Edit tour
Windows
Analysis Report
ORDEM DE COMPRA.xla.xlsx
Overview
General Information
| Sample name: | ORDEM DE COMPRA.xla.xlsx |
| Analysis ID: | 1636404 |
| MD5: | 2cffe74ee266afc00cdad106cc7064a1 |
| SHA1: | 5a9ad43a3a53c9ee102bbe33b21bb2c8bf3ecc76 |
| SHA256: | 0d234506eca49eb07fd6caeab63c31718877d8766b657a7a1daa4ea103be954b |
| Tags: | xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 56 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Document contains embedded VBA macros
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 6620 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
splwow64.exe (PID: 4336 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 1220 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\O RDEM DE CO MPRA.xla.x lsx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-12T18:35:50.560939+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49701 | 13.107.246.60 | 443 | TCP |
| 2025-03-12T18:35:52.974397+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49705 | 13.107.246.60 | 443 | TCP |
| 2025-03-12T18:35:52.998495+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49704 | 13.107.246.60 | 443 | TCP |
| 2025-03-12T18:35:53.013712+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49703 | 13.107.246.60 | 443 | TCP |
| 2025-03-12T18:36:02.706611+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49707 | 13.107.246.60 | 443 | TCP |
| 2025-03-12T18:36:09.912110+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49709 | 13.107.246.60 | 443 | TCP |
| 2025-03-12T18:36:09.983028+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49710 | 13.107.246.60 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD00B81574/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 25% | Virustotal | Browse | ||
| 37% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 | ||
| 100% | Avira | W97M/AVI.Agent.qeoql |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
| st3.pro | 5.161.200.29 | true | false | high | |
| s-0005.dual-s-msedge.net | 52.123.129.14 | true | false | high | |
| service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | 3.39.89.152 | true | false | high | |
| s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | high | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high | |
| link.saja.market | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high | ||
| false |
| unknown | |
| false | high | ||
| false | high | ||
| false | high | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 3.39.89.152 | service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | United States | 8987 | AMAZONEXPANSIONGB | false | |
| 104.168.7.38 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
| 5.161.200.29 | st3.pro | Germany | 24940 | HETZNER-ASDE | false | |
| 13.107.246.60 | s-part-0032.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1636404 |
| Start date and time: | 2025-03-12 18:33:36 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 2s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 17 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | ORDEM DE COMPRA.xla.xlsx |
| Detection: | MAL |
| Classification: | mal56.winXLSX@4/4@3/4 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.109.28.47, 23.199.214.10, 199.232.214.172, 52.182.143.208, 20.189.173.7, 20.189.173.1, 52.123.129.14, 40.126.31.3, 4.175.87.197
- Excluded domains from analysis (whitelisted): onedscolprdwus00.westus.cloudapp.azure.com, slscr.update.microsoft.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, login.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, onedscolprdcus04.centralus.cloudapp.azure.com, c.pki.goog, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, onedscolprdwus06.westus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, uks-azsc-000.roaming.officeapps.live.com, config.officeapps.l
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 13:35:39 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3.39.89.152 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 104.168.7.38 | Get hash | malicious | Unknown | Browse |
| |
| 5.161.200.29 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 13.107.246.60 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | ScreenConnect Tool | Browse |
| ||
| Get hash | malicious | AsyncRAT, XWorm | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | MicroClip | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| st3.pro | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| HETZNER-ASDE | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Amadey, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Captcha Phish | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Amadey, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Mamba2FA | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Mamba2FA | Browse |
| ||
| AMAZONEXPANSIONGB | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Pony | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| AS-COLOCROSSINGUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cobalt Strike | Browse |
| ||
| Get hash | malicious | Remcos, DBatLoader | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | KnowBe4 | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
⊘No context
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 784 |
| Entropy (8bit): | 2.7137690747287806 |
| Encrypted: | false |
| SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
| MD5: | 09F73B3902CD3D88E04312787956B654 |
| SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
| SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
| SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.7769794087092887 |
| Encrypted: | false |
| SSDEEP: | 3:iXKG/4N+RMlW8td:iXlMlW8/ |
| MD5: | 37BD8218D560948827D3B948CAFA579C |
| SHA1: | 24347FB0A66F2DA8AD3BAB818E3C24977104E5DA |
| SHA-256: | 189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6 |
| SHA-512: | A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.983018375656202 |
| TrID: |
|
| File name: | ORDEM DE COMPRA.xla.xlsx |
| File size: | 1'308'160 bytes |
| MD5: | 2cffe74ee266afc00cdad106cc7064a1 |
| SHA1: | 5a9ad43a3a53c9ee102bbe33b21bb2c8bf3ecc76 |
| SHA256: | 0d234506eca49eb07fd6caeab63c31718877d8766b657a7a1daa4ea103be954b |
| SHA512: | ae57fb6e8acd71e195e5b3c3876582c2c411616355791415e13ef0f9438298f1042611de49ff093cf69c0c6426ef3cee2817f84b9505ed03a35a96012e522334 |
| SSDEEP: | 24576:+JJN6EM2sTVgyawU1CGO7oaomhapQs7ANo+9npaJ0/6CYnKxuds:cJNA5xaP/O7oarhMB7Yz9paJ0/As |
| TLSH: | E0552328BBC45B0BC0DF99B94C86C6B284758DCABE26D1573398339D7836679938731C |
| File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16T00:00:00Z |
| Last Saved Time: | 2025-03-11T11:59:57Z |
| Creating Application: | |
| Security: | 0 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | false |
| Contains Dirty Links: | false |
| Shared Document: | false |
| Changed Hyperlinks: | false |
| Application Version: | 12.0000 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 8a af de dd 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 8a af 92 24 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 8a af ec 4d 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 8a af f0 fd 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.3020681057018666 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . A } . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD00B81574/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00B81574/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 1239304 |
| Entropy: | 7.996040299316133 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . . 7 : . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 c4 1b 37 3a d4 01 00 00 99 08 00 00 13 00 d4 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 d0 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00B81575/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 370 |
| Entropy: | 4.705616048560759 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . ) [ X 6 ' ! l . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . s . t . 3 . . . p . r . o . / . 3 . v . y . H . q . s . 9 . ? . & . h . i . d . e . = . d . i . r . e . f . u . l . & . p . e . n . s . i . o . n . = . t . e . r . r . i . b . l . e . & . o . u . t . c . o . m . e . = . i . d . i . o . t . i . c . & . r . a . n . c . h . = . f . a . m . o . u . s . & . l . o . a . f . e . r . . . . . y . @ V k . . Q Z . X . / ; , [ . : w . . . . t 3 . . . . . . . . . . . . |
| Data Raw: | 01 00 00 02 29 5b 9f 58 36 27 21 6c 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b e8 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 73 00 74 00 33 00 2e 00 70 00 72 00 6f 00 2f 00 33 00 76 00 79 00 48 00 71 00 73 00 39 00 3f 00 26 00 68 00 69 00 64 00 65 00 3d 00 64 00 69 00 72 00 65 00 66 00 75 00 6c 00 26 00 70 00 65 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 44834 |
| Entropy: | 7.971786805639889 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . = N . . a . " . k . n . S [ | . v X . p c . . . . . . . . . . . t . . . \\ . p . w . . Z @ | . Z ! ' . B o ^ t ; N Z ] ( G W . . . G T & s T . w f G . 1 P ^ f ] q . . . . L @ . . " A . i h . . ? r = ( ' . B . . . < . a . . . x . . . = . . . . . l S = . . . . y } v ) 5 f . . . . . . . . . . { . . . . % . . . . d # . . . . . . . U = . . . S " a . . . _ E . w p @ . . . y . . . \\ " . . . . . . . . . . . . . . . . . 1 . . . . = Z F A + ( . # C [ 3 ' % } . Z |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 3d d1 4e 15 8a ef 8d 85 61 00 ee 22 c9 04 cb 6b 08 91 f4 f4 6e ca 07 c9 f4 cb 53 5b 7c 0c ee 76 58 c9 fc 8a d9 e0 aa a7 bc 70 63 e8 b9 b3 a2 90 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 74 89 e2 00 00 00 5c 00 70 00 77 8a 02 10 c1 dd 5a ad c4 40 7c 0c 5a b0 21 27 0a 42 6f a4 5e 74 3b af a4 4e |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 529 |
| Entropy: | 5.243204896800434 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { 8 7 D 3 9 4 6 B - 9 5 4 D - 4 7 E 8 - A 1 8 6 - A E 2 8 B E 8 6 E 3 A D } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 9 7 9 5 9 0 A 7 F 0 D 9 2 F D D 2 |
| Data Raw: | 49 44 3d 22 7b 38 37 44 33 39 34 36 42 2d 39 35 34 44 2d 34 37 45 38 2d 41 31 38 36 2d 41 45 32 38 42 45 38 36 45 33 41 44 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 4.004781427604936 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.396371177390543 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E . |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 92 b3 e7 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-12T18:35:50.560939+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49701 | 13.107.246.60 | 443 | TCP |
| 2025-03-12T18:35:52.974397+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49705 | 13.107.246.60 | 443 | TCP |
| 2025-03-12T18:35:52.998495+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49704 | 13.107.246.60 | 443 | TCP |
| 2025-03-12T18:35:53.013712+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49703 | 13.107.246.60 | 443 | TCP |
| 2025-03-12T18:36:02.706611+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49707 | 13.107.246.60 | 443 | TCP |
| 2025-03-12T18:36:09.912110+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49709 | 13.107.246.60 | 443 | TCP |
| 2025-03-12T18:36:09.983028+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49710 | 13.107.246.60 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 12, 2025 18:35:29.172210932 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:29.172264099 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.7 |
| Mar 12, 2025 18:35:29.172350883 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:29.172795057 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:29.172813892 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.7 |
| Mar 12, 2025 18:35:30.850553989 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.7 |
| Mar 12, 2025 18:35:30.850656033 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:30.856365919 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:30.856379032 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.7 |
| Mar 12, 2025 18:35:30.856643915 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.7 |
| Mar 12, 2025 18:35:30.856707096 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:30.857198954 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:30.904330969 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.7 |
| Mar 12, 2025 18:35:31.321043015 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.7 |
| Mar 12, 2025 18:35:31.321106911 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:31.321125984 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.7 |
| Mar 12, 2025 18:35:31.321230888 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:31.388128996 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.7 |
| Mar 12, 2025 18:35:31.388206959 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.7 |
| Mar 12, 2025 18:35:31.388238907 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:31.388293028 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:31.425173998 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:31.425200939 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.7 |
| Mar 12, 2025 18:35:31.425215960 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:31.425244093 CET | 49697 | 443 | 192.168.2.7 | 5.161.200.29 |
| Mar 12, 2025 18:35:31.493894100 CET | 49698 | 443 | 192.168.2.7 | 3.39.89.152 |
| Mar 12, 2025 18:35:31.493941069 CET | 443 | 49698 | 3.39.89.152 | 192.168.2.7 |
| Mar 12, 2025 18:35:31.494060040 CET | 49698 | 443 | 192.168.2.7 | 3.39.89.152 |
| Mar 12, 2025 18:35:31.494390011 CET | 49698 | 443 | 192.168.2.7 | 3.39.89.152 |
| Mar 12, 2025 18:35:31.494401932 CET | 443 | 49698 | 3.39.89.152 | 192.168.2.7 |
| Mar 12, 2025 18:35:34.133915901 CET | 443 | 49698 | 3.39.89.152 | 192.168.2.7 |
| Mar 12, 2025 18:35:34.133997917 CET | 49698 | 443 | 192.168.2.7 | 3.39.89.152 |
| Mar 12, 2025 18:35:34.138892889 CET | 49698 | 443 | 192.168.2.7 | 3.39.89.152 |
| Mar 12, 2025 18:35:34.138915062 CET | 443 | 49698 | 3.39.89.152 | 192.168.2.7 |
| Mar 12, 2025 18:35:34.139154911 CET | 443 | 49698 | 3.39.89.152 | 192.168.2.7 |
| Mar 12, 2025 18:35:34.139206886 CET | 49698 | 443 | 192.168.2.7 | 3.39.89.152 |
| Mar 12, 2025 18:35:34.139600992 CET | 49698 | 443 | 192.168.2.7 | 3.39.89.152 |
| Mar 12, 2025 18:35:34.184329033 CET | 443 | 49698 | 3.39.89.152 | 192.168.2.7 |
| Mar 12, 2025 18:35:34.732450008 CET | 443 | 49698 | 3.39.89.152 | 192.168.2.7 |
| Mar 12, 2025 18:35:34.732537031 CET | 49698 | 443 | 192.168.2.7 | 3.39.89.152 |
| Mar 12, 2025 18:35:34.732563019 CET | 443 | 49698 | 3.39.89.152 | 192.168.2.7 |
| Mar 12, 2025 18:35:34.732605934 CET | 49698 | 443 | 192.168.2.7 | 3.39.89.152 |
| Mar 12, 2025 18:35:34.736356974 CET | 49698 | 443 | 192.168.2.7 | 3.39.89.152 |
| Mar 12, 2025 18:35:34.736392021 CET | 443 | 49698 | 3.39.89.152 | 192.168.2.7 |
| Mar 12, 2025 18:35:34.736450911 CET | 49698 | 443 | 192.168.2.7 | 3.39.89.152 |
| Mar 12, 2025 18:35:34.737540007 CET | 49699 | 80 | 192.168.2.7 | 104.168.7.38 |
| Mar 12, 2025 18:35:34.742250919 CET | 80 | 49699 | 104.168.7.38 | 192.168.2.7 |
| Mar 12, 2025 18:35:34.742311954 CET | 49699 | 80 | 192.168.2.7 | 104.168.7.38 |
| Mar 12, 2025 18:35:34.742419004 CET | 49699 | 80 | 192.168.2.7 | 104.168.7.38 |
| Mar 12, 2025 18:35:34.747018099 CET | 80 | 49699 | 104.168.7.38 | 192.168.2.7 |
| Mar 12, 2025 18:35:35.236979961 CET | 80 | 49699 | 104.168.7.38 | 192.168.2.7 |
| Mar 12, 2025 18:35:35.237188101 CET | 49699 | 80 | 192.168.2.7 | 104.168.7.38 |
| Mar 12, 2025 18:35:40.248254061 CET | 80 | 49699 | 104.168.7.38 | 192.168.2.7 |
| Mar 12, 2025 18:35:40.248445034 CET | 49699 | 80 | 192.168.2.7 | 104.168.7.38 |
| Mar 12, 2025 18:35:44.454125881 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:44.454170942 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:44.454653025 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:44.454653025 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:44.454684019 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:50.560863018 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:50.560939074 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.565439939 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.565459013 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:50.565721035 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:50.572536945 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.616326094 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:50.832442045 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:50.832498074 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:50.832624912 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.832654953 CET | 49701 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.832668066 CET | 443 | 49701 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:50.844670057 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.844715118 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:50.845221996 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.845371008 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.845382929 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:50.856827021 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.856861115 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:50.857086897 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.857585907 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.857594967 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:50.861052990 CET | 49705 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.861080885 CET | 443 | 49705 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:50.861412048 CET | 49705 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.861572027 CET | 49705 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:50.861587048 CET | 443 | 49705 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:52.973722935 CET | 443 | 49705 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:52.974396944 CET | 49705 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:52.974411964 CET | 443 | 49705 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:52.975756884 CET | 49705 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:52.975769043 CET | 443 | 49705 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:52.996681929 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:52.998495102 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:52.998529911 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.000096083 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:53.000102043 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.013106108 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.013711929 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:53.013721943 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.014600039 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:53.014605045 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.508091927 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.508167028 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.508399010 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:53.509224892 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:53.509253979 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.509268045 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:53.509274006 CET | 443 | 49704 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.517594099 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.517628908 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.517683029 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.517695904 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:53.517733097 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:53.517992973 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:53.518014908 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.518032074 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:53.518038988 CET | 443 | 49703 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.609025955 CET | 443 | 49705 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.609108925 CET | 443 | 49705 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:35:53.609519005 CET | 49705 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:53.609519005 CET | 49705 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:53.609569073 CET | 49705 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:35:53.609591007 CET | 443 | 49705 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:00.373861074 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:00.373898029 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:00.373986006 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:00.374335051 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:00.374347925 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:02.706528902 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:02.706610918 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:02.708537102 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:02.708549023 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:02.708889961 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:02.710166931 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:02.752324104 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.345057011 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.345088959 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.345108986 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.345163107 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.345194101 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.345210075 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.345263004 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.382005930 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.382035017 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.382087946 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.382114887 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.382137060 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.382160902 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.511691093 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.511713982 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.511769056 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.511790037 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.511816025 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.511831999 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.538305044 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.538324118 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.538369894 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.538378954 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.538430929 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.558348894 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.558367014 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.558430910 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.558445930 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.558613062 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.598366022 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.598388910 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.598450899 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.598478079 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.598500967 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.598522902 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.619270086 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.619287014 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.619355917 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.619365931 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.619405031 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.644793987 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.644813061 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.644879103 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.644886971 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.644934893 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.668833971 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.668852091 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.668930054 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.668941021 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.668994904 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.683861017 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.683877945 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.683953047 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.683965921 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.684005022 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.697074890 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.697098017 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.697173119 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.697179079 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.697263002 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.705698013 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.705717087 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.705796957 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.705806017 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.705848932 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.715965986 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.716010094 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.716070890 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.716077089 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.716118097 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.726237059 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.726258039 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.726324081 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.726330996 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.726373911 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.734893084 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.734910011 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.734985113 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.735002995 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.735148907 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.745331049 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.745347023 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.745440960 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.745466948 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.745557070 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.760102034 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.760121107 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.760185957 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.760195971 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.760221958 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.760241032 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.774422884 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.774466038 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.774523020 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.774529934 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.774558067 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.774580956 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.793669939 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.793700933 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.793740988 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.793749094 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.793792009 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.793792009 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.797149897 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.797173977 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.797226906 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.797233105 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.797265053 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.797314882 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.803796053 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.803822041 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.803867102 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.803874969 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.803909063 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.803930044 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.814055920 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.814075947 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.814129114 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.814136028 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.814167023 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.814189911 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.824232101 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.824249029 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.824321985 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.824331045 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.824736118 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.832882881 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.832901001 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.832951069 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.832958937 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.832993984 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.833004951 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.843889952 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.843909025 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.843952894 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.843961954 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.843983889 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.844002962 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.863888979 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.863912106 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.863962889 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.863977909 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.864001989 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.864018917 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.875956059 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.875996113 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.876027107 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.876036882 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.876063108 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.876082897 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.885936975 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.885957956 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.886004925 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.886013031 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.886049986 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.886075020 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.894396067 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.894413948 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.894495964 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.894504070 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.895483971 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.905667067 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.905687094 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.905733109 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.905739069 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.905788898 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.914937973 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.914953947 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.915158987 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.915164948 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.915208101 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.923599005 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.923614979 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.923702955 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.923711061 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.923752069 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.934652090 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.934691906 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.934757948 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.934762955 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.934804916 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.954894066 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.954916954 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.954972982 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.954982042 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.955029011 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.966818094 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.966837883 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.966892004 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.966897964 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.966933966 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.966933966 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.976593971 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.976619959 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.976679087 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.976686954 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.976715088 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.976735115 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.985097885 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.985117912 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.985173941 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.985182047 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.985311985 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.995332003 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.995352030 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.995436907 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:03.995445967 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:03.995934010 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.005625963 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.005644083 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.005738974 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.005745888 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.005927086 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.014333010 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.014349937 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.014413118 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.014420033 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.014530897 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.046284914 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.046309948 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.046417952 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.046433926 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.046600103 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.059371948 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.059390068 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.059485912 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.059495926 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.059658051 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.061115026 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.061132908 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.061193943 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.061202049 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.061301947 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.067459106 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.067476988 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.067554951 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.067568064 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.067712069 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.075957060 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.075980902 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.076041937 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.076054096 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.076193094 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.086409092 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.086430073 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.086486101 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.086497068 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.086605072 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.096447945 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.096467018 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.096525908 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.096537113 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.096631050 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.105350971 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.105369091 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.105434895 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.105443954 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.105551004 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.136979103 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.136997938 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.137135029 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.137145996 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.137191057 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.149864912 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.149882078 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.149955988 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.149962902 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.150082111 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.151187897 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.151211977 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.151264906 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.151271105 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.151360035 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.158070087 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.158087015 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.158153057 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.158159971 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.158272982 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.166513920 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.166529894 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.166598082 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.166604042 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.166754007 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.177028894 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.177046061 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.177118063 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.177128077 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.177269936 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.187462091 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.187480927 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.187545061 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.187551975 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.187699080 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.195729017 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.195746899 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.195807934 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.195813894 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.195907116 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.230406046 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.230427027 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.230534077 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.230544090 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.230709076 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.241154909 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.241173029 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.241244078 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.241250038 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.241379023 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.241970062 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.241986036 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.242044926 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.242050886 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.242139101 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.249373913 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.249392033 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.249469042 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.249480963 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.249607086 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.257249117 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.257266045 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.257388115 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.257395029 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.257440090 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.267596006 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.267613888 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.267726898 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.267735004 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.267771959 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.278017998 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.278037071 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.278101921 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.278106928 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.278186083 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.286371946 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.286387920 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.286463022 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.286477089 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.286555052 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.321280003 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.321297884 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.321381092 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.321388006 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.321424961 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.331670046 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.331691980 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.331757069 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.331763983 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.331855059 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.332899094 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.332917929 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.332988977 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.332994938 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.333074093 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.340131044 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.340158939 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.340200901 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.340208054 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.340225935 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.340253115 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.340260029 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.340276003 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.340516090 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.340533972 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.340544939 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.340544939 CET | 49707 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:04.340553999 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:04.340562105 CET | 443 | 49707 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:07.828268051 CET | 49709 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:07.828320026 CET | 443 | 49709 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:07.828459978 CET | 49709 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:07.828679085 CET | 49709 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:07.828691959 CET | 443 | 49709 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:07.830949068 CET | 49710 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:07.830998898 CET | 443 | 49710 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:07.831051111 CET | 49710 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:07.831199884 CET | 49710 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:07.831214905 CET | 443 | 49710 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:09.911540985 CET | 443 | 49709 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:09.912110090 CET | 49709 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:09.912134886 CET | 443 | 49709 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:09.913009882 CET | 49709 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:09.913017988 CET | 443 | 49709 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:09.982496023 CET | 443 | 49710 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:09.983027935 CET | 49710 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:09.983048916 CET | 443 | 49710 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:09.983881950 CET | 49710 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:09.983886957 CET | 443 | 49710 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:10.422518015 CET | 443 | 49709 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:10.422590017 CET | 443 | 49709 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:10.422744036 CET | 49709 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:10.422935009 CET | 49709 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:10.422935009 CET | 49709 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:10.422955036 CET | 443 | 49709 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:10.422966003 CET | 443 | 49709 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:10.485162973 CET | 443 | 49710 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:10.485184908 CET | 443 | 49710 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:10.485244036 CET | 443 | 49710 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:10.485311031 CET | 49710 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:10.485361099 CET | 49710 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:10.485627890 CET | 49710 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:10.485656023 CET | 443 | 49710 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:10.485671043 CET | 49710 | 443 | 192.168.2.7 | 13.107.246.60 |
| Mar 12, 2025 18:36:10.485680103 CET | 443 | 49710 | 13.107.246.60 | 192.168.2.7 |
| Mar 12, 2025 18:36:27.922003984 CET | 49699 | 80 | 192.168.2.7 | 104.168.7.38 |
| Mar 12, 2025 18:36:27.926846027 CET | 80 | 49699 | 104.168.7.38 | 192.168.2.7 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 12, 2025 18:35:29.157970905 CET | 53614 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 12, 2025 18:35:29.171225071 CET | 53 | 53614 | 1.1.1.1 | 192.168.2.7 |
| Mar 12, 2025 18:35:31.452990055 CET | 49770 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 12, 2025 18:35:31.489237070 CET | 53 | 49770 | 1.1.1.1 | 192.168.2.7 |
| Mar 12, 2025 18:35:44.427639961 CET | 58114 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 12, 2025 18:35:44.453104973 CET | 53 | 58114 | 1.1.1.1 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 12, 2025 18:35:29.157970905 CET | 192.168.2.7 | 1.1.1.1 | 0x830e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 12, 2025 18:35:31.452990055 CET | 192.168.2.7 | 1.1.1.1 | 0xe8a0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 12, 2025 18:35:44.427639961 CET | 192.168.2.7 | 1.1.1.1 | 0x1d79 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 12, 2025 18:34:42.168464899 CET | 1.1.1.1 | 192.168.2.7 | 0xe7ed | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:34:42.168464899 CET | 1.1.1.1 | 192.168.2.7 | 0xe7ed | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:34:42.168464899 CET | 1.1.1.1 | 192.168.2.7 | 0xe7ed | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:34:44.496404886 CET | 1.1.1.1 | 192.168.2.7 | 0xc8b4 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:34:44.496404886 CET | 1.1.1.1 | 192.168.2.7 | 0xc8b4 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:35:29.171225071 CET | 1.1.1.1 | 192.168.2.7 | 0x830e | No error (0) | 5.161.200.29 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:35:31.489237070 CET | 1.1.1.1 | 192.168.2.7 | 0xe8a0 | No error (0) | istio.saja.market | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:35:31.489237070 CET | 1.1.1.1 | 192.168.2.7 | 0xe8a0 | No error (0) | service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:35:31.489237070 CET | 1.1.1.1 | 192.168.2.7 | 0xe8a0 | No error (0) | 3.39.89.152 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:35:31.489237070 CET | 1.1.1.1 | 192.168.2.7 | 0xe8a0 | No error (0) | 3.39.153.44 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:35:44.453104973 CET | 1.1.1.1 | 192.168.2.7 | 0x1d79 | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:35:44.453104973 CET | 1.1.1.1 | 192.168.2.7 | 0x1d79 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:35:44.453104973 CET | 1.1.1.1 | 192.168.2.7 | 0x1d79 | No error (0) | shed.dual-low.s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:35:44.453104973 CET | 1.1.1.1 | 192.168.2.7 | 0x1d79 | No error (0) | s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 12, 2025 18:35:44.453104973 CET | 1.1.1.1 | 192.168.2.7 | 0x1d79 | No error (0) | 13.107.246.60 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:35:46.549302101 CET | 1.1.1.1 | 192.168.2.7 | 0x25ba | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 12, 2025 18:35:46.549302101 CET | 1.1.1.1 | 192.168.2.7 | 0x25ba | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49699 | 104.168.7.38 | 80 | 6620 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 12, 2025 18:35:34.742419004 CET | 244 | OUT | |
| Mar 12, 2025 18:35:35.236979961 CET | 539 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49697 | 5.161.200.29 | 443 | 6620 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:35:30 UTC | 259 | OUT | |
| 2025-03-12 17:35:31 UTC | 461 | IN | |
| 2025-03-12 17:35:31 UTC | 101 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49698 | 3.39.89.152 | 443 | 6620 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:35:34 UTC | 248 | OUT | |
| 2025-03-12 17:35:34 UTC | 510 | IN | |
| 2025-03-12 17:35:34 UTC | 96 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49701 | 13.107.246.60 | 443 | 6620 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:35:50 UTC | 226 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 49705 | 13.107.246.60 | 443 | 6620 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:35:52 UTC | 214 | OUT | |
| 2025-03-12 17:35:53 UTC | 471 | IN | |
| 2025-03-12 17:35:53 UTC | 474 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.7 | 49704 | 13.107.246.60 | 443 | 6620 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:35:52 UTC | 214 | OUT | |
| 2025-03-12 17:35:53 UTC | 491 | IN | |
| 2025-03-12 17:35:53 UTC | 408 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.7 | 49703 | 13.107.246.60 | 443 | 6620 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:35:53 UTC | 214 | OUT | |
| 2025-03-12 17:35:53 UTC | 515 | IN | |
| 2025-03-12 17:35:53 UTC | 3870 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.7 | 49707 | 13.107.246.60 | 443 | 1220 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:36:02 UTC | 226 | OUT | |
| 2025-03-12 17:36:03 UTC | 493 | IN | |
| 2025-03-12 17:36:03 UTC | 15891 | IN | |
| 2025-03-12 17:36:03 UTC | 16384 | IN | |
| 2025-03-12 17:36:03 UTC | 16384 | IN | |
| 2025-03-12 17:36:03 UTC | 16384 | IN | |
| 2025-03-12 17:36:03 UTC | 16384 | IN | |
| 2025-03-12 17:36:03 UTC | 16384 | IN | |
| 2025-03-12 17:36:03 UTC | 16384 | IN | |
| 2025-03-12 17:36:03 UTC | 16384 | IN | |
| 2025-03-12 17:36:03 UTC | 16384 | IN | |
| 2025-03-12 17:36:03 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.7 | 49709 | 13.107.246.60 | 443 | 1220 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:36:09 UTC | 214 | OUT | |
| 2025-03-12 17:36:10 UTC | 470 | IN | |
| 2025-03-12 17:36:10 UTC | 204 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.7 | 49710 | 13.107.246.60 | 443 | 1220 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-12 17:36:09 UTC | 214 | OUT | |
| 2025-03-12 17:36:10 UTC | 494 | IN | |
| 2025-03-12 17:36:10 UTC | 2128 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 13:34:35 |
| Start date: | 12/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xd40000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 11 |
| Start time: | 13:35:39 |
| Start date: | 12/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7c9e80000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 13 |
| Start time: | 13:35:54 |
| Start date: | 12/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xd40000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly