Edit tour
Windows
Analysis Report
Purchase Inquiry.xla.xlsx
Overview
General Information
| Sample name: | Purchase Inquiry.xla.xlsx |
| Analysis ID: | 1636398 |
| MD5: | e3afcc72b9f65030bcee289cda558807 |
| SHA1: | 2de4b10d11a2741ffa6c3943433184caa9eef6d2 |
| SHA256: | d106446ba75a9d3612477acd3ef7c5c5b172709196d6e2962ecfabfb10e04132 |
| Tags: | xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 64 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 7116 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
mshta.exe (PID: 7676 cmdline: C:\Windows \SysWOW64\ mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505) 
splwow64.exe (PID: 7736 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 8032 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\P urchase In quiry.xla. xlsx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: | ||
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-12T18:30:43.865876+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.10 | 49705 | 13.107.246.67 | 443 | TCP |
| 2025-03-12T18:30:55.340504+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.10 | 49706 | 13.107.246.67 | 443 | TCP |
| 2025-03-12T18:30:55.429382+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.10 | 49707 | 13.107.246.67 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Software Vulnerabilities | |
|---|
| Source: | Process created: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD0034E513/\x1Ole' : | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD0034E512/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 27% | Virustotal | Browse | ||
| 39% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 | ||
| 100% | Avira | W97M/AVI.Agent.pzjmn |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
| arnogo.net | 104.21.68.120 | true | false | unknown | |
| s-0005.dual-s-msedge.net | 52.123.128.14 | true | false | high | |
| s-part-0039.t-0009.t-msedge.net | 13.107.246.67 | true | false | high | |
| service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | 3.39.89.152 | true | false | high | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high | |
| link.saja.market | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false |
| unknown | |
| false | high | ||
| false | high | ||
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 3.39.89.152 | service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | United States | 8987 | AMAZONEXPANSIONGB | false | |
| 104.168.7.38 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
| 13.107.246.67 | s-part-0039.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 104.21.68.120 | arnogo.net | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1636398 |
| Start date and time: | 2025-03-12 18:28:16 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 20s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 21 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Purchase Inquiry.xla.xlsx |
| Detection: | MAL |
| Classification: | mal64.expl.winXLSX@6/4@3/4 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, MavInject32.exe
- Excluded IPs from analysis (whitelisted): 52.109.28.46, 23.60.203.209, 52.109.68.129, 199.232.214.172, 104.208.16.95, 104.208.16.88, 52.168.112.66, 52.123.128.14, 2.23.227.208, 172.202.163.200, 40.126.31.2, 2.19.96.83
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, onedscolprdcus20.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, login.live.com, frc-azsc-000.roaming.officeapps.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, wu-b-net.trafficmanager.net, www.bing.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, onedscolprdeus01.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, onedscolprdcus08.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, config.officeapps.live.com, ecs.o
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 13:30:33 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3.39.89.152 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 13.107.246.67 | Get hash | malicious | HTMLPhisher | Browse | ||
| Get hash | malicious | KnowBe4 | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | KillMBR | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-part-0039.t-0009.t-msedge.net | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | KnowBe4 | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | ScreenConnect Tool | Browse |
| ||
| Get hash | malicious | AsyncRAT, XWorm | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | MicroClip | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Amadey, RHADAMANTHYS | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Mamba2FA | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Mamba2FA | Browse |
| ||
| Get hash | malicious | UACMe | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | TechSupportScam | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Gabagool | Browse |
| ||
| Get hash | malicious | Amadey, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Phisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| AMAZONEXPANSIONGB | Get hash | malicious | Pony | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| AS-COLOCROSSINGUS | Get hash | malicious | Remcos | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cobalt Strike | Browse |
| ||
| Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | KnowBe4 | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | DarkVision Rat | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 784 |
| Entropy (8bit): | 2.7137690747287806 |
| Encrypted: | false |
| SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
| MD5: | 09F73B3902CD3D88E04312787956B654 |
| SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
| SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
| SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.3520167401771568 |
| Encrypted: | false |
| SSDEEP: | 3:xvXFz7f:9Xl |
| MD5: | 4B86B2D21B2AC48AD3A1A46FBF1DE4D5 |
| SHA1: | 2D695349311A0DAF9B77392C04178F1BD99CCEF2 |
| SHA-256: | 22C126EA43AB2F7C80E19E857C50118A3E08A4A98BE31E2ADCFCA88C8E6C5A5D |
| SHA-512: | FE133E064DAF100FAD21CB4AE44AE573F66A0157A9418538FCE9744B8FB0500478EDE10B9A49E222AA21F14DCB32B384BA1B4D06402D6519EC4E645295F46B76 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.982301560919923 |
| TrID: |
|
| File name: | Purchase Inquiry.xla.xlsx |
| File size: | 1'308'160 bytes |
| MD5: | e3afcc72b9f65030bcee289cda558807 |
| SHA1: | 2de4b10d11a2741ffa6c3943433184caa9eef6d2 |
| SHA256: | d106446ba75a9d3612477acd3ef7c5c5b172709196d6e2962ecfabfb10e04132 |
| SHA512: | 2d604b51336dd6a1c549f000b0be2c5bcf0e9c6a3de899ff3f399fbe99f87afae6089d13b3941a048fa3ee7a1e720c58eb8f19865ae9b4c76924e8388ef13f01 |
| SSDEEP: | 24576:xJJDEM2sTVgyawU1CGO7oaomhapQs7ANo+9npaJ0/6CYO3cZmf:bJz5xaP/O7oarhMB7Yz9paJ0/7w |
| TLSH: | 24552328BBC45B0BC4DF99B84C95D6A284768ED9BE56E11B3388334C7937579838732C |
| File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16T00:00:00Z |
| Last Saved Time: | 2025-03-12T07:18:41Z |
| Creating Application: | |
| Security: | 0 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | false |
| Contains Dirty Links: | false |
| Shared Document: | false |
| Changed Hyperlinks: | false |
| Application Version: | 12.0000 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 b6 b8 bb 31 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 b6 b8 d1 b6 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . m < . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 b6 b8 6d 3c 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 b6 b8 ca 8c 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.260350317504982 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . _ < . . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD0034E512/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD0034E512/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 1239321 |
| Entropy: | 7.996026387362918 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . . 7 : . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 c4 1b 37 3a d4 01 00 00 99 08 00 00 13 00 d4 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 d0 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD0034E513/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 608 |
| Entropy: | 5.681586529125432 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . 3 a ` 2 - x S . . . . . . . . . . . . > . . . y . . . K . : . . . h . t . t . p . s . : . / . / . a . r . n . o . g . o . . . n . e . t . / . H . h . P . R . g . N . ? . & . p . o . t . = . f . a . n . a . t . i . c . a . l . & . b . u . c . k . l . e . = . i . n . n . a . t . e . & . g . a . z . e . l . l . e . . . G R < . P . . ( . ] H < T 2 < . . 1 v . . 8 u [ R Z l _ g ? 6 n ) ` j 1 U = T W h h W g F . C . L . W T . ' . n u a ; A U a e Y i Z o 1 C 2 $ R c . 2 Q N . x . F . V . H n . ? # [ . . . |
| Data Raw: | 01 00 00 02 33 61 a8 60 32 2d 78 53 00 00 00 00 00 00 00 00 00 00 00 00 3e 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 3a 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 61 00 72 00 6e 00 6f 00 67 00 6f 00 2e 00 6e 00 65 00 74 00 2f 00 48 00 68 00 50 00 52 00 67 00 4e 00 3f 00 26 00 70 00 6f 00 74 00 3d 00 66 00 61 00 6e 00 61 00 74 00 69 00 63 00 61 00 6c 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 44179 |
| Entropy: | 7.971515864858295 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . ! ? w M . ! G C . K R " " . . . U ( P I ~ * D ! Z { . . . . . . . . . . . . . _ . . . \\ . p . + j . 9 ~ " z . + . / q l E . N 1 1 A o B W { 7 p S . U . 0 ~ . ' z . ! W . . M . 0 . ! . g f . 2 V J j z . 3 . V . W 2 . n q . . f ( x B . . . ! a . . . > j . . . = . . . % . . . . . 9 u k . . . . 5 . . . . . } . . . . V . . . . . . . . . 5 . . . . . . . . P = . . . . 4 c / . s h } x W @ . . . . . . . . . x " . . . 9 . . . . r . . . . } . . . . 1 . . . " . { | |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 f0 f7 f5 86 9f 21 3f a0 77 a2 4d b8 1d 21 47 d5 c7 43 06 9d 4b 52 22 22 b8 09 e0 0f 05 55 c6 28 50 af 49 7e 2a e7 44 21 5a 7b 04 ae d5 ce 87 0c 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 a1 5f e2 00 00 00 5c 00 70 00 2b 6a 1e 39 7e c4 22 7a a3 7f 2b 95 07 2f 71 6c a1 9d 45 10 4e 31 31 41 93 6f |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 529 |
| Entropy: | 5.232606650679529 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { 9 F B 1 1 8 F F - 1 D D C - 4 9 E 1 - 8 F B 9 - 0 9 6 4 5 C 7 E 6 F 5 A } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 7 2 7 0 5 6 0 1 E F 0 5 E F 0 5 E |
| Data Raw: | 49 44 3d 22 7b 39 46 42 31 31 38 46 46 2d 31 44 44 43 2d 34 39 45 31 2d 38 46 42 39 2d 30 39 36 34 35 43 37 45 36 46 35 41 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.982212340921245 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.369166254520357 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . 2 i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 32 c3 e8 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-12T18:30:43.865876+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.10 | 49705 | 13.107.246.67 | 443 | TCP |
| 2025-03-12T18:30:55.340504+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.10 | 49706 | 13.107.246.67 | 443 | TCP |
| 2025-03-12T18:30:55.429382+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.10 | 49707 | 13.107.246.67 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 12, 2025 18:30:24.308079958 CET | 49700 | 443 | 192.168.2.10 | 104.21.68.120 |
| Mar 12, 2025 18:30:24.308109045 CET | 443 | 49700 | 104.21.68.120 | 192.168.2.10 |
| Mar 12, 2025 18:30:24.308201075 CET | 49700 | 443 | 192.168.2.10 | 104.21.68.120 |
| Mar 12, 2025 18:30:24.308511972 CET | 49700 | 443 | 192.168.2.10 | 104.21.68.120 |
| Mar 12, 2025 18:30:24.308525085 CET | 443 | 49700 | 104.21.68.120 | 192.168.2.10 |
| Mar 12, 2025 18:30:26.257677078 CET | 443 | 49700 | 104.21.68.120 | 192.168.2.10 |
| Mar 12, 2025 18:30:26.257781982 CET | 49700 | 443 | 192.168.2.10 | 104.21.68.120 |
| Mar 12, 2025 18:30:26.261384964 CET | 49700 | 443 | 192.168.2.10 | 104.21.68.120 |
| Mar 12, 2025 18:30:26.261396885 CET | 443 | 49700 | 104.21.68.120 | 192.168.2.10 |
| Mar 12, 2025 18:30:26.261629105 CET | 443 | 49700 | 104.21.68.120 | 192.168.2.10 |
| Mar 12, 2025 18:30:26.261682987 CET | 49700 | 443 | 192.168.2.10 | 104.21.68.120 |
| Mar 12, 2025 18:30:26.262259007 CET | 49700 | 443 | 192.168.2.10 | 104.21.68.120 |
| Mar 12, 2025 18:30:26.308321953 CET | 443 | 49700 | 104.21.68.120 | 192.168.2.10 |
| Mar 12, 2025 18:30:27.706420898 CET | 443 | 49700 | 104.21.68.120 | 192.168.2.10 |
| Mar 12, 2025 18:30:27.706504107 CET | 49700 | 443 | 192.168.2.10 | 104.21.68.120 |
| Mar 12, 2025 18:30:27.706516027 CET | 443 | 49700 | 104.21.68.120 | 192.168.2.10 |
| Mar 12, 2025 18:30:27.706676960 CET | 49700 | 443 | 192.168.2.10 | 104.21.68.120 |
| Mar 12, 2025 18:30:27.713339090 CET | 49700 | 443 | 192.168.2.10 | 104.21.68.120 |
| Mar 12, 2025 18:30:27.713381052 CET | 443 | 49700 | 104.21.68.120 | 192.168.2.10 |
| Mar 12, 2025 18:30:27.713506937 CET | 49700 | 443 | 192.168.2.10 | 104.21.68.120 |
| Mar 12, 2025 18:30:27.747097969 CET | 49702 | 443 | 192.168.2.10 | 3.39.89.152 |
| Mar 12, 2025 18:30:27.747148037 CET | 443 | 49702 | 3.39.89.152 | 192.168.2.10 |
| Mar 12, 2025 18:30:27.747256994 CET | 49702 | 443 | 192.168.2.10 | 3.39.89.152 |
| Mar 12, 2025 18:30:27.747581005 CET | 49702 | 443 | 192.168.2.10 | 3.39.89.152 |
| Mar 12, 2025 18:30:27.747613907 CET | 443 | 49702 | 3.39.89.152 | 192.168.2.10 |
| Mar 12, 2025 18:30:30.383214951 CET | 443 | 49702 | 3.39.89.152 | 192.168.2.10 |
| Mar 12, 2025 18:30:30.383480072 CET | 49702 | 443 | 192.168.2.10 | 3.39.89.152 |
| Mar 12, 2025 18:30:30.387522936 CET | 49702 | 443 | 192.168.2.10 | 3.39.89.152 |
| Mar 12, 2025 18:30:30.387537003 CET | 443 | 49702 | 3.39.89.152 | 192.168.2.10 |
| Mar 12, 2025 18:30:30.387828112 CET | 443 | 49702 | 3.39.89.152 | 192.168.2.10 |
| Mar 12, 2025 18:30:30.387871981 CET | 49702 | 443 | 192.168.2.10 | 3.39.89.152 |
| Mar 12, 2025 18:30:30.388278008 CET | 49702 | 443 | 192.168.2.10 | 3.39.89.152 |
| Mar 12, 2025 18:30:30.432318926 CET | 443 | 49702 | 3.39.89.152 | 192.168.2.10 |
| Mar 12, 2025 18:30:30.979192019 CET | 443 | 49702 | 3.39.89.152 | 192.168.2.10 |
| Mar 12, 2025 18:30:30.979258060 CET | 49702 | 443 | 192.168.2.10 | 3.39.89.152 |
| Mar 12, 2025 18:30:30.979279995 CET | 443 | 49702 | 3.39.89.152 | 192.168.2.10 |
| Mar 12, 2025 18:30:30.979342937 CET | 49702 | 443 | 192.168.2.10 | 3.39.89.152 |
| Mar 12, 2025 18:30:30.983668089 CET | 49702 | 443 | 192.168.2.10 | 3.39.89.152 |
| Mar 12, 2025 18:30:30.983731985 CET | 443 | 49702 | 3.39.89.152 | 192.168.2.10 |
| Mar 12, 2025 18:30:30.983797073 CET | 49702 | 443 | 192.168.2.10 | 3.39.89.152 |
| Mar 12, 2025 18:30:30.985021114 CET | 49703 | 80 | 192.168.2.10 | 104.168.7.38 |
| Mar 12, 2025 18:30:30.993649960 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:30.993727922 CET | 49703 | 80 | 192.168.2.10 | 104.168.7.38 |
| Mar 12, 2025 18:30:30.993944883 CET | 49703 | 80 | 192.168.2.10 | 104.168.7.38 |
| Mar 12, 2025 18:30:31.003001928 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.488995075 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.489020109 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.489031076 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.489037037 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.489044905 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.489051104 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.489058018 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.489099979 CET | 49703 | 80 | 192.168.2.10 | 104.168.7.38 |
| Mar 12, 2025 18:30:31.489150047 CET | 49703 | 80 | 192.168.2.10 | 104.168.7.38 |
| Mar 12, 2025 18:30:31.489284039 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.489325047 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.489336967 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.489352942 CET | 49703 | 80 | 192.168.2.10 | 104.168.7.38 |
| Mar 12, 2025 18:30:31.489388943 CET | 49703 | 80 | 192.168.2.10 | 104.168.7.38 |
| Mar 12, 2025 18:30:31.494426966 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.494436026 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.494443893 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.494472980 CET | 49703 | 80 | 192.168.2.10 | 104.168.7.38 |
| Mar 12, 2025 18:30:31.494517088 CET | 49703 | 80 | 192.168.2.10 | 104.168.7.38 |
| Mar 12, 2025 18:30:31.576981068 CET | 80 | 49703 | 104.168.7.38 | 192.168.2.10 |
| Mar 12, 2025 18:30:31.577147007 CET | 49703 | 80 | 192.168.2.10 | 104.168.7.38 |
| Mar 12, 2025 18:30:31.768868923 CET | 49703 | 80 | 192.168.2.10 | 104.168.7.38 |
| Mar 12, 2025 18:30:31.768920898 CET | 49703 | 80 | 192.168.2.10 | 104.168.7.38 |
| Mar 12, 2025 18:30:39.570846081 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:39.570883989 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:39.570997953 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:39.571542025 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:39.571551085 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:43.865798950 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:43.865875959 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:43.867499113 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:43.867506981 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:43.867763996 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:43.868956089 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:43.916347980 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.149075031 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.149105072 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.149121046 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.149188042 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.149218082 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.149235010 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.149275064 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.224178076 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.224206924 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.224253893 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.224265099 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.224303961 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.224328041 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.264702082 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.264731884 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.264770031 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.264775991 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.264806986 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.264826059 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.296523094 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.296544075 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.296601057 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.296607018 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.296657085 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.326642990 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.326669931 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.326736927 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.326742887 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.326785088 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.345427036 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.345448017 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.345503092 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.345510006 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.345565081 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.367458105 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.367491007 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.367571115 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.367577076 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.367600918 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.367620945 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.385413885 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.385457039 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.385492086 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.385503054 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.385539055 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.385569096 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.405291080 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.405313015 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.405415058 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.405421972 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.405462027 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.419198990 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.419215918 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.419307947 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.419315100 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.419365883 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.429481983 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.429498911 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.429586887 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.429593086 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.429637909 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.441255093 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.441270113 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.441337109 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.441344976 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.441391945 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.452131033 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.452147007 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.452233076 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.452240944 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.452282906 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.460166931 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.460175037 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.460261106 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.460268021 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.460326910 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.470130920 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.470148087 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.470221996 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.470227957 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.470269918 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.477426052 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.477444887 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.477511883 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.477519035 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.477560043 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.488919020 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.488935947 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.488979101 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.488986015 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.489029884 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.504374981 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.504390955 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.504460096 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.504467010 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.504508972 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.516407967 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.516429901 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.516485929 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.516501904 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.516612053 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.528038025 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.528068066 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.528176069 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.528194904 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.528217077 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.528239012 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.545710087 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.545734882 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.545787096 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.545804977 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.545824051 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.545844078 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.558991909 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.558999062 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.559086084 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.559098005 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.559143066 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.561978102 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.561990023 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.562067032 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.562073946 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.562119007 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.564255953 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.564273119 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.564323902 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.564331055 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.564359903 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.564373970 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.575630903 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.575653076 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.575700045 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.575706959 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.575727940 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.575742006 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.591356993 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.591377974 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.591440916 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.591451883 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.591490030 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.604192019 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.604218960 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.604296923 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.604330063 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.604353905 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.604382038 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.614926100 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.614943981 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.615012884 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.615022898 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.615278959 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.632750034 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.632767916 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.632838011 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.632843971 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.633085012 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.646204948 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.646220922 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.646337032 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.646344900 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.646388054 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.648848057 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.648871899 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.648920059 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.648926020 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.649008036 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.651195049 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.651212931 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.651299000 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.651305914 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.651371002 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.662585974 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.662600994 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.662669897 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.662677050 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.662825108 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.678307056 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.678323984 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.678365946 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.678371906 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.678402901 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.678427935 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.692641973 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.692658901 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.692719936 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.692725897 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.692771912 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.724747896 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.724770069 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.724833965 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.724839926 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.724870920 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.724891901 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.778206110 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.778227091 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.778274059 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.778283119 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.778310061 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.778331041 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.780340910 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.780361891 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.780430079 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.780436993 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.780514002 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.781013966 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.781030893 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.781076908 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.781083107 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.781110048 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.781148911 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.781446934 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.781461954 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.781519890 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.781526089 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.781687021 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.783381939 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.783390045 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.783446074 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.783452034 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.783498049 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.784445047 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.784461021 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.784508944 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.784516096 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.784621954 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.788455009 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.788469076 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.788515091 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.788521051 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.788573027 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.830846071 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.830866098 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.830919027 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.830934048 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.830964088 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.831001043 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.865087986 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.865107059 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.865154028 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.865159988 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.865199089 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.865220070 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.867325068 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.867341042 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.867393970 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.867399931 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.867554903 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.867873907 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.867889881 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.867943048 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.867947102 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.867996931 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.868397951 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.868413925 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.868453979 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.868459940 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.868479013 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.868508101 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.869352102 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.869374037 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.869414091 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.869420052 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.869441986 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.869563103 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.871354103 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.871368885 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.871423960 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.871429920 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.871650934 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.876322031 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.876339912 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.876398087 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.876404047 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.876463890 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.917682886 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.917701960 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.917752028 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.917756081 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.917808056 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.954205990 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.954224110 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.954297066 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.954307079 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.954360962 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.954379082 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.954509020 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.954524994 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.954576969 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.954582930 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.954610109 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.954624891 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.955060005 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.955073118 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.955161095 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.955173016 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.955243111 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.955279112 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.955312967 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.955319881 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.955331087 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.955363035 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.956198931 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.956213951 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.956276894 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.956284046 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.956429958 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.958518028 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.958533049 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.958606005 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.958612919 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.958652973 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.958673000 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.964055061 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.964068890 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.964137077 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:47.964143038 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:47.964257002 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.005089045 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.005105972 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.005170107 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.005176067 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.005214930 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.041290045 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.041304111 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.041378021 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.041384935 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.041569948 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.041587114 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.041601896 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.041655064 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.041661024 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.041708946 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.041980982 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.041996002 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.042056084 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.042063951 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.042109013 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.042423964 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.042443037 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.042495966 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.042501926 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.042752028 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.043490887 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.043507099 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.043559074 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.043565035 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.043667078 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.045542955 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.045557976 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.045618057 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.045624018 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.045732975 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.050442934 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.050461054 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.050510883 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.050515890 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.050551891 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.050570965 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.091991901 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.092008114 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.092037916 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.092094898 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.092108965 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.092169046 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.092623949 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.092637062 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:48.092648029 CET | 49705 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:48.092653990 CET | 443 | 49705 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:53.045646906 CET | 49706 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:53.045672894 CET | 443 | 49706 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:53.045811892 CET | 49706 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:53.046103001 CET | 49706 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:53.046113968 CET | 443 | 49706 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:53.048029900 CET | 49707 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:53.048072100 CET | 443 | 49707 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:53.048132896 CET | 49707 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:53.048278093 CET | 49707 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:53.048297882 CET | 443 | 49707 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:55.339823008 CET | 443 | 49706 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:55.340503931 CET | 49706 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:55.340523958 CET | 443 | 49706 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:55.341526031 CET | 49706 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:55.341531038 CET | 443 | 49706 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:55.428774118 CET | 443 | 49707 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:55.429382086 CET | 49707 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:55.429402113 CET | 443 | 49707 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:55.430238962 CET | 49707 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:55.430246115 CET | 443 | 49707 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:56.847804070 CET | 443 | 49706 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:56.847831964 CET | 443 | 49706 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:56.847882986 CET | 443 | 49706 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:56.848124981 CET | 49706 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:56.848412991 CET | 49706 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:56.848436117 CET | 443 | 49706 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:56.848478079 CET | 49706 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:56.848484993 CET | 443 | 49706 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:56.849409103 CET | 443 | 49707 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:56.849551916 CET | 443 | 49707 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:56.850198984 CET | 49707 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:56.850446939 CET | 49707 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:56.850466967 CET | 443 | 49707 | 13.107.246.67 | 192.168.2.10 |
| Mar 12, 2025 18:30:56.850477934 CET | 49707 | 443 | 192.168.2.10 | 13.107.246.67 |
| Mar 12, 2025 18:30:56.850485086 CET | 443 | 49707 | 13.107.246.67 | 192.168.2.10 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 12, 2025 18:30:24.279448032 CET | 57578 | 53 | 192.168.2.10 | 1.1.1.1 |
| Mar 12, 2025 18:30:24.303360939 CET | 53 | 57578 | 1.1.1.1 | 192.168.2.10 |
| Mar 12, 2025 18:30:27.715646029 CET | 55310 | 53 | 192.168.2.10 | 1.1.1.1 |
| Mar 12, 2025 18:30:27.746228933 CET | 53 | 55310 | 1.1.1.1 | 192.168.2.10 |
| Mar 12, 2025 18:30:39.562165022 CET | 49362 | 53 | 192.168.2.10 | 1.1.1.1 |
| Mar 12, 2025 18:30:39.569680929 CET | 53 | 49362 | 1.1.1.1 | 192.168.2.10 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 12, 2025 18:30:24.279448032 CET | 192.168.2.10 | 1.1.1.1 | 0xf27d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 12, 2025 18:30:27.715646029 CET | 192.168.2.10 | 1.1.1.1 | 0x6d68 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 12, 2025 18:30:39.562165022 CET | 192.168.2.10 | 1.1.1.1 | 0x7cc4 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 12, 2025 18:29:37.307145119 CET | 1.1.1.1 | 192.168.2.10 | 0xc9ab | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:29:37.307145119 CET | 1.1.1.1 | 192.168.2.10 | 0xc9ab | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:29:37.307145119 CET | 1.1.1.1 | 192.168.2.10 | 0xc9ab | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:29:41.846261024 CET | 1.1.1.1 | 192.168.2.10 | 0x712a | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:29:41.846261024 CET | 1.1.1.1 | 192.168.2.10 | 0x712a | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:30:24.303360939 CET | 1.1.1.1 | 192.168.2.10 | 0xf27d | No error (0) | 104.21.68.120 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:30:24.303360939 CET | 1.1.1.1 | 192.168.2.10 | 0xf27d | No error (0) | 172.67.195.85 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:30:27.746228933 CET | 1.1.1.1 | 192.168.2.10 | 0x6d68 | No error (0) | istio.saja.market | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:30:27.746228933 CET | 1.1.1.1 | 192.168.2.10 | 0x6d68 | No error (0) | service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:30:27.746228933 CET | 1.1.1.1 | 192.168.2.10 | 0x6d68 | No error (0) | 3.39.89.152 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:30:27.746228933 CET | 1.1.1.1 | 192.168.2.10 | 0x6d68 | No error (0) | 3.39.153.44 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:30:39.569680929 CET | 1.1.1.1 | 192.168.2.10 | 0x7cc4 | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:30:39.569680929 CET | 1.1.1.1 | 192.168.2.10 | 0x7cc4 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:30:39.569680929 CET | 1.1.1.1 | 192.168.2.10 | 0x7cc4 | No error (0) | shed.dual-low.s-part-0039.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:30:39.569680929 CET | 1.1.1.1 | 192.168.2.10 | 0x7cc4 | No error (0) | s-part-0039.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:30:39.569680929 CET | 1.1.1.1 | 192.168.2.10 | 0x7cc4 | No error (0) | 13.107.246.67 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.10 | 49703 | 104.168.7.38 | 80 | 7116 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 12, 2025 18:30:30.993944883 CET | 257 | OUT | |
| Mar 12, 2025 18:30:31.488995075 CET | 1236 | IN | |
| Mar 12, 2025 18:30:31.489020109 CET | 1236 | IN | |
| Mar 12, 2025 18:30:31.489031076 CET | 1236 | IN | |
| Mar 12, 2025 18:30:31.489037037 CET | 1236 | IN | |
| Mar 12, 2025 18:30:31.489044905 CET | 896 | IN | |
| Mar 12, 2025 18:30:31.489051104 CET | 1236 | IN | |
| Mar 12, 2025 18:30:31.489058018 CET | 224 | IN | |
| Mar 12, 2025 18:30:31.489284039 CET | 1236 | IN | |
| Mar 12, 2025 18:30:31.489325047 CET | 1236 | IN | |
| Mar 12, 2025 18:30:31.489336967 CET | 1236 | IN | |
| Mar 12, 2025 18:30:31.494426966 CET | 1236 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.10 | 49700 | 104.21.68.120 | 443 | 7116 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:30:26 UTC | 231 | OUT | |
| 2025-03-12 17:30:27 UTC | 1326 | IN | |
| 2025-03-12 17:30:27 UTC | 43 | IN | |
| 2025-03-12 17:30:27 UTC | 67 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.10 | 49702 | 3.39.89.152 | 443 | 7116 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:30:30 UTC | 257 | OUT | |
| 2025-03-12 17:30:30 UTC | 524 | IN | |
| 2025-03-12 17:30:30 UTC | 109 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.10 | 49705 | 13.107.246.67 | 443 | 7116 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:30:43 UTC | 226 | OUT | |
| 2025-03-12 17:30:47 UTC | 472 | IN | |
| 2025-03-12 17:30:47 UTC | 15912 | IN | |
| 2025-03-12 17:30:47 UTC | 16384 | IN | |
| 2025-03-12 17:30:47 UTC | 16384 | IN | |
| 2025-03-12 17:30:47 UTC | 16384 | IN | |
| 2025-03-12 17:30:47 UTC | 16384 | IN | |
| 2025-03-12 17:30:47 UTC | 16384 | IN | |
| 2025-03-12 17:30:47 UTC | 16384 | IN | |
| 2025-03-12 17:30:47 UTC | 16384 | IN | |
| 2025-03-12 17:30:47 UTC | 16384 | IN | |
| 2025-03-12 17:30:47 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.10 | 49706 | 13.107.246.67 | 443 | 7116 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:30:55 UTC | 214 | OUT | |
| 2025-03-12 17:30:56 UTC | 494 | IN | |
| 2025-03-12 17:30:56 UTC | 2128 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.10 | 49707 | 13.107.246.67 | 443 | 7116 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:30:55 UTC | 214 | OUT | |
| 2025-03-12 17:30:56 UTC | 470 | IN | |
| 2025-03-12 17:30:56 UTC | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 13:29:30 |
| Start date: | 12/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x570000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 12 |
| Start time: | 13:30:30 |
| Start date: | 12/03/2025 |
| Path: | C:\Windows\SysWOW64\mshta.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xa50000 |
| File size: | 13'312 bytes |
| MD5 hash: | 06B02D5C097C7DB1F109749C45F3F505 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 14 |
| Start time: | 13:30:33 |
| Start date: | 12/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7956f0000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 18 |
| Start time: | 13:30:50 |
| Start date: | 12/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x570000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly