 49731 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.728200912 CET | 49731 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:10.814126968 CET | 443 | 49732 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.814212084 CET | 443 | 49732 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.814306021 CET | 49732 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:10.814420938 CET | 49732 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:10.814439058 CET | 443 | 49732 | 13.107.253.72 | 192.168.2.4 |
| Mar 10, 2025 09:27:10.814461946 CET | 49732 | 443 | 192.168.2.4 | 13.107.253.72 |
| Mar 10, 2025 09:27:10.814467907 CET | 443 | 49732 | 13.107.253.72 | 192.168.2.4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 10, 2025 09:26:45.124666929 CET | 63403 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 10, 2025 09:26:45.185975075 CET | 53 | 63403 | 1.1.1.1 | 192.168.2.4 |
| Mar 10, 2025 09:27:00.523468018 CET | 64468 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 10, 2025 09:27:00.530965090 CET | 53 | 64468 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 10, 2025 09:26:45.124666929 CET | 192.168.2.4 | 1.1.1.1 | 0xa262 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 10, 2025 09:27:00.523468018 CET | 192.168.2.4 | 1.1.1.1 | 0x169c | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 10, 2025 09:25:52.252778053 CET | 1.1.1.1 | 192.168.2.4 | 0xf888 | No error (0) | shed.s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:25:52.252778053 CET | 1.1.1.1 | 192.168.2.4 | 0xf888 | No error (0) | s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:25:52.252778053 CET | 1.1.1.1 | 192.168.2.4 | 0xf888 | No error (0) | 52.123.131.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:25:52.252778053 CET | 1.1.1.1 | 192.168.2.4 | 0xf888 | No error (0) | 52.123.130.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:26:45.185975075 CET | 1.1.1.1 | 192.168.2.4 | 0xa262 | No error (0) | istio.saja.market | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:26:45.185975075 CET | 1.1.1.1 | 192.168.2.4 | 0xa262 | No error (0) | service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:26:45.185975075 CET | 1.1.1.1 | 192.168.2.4 | 0xa262 | No error (0) | 3.39.153.44 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:26:45.185975075 CET | 1.1.1.1 | 192.168.2.4 | 0xa262 | No error (0) | 3.39.89.152 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:27:00.530965090 CET | 1.1.1.1 | 192.168.2.4 | 0x169c | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:27:00.530965090 CET | 1.1.1.1 | 192.168.2.4 | 0x169c | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:27:00.530965090 CET | 1.1.1.1 | 192.168.2.4 | 0x169c | No error (0) | shed.dual-low.s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:27:00.530965090 CET | 1.1.1.1 | 192.168.2.4 | 0x169c | No error (0) | azurefd-t-fb-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:27:00.530965090 CET | 1.1.1.1 | 192.168.2.4 | 0x169c | No error (0) | dual.s-part-0044.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:27:00.530965090 CET | 1.1.1.1 | 192.168.2.4 | 0x169c | No error (0) | s-part-0044.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:27:00.530965090 CET | 1.1.1.1 | 192.168.2.4 | 0x169c | No error (0) | 13.107.253.72 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49729 | 198.23.187.151 | 80 | 7288 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 10, 2025 09:26:48.539660931 CET | 248 | OUT | |
| Mar 10, 2025 09:26:49.042288065 CET | 1236 | IN | |
| Mar 10, 2025 09:26:49.042310953 CET | 1236 | IN | |
| Mar 10, 2025 09:26:49.042324066 CET | 1236 | IN | |
| Mar 10, 2025 09:26:49.042494059 CET | 1236 | IN | |
| Mar 10, 2025 09:26:49.042505980 CET | 1236 | IN | |
| Mar 10, 2025 09:26:49.042519093 CET | 1236 | IN | |
| Mar 10, 2025 09:26:49.042953014 CET | 1236 | IN | |
| Mar 10, 2025 09:26:49.042967081 CET | 1000 | IN | |
| Mar 10, 2025 09:26:49.042979002 CET | 1236 | IN | |
| Mar 10, 2025 09:26:49.042993069 CET | 1236 | IN | |
| Mar 10, 2025 09:26:49.049762011 CET | 1236 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49728 | 3.39.153.44 | 443 | 7288 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:26:47 UTC | 225 | OUT | |
| 2025-03-10 08:26:48 UTC | 515 | IN | |
| 2025-03-10 08:26:48 UTC | 100 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49730 | 13.107.253.72 | 443 | 7288 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:27:02 UTC | 226 | OUT | |
| 2025-03-10 08:27:03 UTC | 500 | IN | |
| 2025-03-10 08:27:03 UTC | 15884 | IN | |
| 2025-03-10 08:27:03 UTC | 16384 | IN | |
| 2025-03-10 08:27:03 UTC | 16384 | IN | |
| 2025-03-10 08:27:03 UTC | 16384 | IN | |
| 2025-03-10 08:27:03 UTC | 16384 | IN | |
| 2025-03-10 08:27:03 UTC | 16384 | IN | |
| 2025-03-10 08:27:03 UTC | 16384 | IN | |
| 2025-03-10 08:27:03 UTC | 16384 | IN | |
| 2025-03-10 08:27:03 UTC | 16384 | IN | |
| 2025-03-10 08:27:03 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49731 | 13.107.253.72 | 443 | 7288 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:27:10 UTC | 214 | OUT | |
| 2025-03-10 08:27:10 UTC | 522 | IN | |
| 2025-03-10 08:27:10 UTC | 2128 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49732 | 13.107.253.72 | 443 | 7288 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:27:10 UTC | 214 | OUT | |
| 2025-03-10 08:27:10 UTC | 498 | IN | |
| 2025-03-10 08:27:10 UTC | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 04:25:43 |
| Start date: | 10/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xa60000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 14 |
| Start time: | 04:26:48 |
| Start date: | 10/03/2025 |
| Path: | C:\Windows\SysWOW64\mshta.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x7ff6ac620000 |
| File size: | 13'312 bytes |
| MD5 hash: | 06B02D5C097C7DB1F109749C45F3F505 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 16 |
| Start time: | 04:27:00 |
| Start date: | 10/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff780a20000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 19 |
| Start time: | 04:27:24 |
| Start date: | 10/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xa60000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly