Edit tour
Windows
Analysis Report
POETDB24-25771.xla.xlsx
Overview
General Information
| Sample name: | POETDB24-25771.xla.xlsx |
| Analysis ID: | 1633349 |
| MD5: | 70ff76bdbb7897e2c3731021351facd3 |
| SHA1: | 107545e7202e995328364052a96083e743881acc |
| SHA256: | faf027205ff3109e74b13910c005ddb30148d1c9bb71f4d8739949d04a6be27d |
| Tags: | xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 60 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 6152 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
mshta.exe (PID: 7328 cmdline: C:\Windows \SysWOW64\ mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505) 
splwow64.exe (PID: 7440 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 7692 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\P OETDB24-25 771.xla.xl sx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: | ||
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-10T09:13:39.957907+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.8 | 49701 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:13:48.103786+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.8 | 49703 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:13:48.152761+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.8 | 49702 | 13.107.253.72 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | ReversingLabs: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Software Vulnerabilities | |
|---|
| Source: | Process created: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD004FA1DE/\x1Ole' : | ||
| Source: | Stream path 'MBD004FA1DE/\x1Ole' : | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD004FA1DD/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Stream path 'Package' entropy: | ||
| Source: | Stream path 'MBD004FA1DD/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 21% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
| s-part-0044.t-0009.fb-t-msedge.net | 13.107.253.72 | true | false | high | |
| s-0005.dual-s-dc-msedge.net | 52.123.131.14 | true | false | high | |
| service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | 3.39.153.44 | true | false | unknown | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high | |
| link.saja.market | unknown | unknown | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false |
| unknown | |
| false | high | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 198.23.187.151 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
| 13.107.253.72 | s-part-0044.t-0009.fb-t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 3.39.153.44 | service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | United States | 8987 | AMAZONEXPANSIONGB | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1633349 |
| Start date and time: | 2025-03-10 09:11:22 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 31s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 20 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | POETDB24-25771.xla.xlsx |
| Detection: | MAL |
| Classification: | mal60.expl.winXLSX@6/9@2/3 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, MavInject32.exe
- Excluded IPs from analysis (whitelisted): 52.109.89.18, 23.60.203.209, 52.109.89.19, 199.232.210.172, 13.89.178.27, 52.109.28.46, 52.182.143.215, 52.123.131.14, 52.149.20.212, 40.126.31.1
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, weu-azsc-000.roaming.officeapps.live.com, weu-azsc-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, dual-s-0005-office.config.skype.com, login.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, wu-b-net.trafficmanager.net, onedscolprdcus22.centralus.cloudapp.azure.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprdcus03.centralus.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, fe3cr.delivery.mp.microsoft.com, config.officeapps.live.com, e16604.f.akamaiedge.net, ecs.office.trafficmanager.net, e
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 04:13:32 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 13.107.253.72 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mimikatz | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | Get hash | malicious | Remcos, GuLoader | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CobaltStrike, Metasploit | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | AsyncRAT, DarkTortilla, XWorm | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| s-0005.dual-s-dc-msedge.net | Get hash | malicious | unknown | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Mimikatz | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Hidden Macro 4.0 | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| s-part-0044.t-0009.fb-t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | KeyLogger, StormKitty, VenomRAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Microsoft Phishing | Browse |
| ||
| Get hash | malicious | Mimikatz | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AS-COLOCROSSINGUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cobalt Strike, FormBook | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| AMAZONEXPANSIONGB | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cobalt Strike, FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Amadey, GCleaner, LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
⊘No context
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 784 |
| Entropy (8bit): | 2.7137690747287806 |
| Encrypted: | false |
| SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
| MD5: | 09F73B3902CD3D88E04312787956B654 |
| SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
| SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
| SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1062912 |
| Entropy (8bit): | 7.934977078629466 |
| Encrypted: | false |
| SSDEEP: | 24576:TfcKRlMeF5vSrSP42f7ScfeTlCXE5cUJIwg:Lt7rf+cfksTUzg |
| MD5: | 83B545BE740DEF35E8CFD1159E915B9D |
| SHA1: | 906C69CADF9628CE9EE84930A14AE6C7AEA4D6D9 |
| SHA-256: | 1634EDF28461DC3152CF0C494AC4C1D9EC3D440D795C38E3ADD854FD2CD35135 |
| SHA-512: | 3EDD2C884BF44A8A4E85FF2EFF336148C804277A3CB62DF6E9A47B2666F298628458E95FA209BD01ADC6303BB09151ECFEA65B97D8B282DE10E65E40ACDF2557 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1044480 |
| Entropy (8bit): | 7.958663386304986 |
| Encrypted: | false |
| SSDEEP: | 24576:PfcKRlMeF5vSrSP42f7ScfeTlCXE5cUJIwg:Ht7rf+cfksTUzg |
| MD5: | E585534DC5894BF36B8F636108C861CA |
| SHA1: | 33C233B8EC0C9E16F46052E24559C29CBBBE0249 |
| SHA-256: | 44E034B301E501255FE4BA214B3A5A2824813B414D751814D8609DBD04DB8073 |
| SHA-512: | 7A577D548E0FEE5FF66CF346E22A195F27040B57186DA7CAA0DCAF4F70146061012CD2D50A6200DC5F645B016F5359B2782A36421C50FF018EB00972E54A8983 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1304064 |
| Entropy (8bit): | 7.98889625528205 |
| Encrypted: | false |
| SSDEEP: | 24576:LfcKRlMeF5vSrSP42f7ScfeTlCXE5cUJIwgQiHf57UMYcCrSU:jt7rf+cfksTUzgQQPOSU |
| MD5: | 66E5944092CD52EE5A76A69C863C8067 |
| SHA1: | AF7C5293AC7C77AAD6423F2512FA284F4A238E7E |
| SHA-256: | D71AD351BECA7E766E2AFDB5DF547B73BC00D8161A8217483B2BC5A6A0A1AFA1 |
| SHA-512: | 3D4CB0E3909E7043AB1996A51A21CE3149773165211AC9FEF2D5F711735D5A64660F87702F6AF40F85535922397C9D3C8CB533D66F96757FDCB8D607C90209CC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1304064 |
| Entropy (8bit): | 7.98889625528205 |
| Encrypted: | false |
| SSDEEP: | 24576:LfcKRlMeF5vSrSP42f7ScfeTlCXE5cUJIwgQiHf57UMYcCrSU:jt7rf+cfksTUzgQQPOSU |
| MD5: | 66E5944092CD52EE5A76A69C863C8067 |
| SHA1: | AF7C5293AC7C77AAD6423F2512FA284F4A238E7E |
| SHA-256: | D71AD351BECA7E766E2AFDB5DF547B73BC00D8161A8217483B2BC5A6A0A1AFA1 |
| SHA-512: | 3D4CB0E3909E7043AB1996A51A21CE3149773165211AC9FEF2D5F711735D5A64660F87702F6AF40F85535922397C9D3C8CB533D66F96757FDCB8D607C90209CC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.5231029153786204 |
| Encrypted: | false |
| SSDEEP: | 3:WH25nJFV:WH2/ |
| MD5: | FB5ABAA34A0BB284B640327B9745AAAC |
| SHA1: | 7E1063A0F1DE0E83424399F104C1D3752BFAECDE |
| SHA-256: | 12464C713EE2E0CBBDCF98FACF8AC034D34A9F4D221D7BB7A5C7D458AAEC0AF9 |
| SHA-512: | 0FB235A4475D72D9BB6A195F6DFE471152B91F6DE0967D4174298D0A3C228BFF0ED57F0A5F388833A7793BD90F6CA0D5A974D21D795938D8D96C079AB5D99294 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.979014653469718 |
| TrID: |
|
| File name: | POETDB24-25771.xla.xlsx |
| File size: | 1'193'984 bytes |
| MD5: | 70ff76bdbb7897e2c3731021351facd3 |
| SHA1: | 107545e7202e995328364052a96083e743881acc |
| SHA256: | faf027205ff3109e74b13910c005ddb30148d1c9bb71f4d8739949d04a6be27d |
| SHA512: | 1251a225e7d65fbd62efdb086d636c533f5b2cbd767d6bd54911b45d2b6c44d4e78e96ac4caa0d54f6273a56217c5c529ce001021c2afeafd20149ece282fa0c |
| SSDEEP: | 24576:nJIwgRIb3nOXYXKFlQB0Nu/qhChhPCwTobQQN:nzgO7O7Fl2OrhCH6D |
| TLSH: | 604523E4FD98BB06DF0702365B4ED46E481BBF1E2291800B763037AE1A37E6D44F6526 |
| File Content Preview: | ........................>...............................................................................................................{.......}.............................................................................................................. |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-10 05:35:35 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E B . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c5 45 42 15 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E : . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c5 45 cf 3a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c5 45 92 e8 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E g . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c5 45 e4 67 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.2920681057018664 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . m 6 ? ~ . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD004FA1DD/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD004FA1DD/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 904507 |
| Entropy: | 7.992292502985364 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . h . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 d5 68 cd d7 f9 01 00 00 da 08 00 00 13 00 c4 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c0 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD004FA1DE/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 564 |
| Entropy: | 4.982836443340031 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . t . s [ v . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . l . i . n . k . . . s . a . j . a . . . m . a . r . k . e . t . / . Z . 8 . v . B . Z . k . X . t . l . w . ? . & . t . h . i . n . g . = . o . m . n . i . s . c . i . e . n . t . & . s . w . e . a . t . s . h . i . r . t . . . . & . y . ( h a U 4 . . . N z e 1 ' . ^ . a . N g G . d K . ( . ] 1 x = @ X 7 . < < P P ; . . . . . . . . . . . . . . . . . . . G . s . M . v . u . T . 4 . x . J . i . q . F . 8 . 8 . |
| Data Raw: | 01 00 00 02 e1 d8 74 1b 73 a2 5b 76 00 00 00 00 00 00 00 00 00 00 00 00 de 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b da 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6c 00 69 00 6e 00 6b 00 2e 00 73 00 61 00 6a 00 61 00 2e 00 6d 00 61 00 72 00 6b 00 65 00 74 00 2f 00 5a 00 38 00 76 00 42 00 5a 00 6b 00 58 00 74 00 6c 00 77 00 3f 00 26 00 74 00 68 00 69 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 265433 |
| Entropy: | 7.998342541005724 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . c . . > D = . . 8 { ( M s 1 N 4 . . b . . c | g . w . . . . . . . . . . . . . . . \\ . p . ! l . . w D 6 B p & * 8 . f n . . 0 r . . e V . . + V { < } j + t r z . . . < Z > . . . . x z . ) Y G = t , V b . . Y B . . . a . . . . . . = . . . A . . . q P . ; . : . . . . . . . . . . . j 3 . . . . . . . . a _ . . . ( = . . . . . d | @ X ( U ? @ . . . . . . , " . . . . . . . . G X . . . Z Y . . . O ' 1 . . . C s . A . . . . Y p D _ . N Z . 5 ] 1 . . . u . $ |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 63 7f 03 a2 3e f4 44 f1 e9 3d 1e 04 b4 38 90 7b e6 28 4d 73 e6 31 bc e7 cb 4e 34 f0 0e d6 95 cd 62 aa d4 89 da 8e 9f e7 b5 63 7c 67 14 77 09 a4 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 df 81 e2 00 00 00 5c 00 70 00 21 6c ea dd 83 80 b4 d1 10 77 44 e2 e4 36 ea 42 70 26 b7 db 2a 38 11 66 6e fc |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 531 |
| Entropy: | 5.266512041297275 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { 8 7 7 0 C F C A - 7 C F 8 - 4 5 6 9 - 8 A 4 0 - 5 C 2 E 6 C 1 1 2 2 7 5 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " B 7 B 5 6 1 3 7 A 1 4 F 5 9 5 3 5 |
| Data Raw: | 49 44 3d 22 7b 38 37 37 30 43 46 43 41 2d 37 43 46 38 2d 34 35 36 39 2d 38 41 34 30 2d 35 43 32 45 36 43 31 31 32 32 37 35 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.9856458236428147 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.361069873011047 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . # . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 23 08 e6 69 0d 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-10T09:13:39.957907+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.8 | 49701 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:13:48.103786+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.8 | 49703 | 13.107.253.72 | 443 | TCP |
| 2025-03-10T09:13:48.152761+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.8 | 49702 | 13.107.253.72 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 10, 2025 09:13:21.709000111 CET | 49699 | 443 | 192.168.2.8 | 3.39.153.44 |
| Mar 10, 2025 09:13:21.709079027 CET | 443 | 49699 | 3.39.153.44 | 192.168.2.8 |
| Mar 10, 2025 09:13:21.709182024 CET | 49699 | 443 | 192.168.2.8 | 3.39.153.44 |
| Mar 10, 2025 09:13:21.709399939 CET | 49699 | 443 | 192.168.2.8 | 3.39.153.44 |
| Mar 10, 2025 09:13:21.709415913 CET | 443 | 49699 | 3.39.153.44 | 192.168.2.8 |
| Mar 10, 2025 09:13:24.239737034 CET | 443 | 49699 | 3.39.153.44 | 192.168.2.8 |
| Mar 10, 2025 09:13:24.239873886 CET | 49699 | 443 | 192.168.2.8 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.243849039 CET | 49699 | 443 | 192.168.2.8 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.243865013 CET | 443 | 49699 | 3.39.153.44 | 192.168.2.8 |
| Mar 10, 2025 09:13:24.244148016 CET | 443 | 49699 | 3.39.153.44 | 192.168.2.8 |
| Mar 10, 2025 09:13:24.244327068 CET | 49699 | 443 | 192.168.2.8 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.244724989 CET | 49699 | 443 | 192.168.2.8 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.292320013 CET | 443 | 49699 | 3.39.153.44 | 192.168.2.8 |
| Mar 10, 2025 09:13:24.785619974 CET | 443 | 49699 | 3.39.153.44 | 192.168.2.8 |
| Mar 10, 2025 09:13:24.785695076 CET | 49699 | 443 | 192.168.2.8 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.785706997 CET | 443 | 49699 | 3.39.153.44 | 192.168.2.8 |
| Mar 10, 2025 09:13:24.785834074 CET | 49699 | 443 | 192.168.2.8 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.791400909 CET | 49699 | 443 | 192.168.2.8 | 3.39.153.44 |
| Mar 10, 2025 09:13:24.791415930 CET | 443 | 49699 | 3.39.153.44 | 192.168.2.8 |
| Mar 10, 2025 09:13:24.793653011 CET | 49700 | 80 | 192.168.2.8 | 198.23.187.151 |
| Mar 10, 2025 09:13:24.798860073 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:24.798994064 CET | 49700 | 80 | 192.168.2.8 | 198.23.187.151 |
| Mar 10, 2025 09:13:24.799276114 CET | 49700 | 80 | 192.168.2.8 | 198.23.187.151 |
| Mar 10, 2025 09:13:24.804359913 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.288918972 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.288930893 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.288940907 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.288950920 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.288960934 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.288969994 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.288980961 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.288989067 CET | 49700 | 80 | 192.168.2.8 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.289002895 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.289026976 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.289046049 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.289087057 CET | 49700 | 80 | 192.168.2.8 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.289087057 CET | 49700 | 80 | 192.168.2.8 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.289087057 CET | 49700 | 80 | 192.168.2.8 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.295218945 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.295231104 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.295243025 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.295252085 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.295283079 CET | 49700 | 80 | 192.168.2.8 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.295340061 CET | 49700 | 80 | 192.168.2.8 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.378551006 CET | 80 | 49700 | 198.23.187.151 | 192.168.2.8 |
| Mar 10, 2025 09:13:25.378650904 CET | 49700 | 80 | 192.168.2.8 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.531502962 CET | 49700 | 80 | 192.168.2.8 | 198.23.187.151 |
| Mar 10, 2025 09:13:25.531539917 CET | 49700 | 80 | 192.168.2.8 | 198.23.187.151 |
| Mar 10, 2025 09:13:38.040005922 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:38.040052891 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:38.040147066 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:38.040473938 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:38.040487051 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:39.957824945 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:39.957906961 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:39.959752083 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:39.959777117 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:39.960207939 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:39.961659908 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.004334927 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.826554060 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.826581001 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.826597929 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.826669931 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.826694965 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.826719999 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.826745987 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.899446011 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.899473906 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.899557114 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.899588108 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.899679899 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.938909054 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.938936949 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.938980103 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.939007998 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.939044952 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.939136028 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.975353003 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.975379944 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.975490093 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.975523949 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.975657940 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.995688915 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.995713949 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.995757103 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.995788097 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:40.995803118 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:40.995898962 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.017021894 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.017040968 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.017106056 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.017138004 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.017606974 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.038100004 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.038120031 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.038232088 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.038270950 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.038367987 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.064271927 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.064296007 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.064373970 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.064393044 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.064634085 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.077786922 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.077805996 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.077881098 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.077919006 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.077936888 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.078000069 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.088455915 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.088469028 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.088536978 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.088567972 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.088582039 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.088936090 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.101829052 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.101844072 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.101900101 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.101929903 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.101984978 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.102416992 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.111325026 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.111351013 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.111433983 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.111433983 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.111445904 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.112588882 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.121252060 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.121272087 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.121398926 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.121419907 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.121491909 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.129548073 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.129566908 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.129626036 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.129636049 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.129803896 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.156434059 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.156460047 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.156507015 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.156526089 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.156575918 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.156575918 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.157919884 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.157938004 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.158016920 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.158024073 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.158054113 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.158293009 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.168167114 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.168196917 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.168256044 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.168282986 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.168329000 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.168852091 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.177937031 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.177963972 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.178023100 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.178047895 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.178514957 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.189857960 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.189886093 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.189932108 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.189956903 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.189994097 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.189994097 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.199343920 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.199362040 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.199423075 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.199449062 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.199609041 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.208952904 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.208981037 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.209041119 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.209067106 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.209108114 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.209108114 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.219733953 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.219758034 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.219791889 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.219917059 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.219929934 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.220328093 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.227233887 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.227267981 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.227355003 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.227355003 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.227370024 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.231086016 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.247237921 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.247258902 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.247407913 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.247407913 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.247422934 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.248979092 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.257520914 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.257539988 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.257875919 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.257885933 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.258097887 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.264887094 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.264905930 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.264980078 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.264988899 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.265134096 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.276730061 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.276750088 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.276849031 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.276855946 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.277008057 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.286016941 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.286034107 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.286274910 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.286286116 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.286731958 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.297600985 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.297620058 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.297703981 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.297715902 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.297887087 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.306114912 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.306137085 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.306184053 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.306195021 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.306241035 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.306241035 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.313982010 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.314002991 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.314073086 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.314084053 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.314224958 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.336677074 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.336702108 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.336754084 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.336769104 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.336815119 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.336815119 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.344765902 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.344799042 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.344862938 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.344872952 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.344908953 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.344908953 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.355005980 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.355025053 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.355154991 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.355168104 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.355216980 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.366286993 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.366302967 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.366368055 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.366379023 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.366394997 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.366434097 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.375665903 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.375685930 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.375790119 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.375790119 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.375802040 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.376163960 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.386307955 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.386326075 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.386425972 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.386425972 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.386436939 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.386542082 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.396126032 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.396142006 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.396215916 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.396224976 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.396301985 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.403804064 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.403820992 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.403906107 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.403914928 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.403995991 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.423934937 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.424062014 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.424074888 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.424087048 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.424149990 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.424149990 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.434670925 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.434693098 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.434784889 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.434796095 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.434849977 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.444745064 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.444770098 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.444860935 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.444890022 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.445321083 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.456353903 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.456377983 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.456464052 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.456473112 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.456737041 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.465600014 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.465616941 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.465682983 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.465692043 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.465883970 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.476469994 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.476500034 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.476552010 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.476573944 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.476598024 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.476675987 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.486120939 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.486140966 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.486241102 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.486267090 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.486519098 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.493917942 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.493937969 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.493989944 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.494009972 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.494256973 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.513281107 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.513307095 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.513364077 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.513384104 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.513535976 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.524965048 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.524987936 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.525053024 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.525074959 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.525218010 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.534673929 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.534691095 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.534746885 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.534775972 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.534816980 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.546535015 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.546572924 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.546606064 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.546639919 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.546674967 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.546674967 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.555917025 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.555938005 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.556027889 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.556061029 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.556202888 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.566371918 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.566391945 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.566456079 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.566479921 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.566782951 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.576153040 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.576168060 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.576273918 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.576303959 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.576448917 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.583949089 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.583966017 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.584065914 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.584090948 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.584283113 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.603549957 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.603568077 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.603621006 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.603643894 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.603679895 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.603729010 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.615183115 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.615200043 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.615297079 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.615329981 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.615343094 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.618098021 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.624785900 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.624804020 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.624917984 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.624952078 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.625154018 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.636481047 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.636498928 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.636610031 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.636635065 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.637191057 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.645963907 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.645987988 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.646085024 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.646085024 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.646110058 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.646233082 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.656506062 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.656522989 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.656596899 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.656621933 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.656860113 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.666346073 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.666363001 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.666474104 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.666491985 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.666687012 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.674109936 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.674128056 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.674200058 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.674221992 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.674412966 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.693754911 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.693778992 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.693833113 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.693851948 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.694086075 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.694201946 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.705306053 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.705336094 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.705406904 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.705440044 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.705456972 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.705863953 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.714792013 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.714818001 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.714893103 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.714922905 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.714936972 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.715040922 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.726694107 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.726722956 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.726785898 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.726813078 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.726830959 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.726869106 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.736131907 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.736152887 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.736196995 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.736222029 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.736243010 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.736273050 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.736279011 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.736316919 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.736500025 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.736500025 CET | 49701 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:41.736519098 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:41.736530066 CET | 443 | 49701 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:46.121129990 CET | 49702 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:46.121184111 CET | 443 | 49702 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:46.121313095 CET | 49703 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:46.121330023 CET | 49702 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:46.121352911 CET | 443 | 49703 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:46.121424913 CET | 49703 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:46.121782064 CET | 49702 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:46.121798038 CET | 443 | 49702 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:46.121818066 CET | 49703 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:46.121834993 CET | 443 | 49703 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.102690935 CET | 443 | 49703 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.103785992 CET | 49703 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.103805065 CET | 443 | 49703 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.105158091 CET | 49703 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.105170012 CET | 443 | 49703 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.152264118 CET | 443 | 49702 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.152760983 CET | 49702 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.152786970 CET | 443 | 49702 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.153784037 CET | 49702 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.153789997 CET | 443 | 49702 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.717185974 CET | 443 | 49703 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.720948935 CET | 443 | 49703 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.721358061 CET | 49703 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.721358061 CET | 49703 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.721503019 CET | 49703 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.721515894 CET | 443 | 49703 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.790540934 CET | 443 | 49702 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.790564060 CET | 443 | 49702 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.790621996 CET | 443 | 49702 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.790651083 CET | 49702 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.790680885 CET | 49702 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.790957928 CET | 49702 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.790976048 CET | 443 | 49702 | 13.107.253.72 | 192.168.2.8 |
| Mar 10, 2025 09:13:48.791002035 CET | 49702 | 443 | 192.168.2.8 | 13.107.253.72 |
| Mar 10, 2025 09:13:48.791007996 CET | 443 | 49702 | 13.107.253.72 | 192.168.2.8 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 10, 2025 09:13:21.685928106 CET | 56017 | 53 | 192.168.2.8 | 1.1.1.1 |
| Mar 10, 2025 09:13:21.708162069 CET | 53 | 56017 | 1.1.1.1 | 192.168.2.8 |
| Mar 10, 2025 09:13:38.030720949 CET | 63905 | 53 | 192.168.2.8 | 1.1.1.1 |
| Mar 10, 2025 09:13:38.039176941 CET | 53 | 63905 | 1.1.1.1 | 192.168.2.8 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 10, 2025 09:13:21.685928106 CET | 192.168.2.8 | 1.1.1.1 | 0xeb23 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 10, 2025 09:13:38.030720949 CET | 192.168.2.8 | 1.1.1.1 | 0xd828 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 10, 2025 09:12:35.397022009 CET | 1.1.1.1 | 192.168.2.8 | 0x1627 | No error (0) | shed.s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:12:35.397022009 CET | 1.1.1.1 | 192.168.2.8 | 0x1627 | No error (0) | s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:12:35.397022009 CET | 1.1.1.1 | 192.168.2.8 | 0x1627 | No error (0) | 52.123.131.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:12:35.397022009 CET | 1.1.1.1 | 192.168.2.8 | 0x1627 | No error (0) | 52.123.130.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:12:37.763190985 CET | 1.1.1.1 | 192.168.2.8 | 0x7ee2 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:12:37.763190985 CET | 1.1.1.1 | 192.168.2.8 | 0x7ee2 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:21.708162069 CET | 1.1.1.1 | 192.168.2.8 | 0xeb23 | No error (0) | istio.saja.market | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:21.708162069 CET | 1.1.1.1 | 192.168.2.8 | 0xeb23 | No error (0) | service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:21.708162069 CET | 1.1.1.1 | 192.168.2.8 | 0xeb23 | No error (0) | 3.39.153.44 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:21.708162069 CET | 1.1.1.1 | 192.168.2.8 | 0xeb23 | No error (0) | 3.39.89.152 | A (IP address) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:38.039176941 CET | 1.1.1.1 | 192.168.2.8 | 0xd828 | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:38.039176941 CET | 1.1.1.1 | 192.168.2.8 | 0xd828 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:38.039176941 CET | 1.1.1.1 | 192.168.2.8 | 0xd828 | No error (0) | shed.dual-low.s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:38.039176941 CET | 1.1.1.1 | 192.168.2.8 | 0xd828 | No error (0) | azurefd-t-fb-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:38.039176941 CET | 1.1.1.1 | 192.168.2.8 | 0xd828 | No error (0) | dual.s-part-0044.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:38.039176941 CET | 1.1.1.1 | 192.168.2.8 | 0xd828 | No error (0) | s-part-0044.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 10, 2025 09:13:38.039176941 CET | 1.1.1.1 | 192.168.2.8 | 0xd828 | No error (0) | 13.107.253.72 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49700 | 198.23.187.151 | 80 | 6152 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 10, 2025 09:13:24.799276114 CET | 246 | OUT | |
| Mar 10, 2025 09:13:25.288918972 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.288930893 CET | 224 | IN | |
| Mar 10, 2025 09:13:25.288940907 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.288950920 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.288960934 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.288969994 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.288980961 CET | 896 | IN | |
| Mar 10, 2025 09:13:25.289002895 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.289026976 CET | 1236 | IN | |
| Mar 10, 2025 09:13:25.289046049 CET | 448 | IN | |
| Mar 10, 2025 09:13:25.295218945 CET | 1236 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49699 | 3.39.153.44 | 443 | 6152 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:13:24 UTC | 233 | OUT | |
| 2025-03-10 08:13:24 UTC | 512 | IN | |
| 2025-03-10 08:13:24 UTC | 98 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.8 | 49701 | 13.107.253.72 | 443 | 6152 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:13:39 UTC | 226 | OUT | |
| 2025-03-10 08:13:40 UTC | 493 | IN | |
| 2025-03-10 08:13:40 UTC | 15891 | IN | |
| 2025-03-10 08:13:40 UTC | 16384 | IN | |
| 2025-03-10 08:13:40 UTC | 16384 | IN | |
| 2025-03-10 08:13:40 UTC | 16384 | IN | |
| 2025-03-10 08:13:40 UTC | 16384 | IN | |
| 2025-03-10 08:13:41 UTC | 16384 | IN | |
| 2025-03-10 08:13:41 UTC | 16384 | IN | |
| 2025-03-10 08:13:41 UTC | 16384 | IN | |
| 2025-03-10 08:13:41 UTC | 16384 | IN | |
| 2025-03-10 08:13:41 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.8 | 49703 | 13.107.253.72 | 443 | 6152 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:13:48 UTC | 214 | OUT | |
| 2025-03-10 08:13:48 UTC | 471 | IN | |
| 2025-03-10 08:13:48 UTC | 204 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.8 | 49702 | 13.107.253.72 | 443 | 6152 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-10 08:13:48 UTC | 214 | OUT | |
| 2025-03-10 08:13:48 UTC | 495 | IN | |
| 2025-03-10 08:13:48 UTC | 2128 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 04:12:25 |
| Start date: | 10/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x3e0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 11 |
| Start time: | 04:13:23 |
| Start date: | 10/03/2025 |
| Path: | C:\Windows\SysWOW64\mshta.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xd40000 |
| File size: | 13'312 bytes |
| MD5 hash: | 06B02D5C097C7DB1F109749C45F3F505 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 13 |
| Start time: | 04:13:32 |
| Start date: | 10/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7da140000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 16 |
| Start time: | 04:13:47 |
| Start date: | 10/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x3e0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet1" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet2" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet3" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "ThisWorkbook" |
| 2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |