Edit tour
Windows
Analysis Report
Sample_Order_000000991.xls
Overview
General Information
| Sample name: | Sample_Order_000000991.xls |
| Analysis ID: | 1576233 |
| MD5: | 5f2e46c7cb021508ad4cb1cb4785af35 |
| SHA1: | 49d152547e233e76c58586fa0b0be5f341cc65b0 |
| SHA256: | 820d600f7e9de3c49ab72a5cf0eed154f8a733a971dc4d601a2941a2b1596aa1 |
| Tags: | xlsuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 80 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Machine Learning detection for sample
Microsoft Office drops suspicious files
Sigma detected: File With Uncommon Extension Created By An Office Application
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Uses a known web browser user agent for HTTP communication
Classification
- System is w11x64_office
EXCEL.EXE (PID: 8372 cmdline: "C:\Progra m Files\Mi crosoft Of fice\Root\ Office16\E XCEL.EXE" /automatio n -Embeddi ng MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77) 
mshta.exe (PID: 5092 cmdline: C:\Windows \System32\ mshta.exe -Embedding MD5: 36D15DDE6D71802D9588CC0D48EDF8EA) 
splwow64.exe (PID: 6276 cmdline: C:\Windows \splwow64. exe 12288 MD5: AF4A7EBF6114EE9E6FBCC910EC3C96E6) - splwow64.exe (PID: 2232 cmdline:
C:\Windows \splwow64. exe 12288 MD5: AF4A7EBF6114EE9E6FBCC910EC3C96E6)
appidpolicyconverter.exe (PID: 8924 cmdline: "C:\Window s\system32 \appidpoli cyconverte r.exe" MD5: 6567D9CF2545FAAC60974D9D682700D4) 
conhost.exe (PID: 8932 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 9698384842DA735D80D278A427A229AB)
- EXCEL.EXE (PID: 3836 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Root\ Office16\E XCEL.EXE" "C:\Users\ user\Deskt op\Sample_ Order_0000 00991.xls" MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule), Nasreddine Bencherchali (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: | ||
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | ReversingLabs: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Directory created: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Software Vulnerabilities | |
|---|
| Source: | Process created: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD00EC75A8/\x1Ole' : | ||
| Source: | Stream path 'MBD00EC75A8/\x1Ole' : | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Directory created: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD00EC75A6/MBD007203CB/Workbook' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Stream path 'MBD00EC75A6/MBD007203CB/Workbook' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 3 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 16% | ReversingLabs | |||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
| curt.wiz.co.cdn.gocache.net | 170.82.174.30 | true | false | high | |
| assets.msn.com | unknown | unknown | false | high | |
| curt.wiz.co | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false |
| unknown | |
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 13.107.246.63 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 192.3.179.166 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
| 170.82.174.30 | curt.wiz.co.cdn.gocache.net | Brazil | 266444 | 3LCLOUDINTERNETSERVICESLTDA-EPPBR | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1576233 |
| Start date and time: | 2024-12-16 17:09:41 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 55s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09 |
| Run name: | Potential for more IOCs and behavior |
| Number of analysed new started processes analysed: | 36 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Sample_Order_000000991.xls |
| Detection: | MAL |
| Classification: | mal80.expl.winXLS@10/39@2/3 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.28.46, 104.126.37.9, 104.126.36.248, 52.113.194.132, 52.109.89.119, 52.111.232.60, 20.42.65.91, 20.42.72.131, 184.30.24.41, 104.126.37.226, 2.19.198.226, 104.126.36.33, 104.126.37.195, 104.126.37.227, 2.19.198.233, 104.126.37.216, 104.126.37.203, 2.19.198.249, 52.109.89.18, 20.189.173.1, 4.245.163.56, 40.126.53.14, 20.223.35.26
- Excluded domains from analysis (whitelisted): e1324.dscd.akamaiedge.net, onedscolprdwus00.westus.cloudapp.azure.com, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, onedscolprdeus17.eastus.cloudapp.azure.com, tse1.mm.bing.net, weu-azsc-config.officeapps.live.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, osiprod-weu-bronze-azsc-000.westeurope.cloudapp.azure.com, login.live.com, otelrules.svc.static.microsoft, officeclient.microsoft.com, wu-b-net.trafficmanager.net, e28578.d.akamaiedge.net, res-1-tls.cdn.office.net, enrichment.osi.office.net, e40491.dscg.akamaiedge.net, ecs.office.com, assets.msn.com.edgekey.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, fd.api.iris.microsoft.com, uci.cdn.office.net, ctldl.windowsupdate.com, weu-azsc-000.odc.officeapps.live.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, res-prod.trafficmanager.net, owamail.public.cdn.office.net.edgekey.net, s-0005.s
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadFile calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetValueKey calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: Sample_Order_000000991.xls
| Time | Type | Description |
|---|---|---|
| 11:11:45 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 13.107.246.63 | Get hash | malicious | Unknown | Browse |
| |
| 170.82.174.30 | Get hash | malicious | Pushdo | Browse |
| |
| Get hash | malicious | Pushdo | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Pushdo, DanaBot, SmokeLoader | Browse |
| ||
| Get hash | malicious | Pushdo, DanaBot, SmokeLoader | Browse |
| ||
| Get hash | malicious | Pushdo, DanaBot, SmokeLoader | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| curt.wiz.co.cdn.gocache.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| bg.microsoft.map.fastly.net | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3LCLOUDINTERNETSERVICESLTDA-EPPBR | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Moobot | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| AS-COLOCROSSINGUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cobalt Strike, Remcos | Browse |
| ||
| Get hash | malicious | Cobalt Strike, Remcos | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 258a5a1e95b8a911872bae9081526644 | Get hash | malicious | Unknown | Browse |
| |
| 091f51a7a1c3a4504a224cc081ce9cee | Get hash | malicious | Unknown | Browse |
|
⊘No context
C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6475 |
| Entropy (8bit): | 5.329748836880874 |
| Encrypted: | false |
| SSDEEP: | 96:WctuNOYd9Dq8SCE0oMctcAN/NSZDecpdBBn010nt:huU/VrcAdNWdBBn010t |
| MD5: | 5641191BC18C820C396831F8C1241B32 |
| SHA1: | 78DE225915B4CFD3D28C95A058F4A3F1D952E888 |
| SHA-256: | 74F77BE97A1BCE5F44917D579CF8CAE6AE07528F2B0DA3F9C9D4D8E3945C77D9 |
| SHA-512: | 65F8028C8AC74CCA27AF473C2D597EE45909E0764CBD63FF855EDB3AA5FB27C442C1F3873CDEF541F0F7FFB85B1DF7AC417FD849BC57F7F9DA8AB4366D2C092A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 152108 |
| Entropy (8bit): | 2.359527138105575 |
| Encrypted: | false |
| SSDEEP: | 1536:RHploNy4tU9MBFjvSO6E/cq9N6hvkFrRT5m:aGym |
| MD5: | 1AD2124B6332DD6D201B7A7D73C1993C |
| SHA1: | 43A30ABD5BD05A195673877267B8C92AE5E110D2 |
| SHA-256: | 2CB0DF77A44B945DE978EC0A753BE80AC56FBA0D905F82DE064780335F2E41A7 |
| SHA-512: | 965D96652D87EB38221B809CCA8142B8176778CFE20EC505C275510818AC7AED6070D78F94B5E4FFE0A4B54CB46AF16BFBB3E65A7997A24794B299967EDF6EFE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 152108 |
| Entropy (8bit): | 2.359527138105575 |
| Encrypted: | false |
| SSDEEP: | 1536:RHploNy4tU9MBFjvSO6E/cq9N6hvkFrRT5m:aGym |
| MD5: | 1AD2124B6332DD6D201B7A7D73C1993C |
| SHA1: | 43A30ABD5BD05A195673877267B8C92AE5E110D2 |
| SHA-256: | 2CB0DF77A44B945DE978EC0A753BE80AC56FBA0D905F82DE064780335F2E41A7 |
| SHA-512: | 965D96652D87EB38221B809CCA8142B8176778CFE20EC505C275510818AC7AED6070D78F94B5E4FFE0A4B54CB46AF16BFBB3E65A7997A24794B299967EDF6EFE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 109544 |
| Entropy (8bit): | 4.282675970330063 |
| Encrypted: | false |
| SSDEEP: | 768:I4KlWqWxZiDQ4hHdCUeHxCDJB9Cnh3KCg0F9BV:I42WxF4MyeKCV |
| MD5: | F7B9A8F20E64B2CB6B572BCBA5866236 |
| SHA1: | 2F092A0A518639332BE76BF60DBB966AC331D356 |
| SHA-256: | 72447B22A4BBC05B9E9183DF2ADB712AB51C3A45C6247C2303024197D1623F57 |
| SHA-512: | 4A78624A9EB02208F3F30D03CC53EBE00BDD2C59E8F7719E35E706D51CD2F8D0D330BE6D6FAD2A9652536F888CB99E0CBE1E3B97A05EA65CB5914C37C501B728 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 98872 |
| Entropy (8bit): | 2.3146858690534673 |
| Encrypted: | false |
| SSDEEP: | 768:XOU4vdx1DW7ohBb66mQK4BTonxqQbApQK6c:+5wc |
| MD5: | CFAA73290044E624A73BAC9B0EA4850E |
| SHA1: | ABFC1ADAC891C8621C8F73F1ABA3A9292E18D54C |
| SHA-256: | 3272107F4C00B6057E1F11EAFF43FCCC4BBD459FB671591F164639F4D919F235 |
| SHA-512: | 0474CC4960A60609DE1C2773747B457857FA2BBD3E27064B59623D0D0006C63BFD4AEA945D57B921D1C78F279C539387DC30FA0FB05955116E871537D9B632AD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 44256 |
| Entropy (8bit): | 3.15066292565687 |
| Encrypted: | false |
| SSDEEP: | 384:IhpMW5NFNimpUIuOjwTsiyGGiugBhUErpxTORe4tyIWY5:BWzi+8+GGidBhUErpxTORe4tyI9 |
| MD5: | F1EC2E98B0F577B675156B13DCF94105 |
| SHA1: | 4FF2D02051E92771FBB245BA8095C80148A0F61A |
| SHA-256: | 66AFB9C12E20A08F9A713C366EDE8A9CD8F4A93B7D7BFC76205013C28A3250E9 |
| SHA-512: | 6E442DB49BF2A429AD2CA7CB3804D79791C1E1FEB414F69FDDD58042E98C5AA5BFC1C751713DB76DD58DC9F3CAC3A7C491228797A909F8FD0291048E8F2FC9BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 44256 |
| Entropy (8bit): | 3.147465798679962 |
| Encrypted: | false |
| SSDEEP: | 384:j1W5NF0vUXfOjwTsiyGGiugBhUErpxTORe4tyJ2c:ZWYW+GGidBhUErpxTORe4ty5 |
| MD5: | 36D8FF25D14E7E2FBB1968E952FF9C17 |
| SHA1: | E3BD7140DA6CAD87C5A1D5417DFBDD7B0E67B110 |
| SHA-256: | 305DCBFBEB9FFEE587E061D779CA1DDF31939ECD64EEE7D8A22BA9D640B48633 |
| SHA-512: | B4B753222F617F78B36949BD9F37E13D68D9FD7367484BEE799F0D7AE38E1705E997A6409251BC2B9830012536FBD08C3C6CB7411D9122F939833F38E303DCBF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8084 |
| Entropy (8bit): | 2.5551694039574895 |
| Encrypted: | false |
| SSDEEP: | 96:j+RiOO++Z39FAcRwxBdEtzBfCC7Boff8oBJ6ANQ4HJV:jtGNOzBArH |
| MD5: | 721E8AAC81F0A6D4659831CB8194D668 |
| SHA1: | 6BE0CEFAEC9F0B1EAD9DE03C8D4679767CF8B549 |
| SHA-256: | E52DF310BB20C42F738A3C8E03ED4110CB795B8A07AE5D4E474EA075564B1622 |
| SHA-512: | 24CACEED3153493E34988C35628FAA2C198C9B13AFDD8ABC214EFBA0ACCD0579BADCD5EB0F76F5BDA16D3A279DB4DF4BB218ABD5FFD751C6E62676BD1AAEF2E7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8184 |
| Entropy (8bit): | 2.134027179798306 |
| Encrypted: | false |
| SSDEEP: | 96:EV5g2s88nDfgs/I5i9OWZBKlA2B79sIRdYZgmR7qii1Bo1V:EaoRfWZ4V79FdigmR7qii1Bo |
| MD5: | 331C2C9C442C76A749D84D57B5515818 |
| SHA1: | E754B0650D15D892EEC8B24DA991AED1290B5D96 |
| SHA-256: | D9BF530C063351C003E3CCFF707D0A25C27BE3E00F225AEFE46099B8BA450C2F |
| SHA-512: | 62302CABE9FB5749ED6B1DDDBF539DB50044E6619571F9E0B7E2FFD05D4ECC6717DE080405DED6CE84712DC3D4E8B6FD423ADE32BBB45144DE3777EFC73CD2D6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 153152 |
| Entropy (8bit): | 2.3472680698198136 |
| Encrypted: | false |
| SSDEEP: | 1536:pmU/GN+DAtQaqrUPig97qG7bIQWkaYgJh7P:ql+P |
| MD5: | DFB02E0536D88C844DF72C1633F32527 |
| SHA1: | DDC6C0DDA77057393F4C2771BB813A015130055F |
| SHA-256: | 3F7FDB3133F50750C57C8D886E52501BDEA5D505735C7ECB9B8D7DE62B2C5C33 |
| SHA-512: | 9072C3CB9B5029305FCB3CD9755C1EF77E1E410AB6D03E5123E0D40ECA4EA9E48952FA6ABB867EA430914BD152C8BCD63050582C4F2DAAABAE1F2B70C049218C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 98872 |
| Entropy (8bit): | 2.316808701184858 |
| Encrypted: | false |
| SSDEEP: | 768:XOFTvXx1DW7ohBb66mQK4BTonxqQbApQK6c:+rwc |
| MD5: | F297EE68B7BE544EE3920254407D4785 |
| SHA1: | E21FDD54C4762C9E07B2833723A5D19F3F21954B |
| SHA-256: | F3BE08A10ACEC172D32F09B725B3272F2FE064113E4918A8B80994C35E182600 |
| SHA-512: | EA54DA70A856455A0EDEFFDA8EBEE3B6F6CA642D5DA39134BCA4974C8637AE17FF30B41C8B04C39E0FE5059DA41B14A8B3505A970A9168C6F7D66EEA46D8D88D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1293620 |
| Entropy (8bit): | 4.563127917199792 |
| Encrypted: | false |
| SSDEEP: | 6144:HepUelSAzNeNpVAZSedri2/Op4mD3f5ReZdZJElOFmkDrvwA2w4Meh/q4MmuRDrM:HepRlSPiS4ri2/lmzCJEuL1eU1muq |
| MD5: | F71C973B5E362DFD6408D6C009E5643E |
| SHA1: | 24B3CE67B31BFD4791287932206D54C73489424E |
| SHA-256: | 27D0986B7EC233689490135118670F01325F21DFD6F60492AF5D62C7CF1E3045 |
| SHA-512: | 4C3F506BC4313437C9194EED3CD5AB6616490AE376FC61DD38D8E00F975C41A23FC8D322E41CFBEC380F04F49ADF6E77A3B22BB5C96EBE714F5713B09838F1F4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 98872 |
| Entropy (8bit): | 2.3146858690534673 |
| Encrypted: | false |
| SSDEEP: | 768:XOU4vdx1DW7ohBb66mQK4BTonxqQbApQK6c:+5wc |
| MD5: | CFAA73290044E624A73BAC9B0EA4850E |
| SHA1: | ABFC1ADAC891C8621C8F73F1ABA3A9292E18D54C |
| SHA-256: | 3272107F4C00B6057E1F11EAFF43FCCC4BBD459FB671591F164639F4D919F235 |
| SHA-512: | 0474CC4960A60609DE1C2773747B457857FA2BBD3E27064B59623D0D0006C63BFD4AEA945D57B921D1C78F279C539387DC30FA0FB05955116E871537D9B632AD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 134544 |
| Entropy (8bit): | 2.9527588414114754 |
| Encrypted: | false |
| SSDEEP: | 768:P0WYNNkN2HtS1u40TiTKAvGNLnvfKx4t1cEU9W3V/DOEsx:pYN/Ni0TiTKeYjfKx4tCEU9W35psx |
| MD5: | 83F48FDD46D3424E92E24E709EAB5960 |
| SHA1: | 6CEE65663B48B56BDFF6756C38C1F4190EAC6E12 |
| SHA-256: | 77F4BCE7FBE1E2F98A04DC51994467460B255135535CDE954EEE8180F500C6AE |
| SHA-512: | 8F781049001FC063EDB9B4352C0EA05D8DA9DCFC599234A58258C6FB4C4CED2B862A701081F10B68E286124413AD04F4AAAB485D376B0A2FB04167AFF121F47E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 149960 |
| Entropy (8bit): | 2.3657136332104285 |
| Encrypted: | false |
| SSDEEP: | 1536:5HSKz0eZQJYAkQDnGvVf1oLJknhmUI/F+gd:VHed |
| MD5: | 4179DAC0933C3FE6ACF7763A454073C7 |
| SHA1: | 0C1CDC7DF9A0B063E9C594A133F46872566F6F4B |
| SHA-256: | DD3E933FE3F9EA455E46830F3A4CA1B258D5AB1F503CFE4DA45A724B077DF402 |
| SHA-512: | 28A3D5E9AEBDD9224801E5658DC29BE969A60D34E61A9CA7D0A4048FD5EF48446BF405E4CFE1EAB48A0950277FB9831142B7B70A9EA102297B26E18BE5A59622 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 150296 |
| Entropy (8bit): | 2.3654152975835117 |
| Encrypted: | false |
| SSDEEP: | 1536:zHkoj0eZQJYAkQDnGvVf1oLJknhmUI/FKtQH4VGHhxdjExEe+:nHHQH4VGHhxdjExEe+ |
| MD5: | 09C88DE93998B14C92B9D22E3773C35F |
| SHA1: | FF036185AE0E1A4F0E165F714CA7929265BC2A2B |
| SHA-256: | 615C627F96430207D9D967DF05B66B1B98AB1DC25DF14A9D551143E989DB903C |
| SHA-512: | AEC206438D8FB264F48BBE139EEFFEB58F64D638275BDAA2522C75C90679BC7E9CA263E9EF797DD83B95714C21EF9B07017AC769998B697C93171E5154953DA9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 99352 |
| Entropy (8bit): | 2.3158027648425534 |
| Encrypted: | false |
| SSDEEP: | 768:hOk4vt1Dr7ohr86uA4K4BTonxqQbApQK6c:Uxwc |
| MD5: | 5C0F792B289CBAED97B09A984FFF9B64 |
| SHA1: | CE7C47BB0A1A65FEB5D82478A8B565C672CA2434 |
| SHA-256: | A967B0F54AE3B4408ED75A7219EF8C8653D8D464F59865F286323DAE5B8EE1C9 |
| SHA-512: | 7D793D62373A12B3552DB533AE418F1B4E2151D0061D334593DCCA52A141516066656A51E8C74A73F9B578A1DF78FA29DD6C38BCB43276D13D75CEFD1E613C1E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 152108 |
| Entropy (8bit): | 2.359527138105575 |
| Encrypted: | false |
| SSDEEP: | 1536:RHploNy4tU9MBFjvSO6E/cq9N6hvkFrRT5m:aGym |
| MD5: | 1AD2124B6332DD6D201B7A7D73C1993C |
| SHA1: | 43A30ABD5BD05A195673877267B8C92AE5E110D2 |
| SHA-256: | 2CB0DF77A44B945DE978EC0A753BE80AC56FBA0D905F82DE064780335F2E41A7 |
| SHA-512: | 965D96652D87EB38221B809CCA8142B8176778CFE20EC505C275510818AC7AED6070D78F94B5E4FFE0A4B54CB46AF16BFBB3E65A7997A24794B299967EDF6EFE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8184 |
| Entropy (8bit): | 2.134027179798306 |
| Encrypted: | false |
| SSDEEP: | 96:EV5g2s88nDfgs/I5i9OWZBKlA2B79sIRdYZgmR7qii1Bo1V:EaoRfWZ4V79FdigmR7qii1Bo |
| MD5: | 331C2C9C442C76A749D84D57B5515818 |
| SHA1: | E754B0650D15D892EEC8B24DA991AED1290B5D96 |
| SHA-256: | D9BF530C063351C003E3CCFF707D0A25C27BE3E00F225AEFE46099B8BA450C2F |
| SHA-512: | 62302CABE9FB5749ED6B1DDDBF539DB50044E6619571F9E0B7E2FFD05D4ECC6717DE080405DED6CE84712DC3D4E8B6FD423ADE32BBB45144DE3777EFC73CD2D6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8184 |
| Entropy (8bit): | 2.1455625695309903 |
| Encrypted: | false |
| SSDEEP: | 96:EV5g2s88nDfgsre5/9BWZBKlA2B79sIRdYZgmR7qii1Bo1V:Eao/3WZ4V79FdigmR7qii1Bo |
| MD5: | 166E15E6411E8EB7ECCD59CC4DAD22FD |
| SHA1: | 261F3C4499A501E9B99B71AD270E4E7EE85810CB |
| SHA-256: | E63169147812C672E11CC8BA9515ADF0BF345A7ABF230F17AE366280CA06EFFC |
| SHA-512: | 3DBF43AD6D6FFAF5DF26DB59AB01E3939824D8ADBB4C268F4DE54D68CDB0462FE9FFFCFFB1D8C4200D05C84A014FA61F156487C63AA2CF91B407F52D67BCC6DE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 98872 |
| Entropy (8bit): | 2.3146858690534673 |
| Encrypted: | false |
| SSDEEP: | 768:XOU4vdx1DW7ohBb66mQK4BTonxqQbApQK6c:+5wc |
| MD5: | CFAA73290044E624A73BAC9B0EA4850E |
| SHA1: | ABFC1ADAC891C8621C8F73F1ABA3A9292E18D54C |
| SHA-256: | 3272107F4C00B6057E1F11EAFF43FCCC4BBD459FB671591F164639F4D919F235 |
| SHA-512: | 0474CC4960A60609DE1C2773747B457857FA2BBD3E27064B59623D0D0006C63BFD4AEA945D57B921D1C78F279C539387DC30FA0FB05955116E871537D9B632AD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8184 |
| Entropy (8bit): | 2.134027179798306 |
| Encrypted: | false |
| SSDEEP: | 96:EV5g2s88nDfgs/I5i9OWZBKlA2B79sIRdYZgmR7qii1Bo1V:EaoRfWZ4V79FdigmR7qii1Bo |
| MD5: | 331C2C9C442C76A749D84D57B5515818 |
| SHA1: | E754B0650D15D892EEC8B24DA991AED1290B5D96 |
| SHA-256: | D9BF530C063351C003E3CCFF707D0A25C27BE3E00F225AEFE46099B8BA450C2F |
| SHA-512: | 62302CABE9FB5749ED6B1DDDBF539DB50044E6619571F9E0B7E2FFD05D4ECC6717DE080405DED6CE84712DC3D4E8B6FD423ADE32BBB45144DE3777EFC73CD2D6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8208 |
| Entropy (8bit): | 2.137951691468796 |
| Encrypted: | false |
| SSDEEP: | 96:Eeg2s88nDfgDoV5p9HWZBwA2B79sIRdYZgmR7qii1Bo1V:E/oDe3WZm79FdigmR7qii1Bo |
| MD5: | 00EA65B9FBAD77085F46D0AF69FB8966 |
| SHA1: | 2AF2508476FE744304B93C98C6951BFB959CE668 |
| SHA-256: | 0A7907AE117A65F43DB59E2BE73ACE198BD72BA38B156C187C895FF52CA31F7D |
| SHA-512: | 501A0EDEB100363FA238C19EFF8FADB3A9BB74D6F955F6249426EF2E07F5B4745B62CCDBEA2A201CDBA097A9ED9193313D9AAA5B1343523AECD8E88D23B187BB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0TF3KEZE\newthingswithgreatupdateiongivenbestthingswithme[1].hta 
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 7096 |
| Entropy (8bit): | 2.899765589959644 |
| Encrypted: | false |
| SSDEEP: | 192:tXaCEHKFlVum2oum2QB3S5KUJDVUKhC74GVf/AyK+v6Aq1FRl7zP4IDIfz3tesny:tlEHKFlVum2oum2QB3S5KUJDVUKhC74J |
| MD5: | 7D9BEC59DBCA1A2AD5FAC1FC9F0F1A2B |
| SHA1: | C2DE3306F897439FF8191D8AE8AE7232E6C8840A |
| SHA-256: | E74F99EB68083D39899C8F3A378782BF2DF1C4A145F6D58385050FA74D1B5D85 |
| SHA-512: | D8D1BB72D2E7DA925D71337E50E7CFD63898E44D7F30D160FC3133F88DF525192349A112E5304D64D2C5C073AC2D2A9C6B51EB0F4CE57D7B308B4747BFED05BA |
| Malicious: | true |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1734365443932454300_BC23A93E-E8E1-40DD-B016-9BAD94628977.log
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20971520 |
| Entropy (8bit): | 8.112143835430977E-5 |
| Encrypted: | false |
| SSDEEP: | 3:Tuekk9NJtHFfs1XsExe/t:qeVJ8 |
| MD5: | AFDEAC461EEC32D754D8E6017E845D21 |
| SHA1: | 5D0874C19B70638A0737696AEEE55BFCC80D7ED8 |
| SHA-256: | 3A96B02F6A09F6A6FAC2A44A5842FF9AEB17EB4D633E48ABF6ADDF6FB447C7E2 |
| SHA-512: | CAB6B8F9FFDBD80210F42219BAC8F1124D6C0B6995C5128995F7F48CED8EF0F2159EA06A2CD09B1FDCD409719F94A7DB437C708D3B1FDA01FDC80141A4595FC7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1734365443932918000_BC23A93E-E8E1-40DD-B016-9BAD94628977.log
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20971520 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
| SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
| SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
| SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Additional\Additional1734365531516917300_583F2022-82E8-47CA-A000-50A7E67F377B.log
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71 |
| Entropy (8bit): | 4.3462513114457515 |
| Encrypted: | false |
| SSDEEP: | 3:Tuekk9NJtHFfs1XsExen:qeVJ8u |
| MD5: | 8F4510F128F81A8BAF2A345D00F7E30C |
| SHA1: | 8C711E6C484881ECDC83B6BDAC41C7A19EDE9C37 |
| SHA-256: | 15AA8B35FC5F139EF0B0FBC641CAA862AED19674625B81D1DC63467BC0AAFED9 |
| SHA-512: | 78695E5E2337703757903B8452E31A98F860022B04972651212C3004FEBE29017380A8BCA9FCCFD935DE00D8BD73AA556C30A3CEA5FC76E7ADF7E7763D68E78F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1734365443929622100_BC23A93E-E8E1-40DD-B016-9BAD94628977.log
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20971520 |
| Entropy (8bit): | 0.19849279207766837 |
| Encrypted: | false |
| SSDEEP: | 1536:gx07A251r0K1w90VGmLwjzQ1UATiHvj31T1cmSvbmVYiDSyphElcRJKzeh1pFK0m:97XF1w6GPHJmvaFDHPz |
| MD5: | BDF651FF7018FC2F3D79F6C61776B776 |
| SHA1: | 57285418E5FB0B0E5DF4858C468858D00DF4DF12 |
| SHA-256: | E1815ABC5BFA870DA244C6AA16ED6C3B500B4303DD32D67A0FFE93D3D324DD22 |
| SHA-512: | 7C3935436E4BDFA8F0B84117D89FC6E43A68EC4394277AB0FF083B3334975130059F97B057CE8209442323E02463057DCBD088F01AE408856ED2EC3703318A62 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1734365443930045400_BC23A93E-E8E1-40DD-B016-9BAD94628977.log
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20971520 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
| SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
| SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
| SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Primary1734365531515281500_583F2022-82E8-47CA-A000-50A7E67F377B.log
Download File
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 314231 |
| Entropy (8bit): | 5.067691520243612 |
| Encrypted: | false |
| SSDEEP: | 1536:gl4JK+vG9SSjY0znMuqVDxrvYMjjCay96t9Wj+s1EnE6/ZFe7hgqkUtPvpBAKGBH:nJzSj7MuEVrbYiXLDGFqsS |
| MD5: | 13A1506296B2D56E256E29BAD5D700BF |
| SHA1: | 5C76A1A65FBDFC18C3E33540304E9AB4C7DF22DD |
| SHA-256: | 3B8997394A3343071C443611FE7C0C3E8634822408F0F71FFCF90416A9E3F3AA |
| SHA-512: | C9CE87E7A3947ED64E5C0E57439BDA6DB9DC5551D4842F45C5B8E2CB10262A1AA81590564A1B726AF53B17F2B943F4AF7A6B3C3B4B412B50586E86397724BD07 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 208896 |
| Entropy (8bit): | 6.59345197003677 |
| Encrypted: | false |
| SSDEEP: | 6144:ZICk3hbdlylKsgwyzcTbWhZFVE+WaxHARWhcIQ7PIDqZ8:6eW+IYPJ |
| MD5: | 6F1714A0CB907CDAC8D2F42C595F9DCD |
| SHA1: | 3E0F24E3DBCB1773F1E21D6722550616D41E03EB |
| SHA-256: | 40662E6FAB1E8A3B347A204B377E253F3289FAF017A1C8783316AA15270EFDAC |
| SHA-512: | 9979ED2083486564AB5DB0E88E03DF93351F63A1ADA515BEB5A1377BBA65154750EBDC74A6D2AF878E95079A5000FFCB9163D2F8C5FEE363DD2A73E380F729D7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54272 |
| Entropy (8bit): | 7.3538973760927036 |
| Encrypted: | false |
| SSDEEP: | 768:Jz1VIHbSIpsp3/10qfTaClc4xJNzD/1FCUpeZ8Ak5mhvMYVZAf:JzQHbXpsJ2crDtkFZ8nukB |
| MD5: | 2B56930A897184EDF0677CAB1B5CEFA0 |
| SHA1: | 94611BB14B7EEAAFA26C150B540DA128EDA1612A |
| SHA-256: | 6EA98D87F4F478E53CC97A316AC1FF884C94F5BF85C0C092BA9C75E386FCDC49 |
| SHA-512: | 2930017DE2777B5A3E91677E8E040045A88C2874328308D4946777691A9EB34FCCD16C9649DA7242E717AEBA546E892CE38138233B3AB2320814732DD192E9A5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 40960 |
| Entropy (8bit): | 7.472720761062885 |
| Encrypted: | false |
| SSDEEP: | 768:XJM/DwTOipXXGvdfBwEhkYB2UHCNqWCK7ilqjq7:XJ2cp4tSEqpA+UHl3 |
| MD5: | 00BEE7347BB4EFFCAD3815B148391717 |
| SHA1: | 1FF6E964D267340B6855EF335164060462E02608 |
| SHA-256: | 6C6B1279E05528FD9C0EE6CE2554FFC0693BF3F4AE8A8FA6676E1B3CB91D9C2C |
| SHA-512: | 4A27D98775CFD1521ED633E0693D3751F44BC328A8C6FA23E57F33E7937CBD342E5CD6E76D644449680DAB4249EBD41DBF878F7F29DC901A8BD46258A3D2D27C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 836608 |
| Entropy (8bit): | 7.630939315272473 |
| Encrypted: | false |
| SSDEEP: | 12288:7JW+EJEUiOIBUzMTS3D3DERnLRmF8DhEPvxpsAQx1Zj+jHEPgYPJDTNy:6BaGbARM8Af8Z+j2gYPJD |
| MD5: | 9D1F56CE250E18C079AFA267F653E7DE |
| SHA1: | DB8F07E05AA17B7C038E15AA2D78E28113AD3C33 |
| SHA-256: | D866C41598EFB182B5064C87C02C2BD2722CD330E77DECAF1684730082ED4836 |
| SHA-512: | 12B1E674C4528F4EF8ABD2B9DF61760892C98F94E9476A1E98DB844363CA7357812623D4804D63C0A7C93968C7C28014522FAA574B72F30BA8B2DAF5A3D7152C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 836608 |
| Entropy (8bit): | 7.630939315272473 |
| Encrypted: | false |
| SSDEEP: | 12288:7JW+EJEUiOIBUzMTS3D3DERnLRmF8DhEPvxpsAQx1Zj+jHEPgYPJDTNy:6BaGbARM8Af8Z+j2gYPJD |
| MD5: | 9D1F56CE250E18C079AFA267F653E7DE |
| SHA1: | DB8F07E05AA17B7C038E15AA2D78E28113AD3C33 |
| SHA-256: | D866C41598EFB182B5064C87C02C2BD2722CD330E77DECAF1684730082ED4836 |
| SHA-512: | 12B1E674C4528F4EF8ABD2B9DF61760892C98F94E9476A1E98DB844363CA7357812623D4804D63C0A7C93968C7C28014522FAA574B72F30BA8B2DAF5A3D7152C |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.749181455603862 |
| TrID: |
|
| File name: | Sample_Order_000000991.xls |
| File size: | 1'106'944 bytes |
| MD5: | 5f2e46c7cb021508ad4cb1cb4785af35 |
| SHA1: | 49d152547e233e76c58586fa0b0be5f341cc65b0 |
| SHA256: | 820d600f7e9de3c49ab72a5cf0eed154f8a733a971dc4d601a2941a2b1596aa1 |
| SHA512: | 2b25d71308e8636d0caefbdb24181061da7d620dfc525422e46455ee0bd205801b8a863ffcc292e81b2636e067776010df0be3596dbefd157f5459b5fdddd8be |
| SSDEEP: | 12288:bymzHJEUiOIBUzMTSHD3DERnLRmF8D9EPbxpsAQx1Zj+jeEPubjxAzrGbxzX7n41:hBaKbARM8k78Z+jppr8zr4i4Q8+a5d |
| TLSH: | D035F1E5BB8D9B11C615123475F357AE1B10AC03EA02427B36F8731D1AFB6D08647FA6 |
| File Content Preview: | ........................>...................................M...................O...P...Q...R...................=...>...X.......m.......o...................................................................................................................... |
 | |
| Icon Hash: | 35ed8e920e8c81b5 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2024-12-16 00:52:08 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | MBD00EC75A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` ! . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 60 98 21 8f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | MBD00EC75A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` 3 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 60 98 fe 33 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | MBD00EC75A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 60 98 0b bc 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 fd 7f bc c8 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 fd 7f 95 e7 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 fd 7f 38 1b 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 fd 7f aa 95 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.2403503175049813 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . , T O . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD00EC75A5/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EC75A5/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 37036 |
| Entropy: | 7.720975169587741 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . 8 . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 b7 a1 38 de e3 01 00 00 cb 09 00 00 13 00 e9 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 e5 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EC75A6/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EC75A6/\x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.701136490257069 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F e u i l 1 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 9f 00 00 00 |
General | |
| Stream Path: | MBD00EC75A6/\x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 220 |
| Entropy: | 3.372234242231489 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . \\ . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ; { ) . @ . . . . Z % . } . @ . . . . % ? ` * C . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 ac 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 04 00 00 00 50 00 00 00 08 00 00 00 5c 00 00 00 12 00 00 00 68 00 00 00 0b 00 00 00 80 00 00 00 0c 00 00 00 8c 00 00 00 0d 00 00 00 98 00 00 00 13 00 00 00 a4 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | MBD00EC75A6/MBD0018D4CE/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 20 |
| Entropy: | 0.5689955935892812 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EC75A6/MBD0018D4CE/\x3ObjInfo |
| CLSID: | |
| File Type: | data |
| Stream Size: | 4 |
| Entropy: | 0.8112781244591328 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . |
| Data Raw: | 00 00 03 00 |
General | |
| Stream Path: | MBD00EC75A6/MBD0018D4CE/Contents |
| CLSID: | |
| File Type: | Corel Photo-Paint image, version 9, 716 x 547 RGB 24 bits, 11811024 micro dots/mm, 4 blocks, array offset 0x13c |
| Stream Size: | 197671 |
| Entropy: | 6.989042939766534 |
| Base64 Encoded: | True |
| Data ASCII: | C P T 9 F I L E . . . . . . . . . . . . . . . . 8 . 8 . . . . . . . . . . . . . . . . . . . . < . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 43 50 54 39 46 49 4c 45 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 38 b4 00 d0 38 b4 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 01 00 94 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EC75A6/MBD0068D442/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.219515110876372 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EC75A6/MBD0068D442/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 26243 |
| Entropy: | 7.635433729726103 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . & . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 a1 26 fd 83 92 01 00 00 ae 05 00 00 13 00 e0 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 dc 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EC75A6/MBD007203CB/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EC75A6/MBD007203CB/\x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 248 |
| Entropy: | 3.0523231150355867 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P u r c h a s e O r d e r T e m p l a t e . . . . . . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a2 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | MBD00EC75A6/MBD007203CB/\x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 256 |
| Entropy: | 4.086306928392587 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . B r a t i s l a v M i l o j e v i c | E L M E D d . o . o . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . N ; . . @ . . . . . . . @ . . . . v @ n ) C . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 d0 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 04 00 00 00 50 00 00 00 08 00 00 00 7c 00 00 00 12 00 00 00 8c 00 00 00 0b 00 00 00 a4 00 00 00 0c 00 00 00 b0 00 00 00 0d 00 00 00 bc 00 00 00 13 00 00 00 c8 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | MBD00EC75A6/MBD007203CB/Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 134792 |
| Entropy: | 7.974168320310173 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . Z i ^ . m . q l % . w " . x . Z q C b g i ' . h . . # . . . . . . . P . . . \\ . p . . 6 u ! l ( n y I T 5 W { L : 1 J . S . . . . 0 x . 3 . ` . X { ( / z 7 / . 8 x X g X # v . . [ d C y . . s . ] G 9 m . u . . . B . . . R a . . . . . . . = . . . L . . . O . . r 7 . v . . . " . . . . " _ K : . . . . . . . . . j # . . . . K . . . . . . . . = . . . " j ! ; . g . . @ . . . . . . . ^ " . . . 9 . . . . r . . . . . . . 1 . . . : . t . ? e . ) n S P x . b & 1 |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 5a 69 5e 2e a6 e0 6d 97 16 71 6c a3 ef b8 25 05 77 88 22 87 ec d8 b3 78 17 a4 5a 71 43 ad a8 c2 62 67 69 b8 d9 e2 27 83 c8 df b8 f6 68 1b 05 23 e1 00 02 00 b0 04 c1 00 02 00 ef 50 e2 00 00 00 5c 00 70 00 13 36 75 21 6c 28 6e bd 95 81 f4 c7 79 fa 49 54 35 99 57 f1 85 8d fb f3 e2 7b 4c b1 ea 3a |
General | |
| Stream Path: | MBD00EC75A6/MBD007203CB/_VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 468 |
| Entropy: | 5.269289820125323 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { 1 9 C 9 4 3 8 D - F 0 7 5 - 4 2 6 8 - 9 E 6 E - 7 B 8 A E 6 6 D 5 A 0 F } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " C D C F 3 A 0 A C A D 2 C E D 2 C E D 2 C E D 2 C E " . . D P B = " 9 9 9 B 6 E 9 3 6 F 9 |
| Data Raw: | 49 44 3d 22 7b 31 39 43 39 34 33 38 44 2d 46 30 37 35 2d 34 32 36 38 2d 39 45 36 45 2d 37 42 38 41 45 36 36 44 35 41 30 46 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | MBD00EC75A6/MBD007203CB/_VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 83 |
| Entropy: | 3.0672749060249043 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EC75A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2486 |
| Entropy: | 3.9244127831265385 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | MBD00EC75A6/MBD007203CB/_VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 536 |
| Entropy: | 6.330646364694152 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . C W ] i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . |
| Data Raw: | 01 14 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 43 57 5d 69 12 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
General | |
| Stream Path: | MBD00EC75A6/MBD00726B69/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.219515110876372 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EC75A6/MBD00726B69/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 26242 |
| Entropy: | 7.635424485665502 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . & . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 a1 26 fd 83 92 01 00 00 ae 05 00 00 13 00 e0 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 dc 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EC75A6/Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 283872 |
| Entropy: | 7.743278150467805 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . a . . . . . . . . = . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . H < l - 9 . . . . . . . X . @ . . . . . . . . . . |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
General | |
| Stream Path: | MBD00EC75A7/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EC75A7/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 45934 |
| Entropy: | 7.5587990853484195 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . . ~ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 8c e9 8c 8c 7e 01 00 00 8c 05 00 00 13 00 dc 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 d8 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00EC75A8/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 534 |
| Entropy: | 5.935579973086395 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . y M . 7 . . . . . . . . . . . . ( . . . y . . . K . $ . . . h . t . t . p . s . : . / . / . c . u . r . t . . . w . i . z . . . c . o . / . d . y . I . r . U . F . o . d . P . X . ? . & . i . s . r . a . e . l . = . c . a . l . m . & . s . i . n . k . . . . . = & S r @ m & y . : = . z : k . A . . / p P . y . 7 . c S @ . 9 O d ? 0 . ! J . . 6 f k + . P p . . - 8 n . . l . . O ! 0 w S . [ . t S ] F X @ . . A . ( b + ! . t . W . P t x . . n g v . . . . . . . . . . . . . . . . . . . . C . V . x . H . 4 |
| Data Raw: | 01 00 00 02 79 ad eb 4d c7 dd 81 37 00 00 00 00 00 00 00 00 00 00 00 00 28 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 24 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 63 00 75 00 72 00 74 00 2e 00 77 00 69 00 7a 00 2e 00 63 00 6f 00 2f 00 64 00 79 00 49 00 72 00 55 00 46 00 6f 00 64 00 50 00 58 00 3f 00 26 00 69 00 73 00 72 00 61 00 65 00 6c 00 3d 00 63 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 316516 |
| Entropy: | 7.9985439637784825 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . 0 I ' s e m J . Z i . 8 f v V . . & . 7 k a . . . . . . . . . . . . \\ . p . 3 ? . . 8 { ^ x ? r " + 7 s P r v . o a 3 . K D _ Q _ . F 8 . . 7 m / 1 [ . j . . X . A ] 6 P p 4 . y M ; . Q k . B . . . 1 a . . . ~ . . . = . . . d . . S . . . } t T . N 4 . F . . . . . . . . . . . . . R . . . . . r ~ . . . w ) . . . 6 = . . . . . u , . b 9 2 ) K F @ . . . . . . . m " . . . . . . . . , . . . x . . . V 1 . . . t ] q N . s . . Q . . . U ^ Y 1 . . . . * C F . |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 ad f5 92 30 c4 49 27 73 f6 da 65 94 b5 6d 4a 09 e5 a3 5a 69 c0 db 09 38 8f e0 66 b3 76 56 0d 17 26 9a f6 02 d1 ed b8 88 c6 37 6b a8 f7 61 92 02 e1 00 02 00 b0 04 c1 00 02 00 c5 8a e2 00 00 00 5c 00 70 00 33 b7 3f be ea ed 8c 16 b5 c2 8f 38 8f 7b 5e 78 de 3f d6 72 f3 83 c9 d3 22 ec a0 2b e7 d5 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 527 |
| Entropy: | 5.186824719766999 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { 6 4 3 C 2 6 B 9 - 4 A 5 6 - 4 4 D 8 - A 2 3 E - F 0 D E 4 D D 5 B C 6 E } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 2 4 2 6 2 A 3 9 3 A 4 2 3 E 4 2 3 |
| Data Raw: | 49 44 3d 22 7b 36 34 33 43 32 36 42 39 2d 34 41 35 36 2d 34 34 44 38 2d 41 32 33 45 2d 46 30 44 45 34 44 44 35 42 43 36 45 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.9976692862346583 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 16, 2024 17:11:36.349508047 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:36.349560976 CET | 443 | 49719 | 170.82.174.30 | 192.168.2.25 |
| Dec 16, 2024 17:11:36.349679947 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:36.350600958 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:36.350610018 CET | 443 | 49719 | 170.82.174.30 | 192.168.2.25 |
| Dec 16, 2024 17:11:37.789371967 CET | 443 | 49719 | 170.82.174.30 | 192.168.2.25 |
| Dec 16, 2024 17:11:37.789437056 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:37.791584969 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:37.791598082 CET | 443 | 49719 | 170.82.174.30 | 192.168.2.25 |
| Dec 16, 2024 17:11:37.792637110 CET | 443 | 49719 | 170.82.174.30 | 192.168.2.25 |
| Dec 16, 2024 17:11:37.792717934 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:37.801779985 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:37.801846027 CET | 443 | 49719 | 170.82.174.30 | 192.168.2.25 |
| Dec 16, 2024 17:11:37.801923037 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:37.801929951 CET | 443 | 49719 | 170.82.174.30 | 192.168.2.25 |
| Dec 16, 2024 17:11:37.801976919 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:37.803915977 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:37.851330042 CET | 443 | 49719 | 170.82.174.30 | 192.168.2.25 |
| Dec 16, 2024 17:11:38.741487026 CET | 443 | 49719 | 170.82.174.30 | 192.168.2.25 |
| Dec 16, 2024 17:11:38.741636992 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:38.741667032 CET | 443 | 49719 | 170.82.174.30 | 192.168.2.25 |
| Dec 16, 2024 17:11:38.741719007 CET | 443 | 49719 | 170.82.174.30 | 192.168.2.25 |
| Dec 16, 2024 17:11:38.741719961 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:38.741766930 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:38.745441914 CET | 49719 | 443 | 192.168.2.25 | 170.82.174.30 |
| Dec 16, 2024 17:11:38.745456934 CET | 443 | 49719 | 170.82.174.30 | 192.168.2.25 |
| Dec 16, 2024 17:11:38.747056961 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:38.866913080 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:38.867019892 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:38.867249966 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:38.987049103 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:39.976670980 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:39.976752043 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:39.977494955 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:39.977533102 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:39.977617025 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:39.980971098 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:39.981004953 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:39.981029987 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:39.981054068 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:39.984774113 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:39.984808922 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:39.984864950 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:39.984884024 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:39.988666058 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:39.988701105 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:39.988727093 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:39.988748074 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:39.993984938 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:39.994076967 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.097238064 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.097376108 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.097966909 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.098032951 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.101017952 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.101103067 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.166552067 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.166585922 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.168842077 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.169742107 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.169821024 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.172939062 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.173875093 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.173929930 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.181304932 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.181356907 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.182527065 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.182570934 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.190275908 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.191150904 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.191224098 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.198402882 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.198467970 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.199271917 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.199326038 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.206581116 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.207473993 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.207542896 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.217473030 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.217530012 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.219224930 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.219719887 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.223428011 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.223504066 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.224364996 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.224412918 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.231784105 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.232692003 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.232752085 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.240353107 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.240783930 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.241168976 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.241209984 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.247895956 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.247967005 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.248807907 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.248914003 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:40.287094116 CET | 80 | 49724 | 192.3.179.166 | 192.168.2.25 |
| Dec 16, 2024 17:11:40.287209988 CET | 49724 | 80 | 192.168.2.25 | 192.3.179.166 |
| Dec 16, 2024 17:11:46.594733953 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:46.594825983 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:46.594933033 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:46.599172115 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:46.599210024 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:48.613333941 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:48.613462925 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:48.633510113 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:48.633548975 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:48.634018898 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:48.653512001 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:48.695334911 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.150450945 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.150482893 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.150512934 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.150590897 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.150636911 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.150695086 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.275652885 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.275728941 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.275790930 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.275845051 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.275887012 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.275909901 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.329087019 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.329117060 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.329236984 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.329262972 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.329782009 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.439189911 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.439253092 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.439296007 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.439321041 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.439352036 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.439373016 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.479265928 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.479336023 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.479356050 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.479368925 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.479398012 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.479417086 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.503850937 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.503890038 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.503936052 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.503948927 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.503978968 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.503993034 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.525286913 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.525310993 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.525394917 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.525437117 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.525460005 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.525480032 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.621493101 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.621529102 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.621685028 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.621715069 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.621762991 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.641185045 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.641222954 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.641254902 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.641269922 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.641304016 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.641324997 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.657110929 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.657147884 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.657191992 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.657236099 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.657258034 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.657304049 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.669276953 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.669311047 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.669397116 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.669406891 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.669451952 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.680366993 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.680397987 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.680433035 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.680448055 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.680485010 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.680504084 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.692013979 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.692037106 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.692073107 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.692080975 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.692120075 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.692137957 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.702610016 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.702636957 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.702673912 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.702682018 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.702713966 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.702769995 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.805015087 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.805058956 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.805099964 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.805124044 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.805165052 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.805186987 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.815135002 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.815164089 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.815251112 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.815267086 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.815284014 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.815310001 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.824027061 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.824048996 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.824137926 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.824148893 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.824244976 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.832767963 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.832792997 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.832848072 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.832858086 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.832894087 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.832912922 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.841012955 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.841036081 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.841094971 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.841111898 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.841149092 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.841164112 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.850225925 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.850245953 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.850286961 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.850297928 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.850337982 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.850362062 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.858640909 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.858660936 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.858710051 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.858750105 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.858768940 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.858812094 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.868417978 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.868439913 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.868484020 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.868544102 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.868573904 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.868607044 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.999557972 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.999581099 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.999670982 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.999718904 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:49.999738932 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:49.999789000 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:50.001077890 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:50.001168966 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:50.001250029 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:50.001521111 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:50.001547098 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:11:50.001562119 CET | 49734 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:11:50.001569986 CET | 443 | 49734 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:17.050272942 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:17.050319910 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:17.050412893 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:17.051105022 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:17.051120996 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:18.775175095 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:18.775266886 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:18.778059959 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:18.778074980 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:18.778318882 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:18.779238939 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:18.819346905 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.315644026 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.315674067 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.315686941 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.315768957 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.315792084 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.316302061 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.478945971 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.478967905 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.479065895 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.479089975 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.479361057 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.513822079 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.513840914 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.513891935 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.513917923 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.513943911 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.513958931 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.659013987 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.659044981 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.659096956 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.659125090 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.659145117 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.659324884 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.689771891 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.689802885 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.689850092 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.689881086 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.689907074 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.689920902 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.717828989 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.717859030 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.717973948 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.717992067 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.718415022 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.734932899 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.734966993 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.735066891 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.735095024 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.736012936 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.849874973 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.849911928 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.849986076 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.850009918 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.850279093 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.866584063 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.866617918 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.866664886 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.866688967 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.866712093 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.866738081 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.879756927 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.879785061 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.879878044 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.879904985 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.880079985 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.894828081 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.894845009 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.894928932 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.894949913 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.894984007 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.909482002 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.909507036 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.909555912 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.909580946 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.909593105 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.909786940 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.923933029 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.923966885 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.924053907 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.924077034 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.924108982 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.924134016 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.938802958 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.938843012 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.938879013 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.938900948 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:19.938915014 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:19.939096928 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.039040089 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.039066076 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.039144039 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.039160013 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.039205074 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.050271988 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.050297022 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.050374985 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.050395012 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.050457954 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.060714006 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.060741901 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.060844898 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.060859919 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.060909986 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.072691917 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.072715998 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.072874069 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.072892904 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.072932959 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.084202051 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.084230900 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.084369898 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.084388971 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.084424973 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.095844030 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.095868111 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.095989943 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.096008062 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.096232891 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.105014086 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.105038881 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.105139971 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.105158091 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.105762959 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.110584021 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.110613108 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.110730886 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.110750914 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.110785007 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.231096029 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.231122017 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.231192112 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.231223106 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.231287956 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.231287956 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.239135027 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.239167929 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.239221096 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.239234924 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.239272118 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.247236013 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.247267008 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.247347116 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.247359037 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.247406960 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.253272057 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.253295898 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.253350019 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.253361940 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.253411055 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.253426075 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.260833979 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.260857105 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.260925055 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.260943890 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.261081934 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.267965078 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.267992020 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.268064022 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.268073082 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.268131018 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.275733948 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.275758028 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.275839090 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.275850058 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.275882006 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.275906086 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.288609028 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.288640022 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.288697958 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.288705111 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.288760900 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.424010038 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.424035072 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.424120903 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.424141884 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.424180031 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.431178093 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.431194067 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.431323051 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.431333065 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.431375980 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.438319921 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.438338041 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.438412905 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.438425064 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.438468933 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.446065903 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.446088076 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.446146011 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.446155071 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.446208954 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.453016996 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.453041077 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.453094959 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.453104019 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.453156948 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.460033894 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.460057020 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.460127115 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.460139990 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.460196018 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.467725039 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.467741013 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.467824936 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.467830896 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.467871904 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.481051922 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.481070995 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.481142044 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.481158018 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.481195927 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.616416931 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.616450071 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.616527081 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.616559982 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.616651058 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.623431921 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.623470068 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.623568058 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.623590946 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.623617887 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.623641968 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.631071091 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.631123066 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.631197929 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.631222010 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.631233931 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.631417990 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.642013073 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.642035961 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.642097950 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.642124891 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.642141104 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.642174959 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.648745060 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.648765087 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.648868084 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.648890018 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.649141073 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.656425953 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.656446934 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.656589985 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.656610012 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.656670094 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.896230936 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.896256924 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.896313906 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.896333933 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.896353006 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.896370888 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.939069986 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.939088106 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.939137936 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.939151049 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.939163923 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.939192057 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.939213037 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.939219952 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.939270973 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.942301989 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.942322969 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.942383051 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.942389965 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.951415062 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.951447010 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.951486111 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.951497078 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.951561928 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.959055901 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.959072113 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:20.959140062 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:20.959148884 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.013289928 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.016621113 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.016638994 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.016704082 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.016710997 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.016753912 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.064078093 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.064096928 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.064155102 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.064162970 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.064213991 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.072424889 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.072441101 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.072484970 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.072491884 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.072531939 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.084590912 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.084623098 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.084698915 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.084711075 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.084749937 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.091763020 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.091782093 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.091877937 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.091885090 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.091919899 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.100512981 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.100528955 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.100641012 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.100646019 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.100678921 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.109134912 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.109152079 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.109244108 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.109250069 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.109281063 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.119066000 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.119081020 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.119177103 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.119184971 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.121857882 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.127068043 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.127087116 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.127140045 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.127145052 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.127197027 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.135566950 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.135598898 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.135624886 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.135631084 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.135664940 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.144223928 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.144238949 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.144314051 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.144318104 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.144330025 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.144356012 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.205785036 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.205811977 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.205858946 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.205868006 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.205916882 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.214235067 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.214251041 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.214298964 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.214303970 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.214353085 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.223874092 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.223893881 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.223942995 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.223947048 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.224029064 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.231956959 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.231975079 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.232081890 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.232086897 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.232127905 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.240300894 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.240320921 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.240365982 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.240370989 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.240550041 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.248991966 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.249027014 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.249079943 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.249084949 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.249121904 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.249133110 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.249167919 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.249253035 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.249264956 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Dec 16, 2024 17:12:21.249274015 CET | 49745 | 443 | 192.168.2.25 | 13.107.246.63 |
| Dec 16, 2024 17:12:21.249279022 CET | 443 | 49745 | 13.107.246.63 | 192.168.2.25 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 16, 2024 17:11:36.209588051 CET | 60669 | 53 | 192.168.2.25 | 1.1.1.1 |
| Dec 16, 2024 17:11:36.348732948 CET | 53 | 60669 | 1.1.1.1 | 192.168.2.25 |
| Dec 16, 2024 17:12:03.680989981 CET | 60669 | 53 | 192.168.2.25 | 1.1.1.1 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 16, 2024 17:11:36.209588051 CET | 192.168.2.25 | 1.1.1.1 | 0xec33 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 16, 2024 17:12:03.680989981 CET | 192.168.2.25 | 1.1.1.1 | 0x5f6d | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 16, 2024 17:11:36.348732948 CET | 1.1.1.1 | 192.168.2.25 | 0xec33 | No error (0) | curt.wiz.co.cdn.gocache.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 16, 2024 17:11:36.348732948 CET | 1.1.1.1 | 192.168.2.25 | 0xec33 | No error (0) | 170.82.174.30 | A (IP address) | IN (0x0001) | false | ||
| Dec 16, 2024 17:11:36.348732948 CET | 1.1.1.1 | 192.168.2.25 | 0xec33 | No error (0) | 170.82.173.30 | A (IP address) | IN (0x0001) | false | ||
| Dec 16, 2024 17:11:54.194489002 CET | 1.1.1.1 | 192.168.2.25 | 0x30b8 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Dec 16, 2024 17:11:54.194489002 CET | 1.1.1.1 | 192.168.2.25 | 0x30b8 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Dec 16, 2024 17:12:03.821816921 CET | 1.1.1.1 | 192.168.2.25 | 0x5f6d | No error (0) | assets.msn.com.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.25 | 49724 | 192.3.179.166 | 80 | 8372 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 16, 2024 17:11:38.867249966 CET | 273 | OUT | |
| Dec 16, 2024 17:11:39.976670980 CET | 1236 | IN | |
| Dec 16, 2024 17:11:39.977494955 CET | 1236 | IN | |
| Dec 16, 2024 17:11:39.977533102 CET | 1236 | IN | |
| Dec 16, 2024 17:11:39.980971098 CET | 1236 | IN | |
| Dec 16, 2024 17:11:39.981004953 CET | 1236 | IN | |
| Dec 16, 2024 17:11:39.984774113 CET | 1236 | IN | |
| Dec 16, 2024 17:11:39.984808922 CET | 1236 | IN | |
| Dec 16, 2024 17:11:39.988666058 CET | 1000 | IN | |
| Dec 16, 2024 17:11:39.988701105 CET | 1236 | IN | |
| Dec 16, 2024 17:11:39.993984938 CET | 1236 | IN | |
| Dec 16, 2024 17:11:40.097238064 CET | 1236 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.25 | 49719 | 170.82.174.30 | 443 | 8372 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-16 16:11:37 UTC | 237 | OUT | |
| 2024-12-16 16:11:38 UTC | 980 | IN | |
| 2024-12-16 16:11:38 UTC | 105 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 1 | 192.168.2.25 | 49734 | 13.107.246.63 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-16 16:11:48 UTC | 222 | OUT | |
| 2024-12-16 16:11:49 UTC | 471 | IN | |
| 2024-12-16 16:11:49 UTC | 15913 | IN | |
| 2024-12-16 16:11:49 UTC | 16384 | IN | |
| 2024-12-16 16:11:49 UTC | 16384 | IN | |
| 2024-12-16 16:11:49 UTC | 16384 | IN | |
| 2024-12-16 16:11:49 UTC | 16384 | IN | |
| 2024-12-16 16:11:49 UTC | 16384 | IN | |
| 2024-12-16 16:11:49 UTC | 16384 | IN | |
| 2024-12-16 16:11:49 UTC | 16384 | IN | |
| 2024-12-16 16:11:49 UTC | 16384 | IN | |
| 2024-12-16 16:11:49 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.25 | 49745 | 13.107.246.63 | 443 | 3836 | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-16 16:12:18 UTC | 226 | OUT | |
| 2024-12-16 16:12:19 UTC | 500 | IN | |
| 2024-12-16 16:12:19 UTC | 15884 | IN | |
| 2024-12-16 16:12:19 UTC | 16384 | IN | |
| 2024-12-16 16:12:19 UTC | 16384 | IN | |
| 2024-12-16 16:12:19 UTC | 16384 | IN | |
| 2024-12-16 16:12:19 UTC | 16384 | IN | |
| 2024-12-16 16:12:19 UTC | 16384 | IN | |
| 2024-12-16 16:12:19 UTC | 16384 | IN | |
| 2024-12-16 16:12:19 UTC | 16384 | IN | |
| 2024-12-16 16:12:19 UTC | 16384 | IN | |
| 2024-12-16 16:12:19 UTC | 16384 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 11:10:41 |
| Start date: | 16/12/2024 |
| Path: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff790540000 |
| File size: | 70'082'712 bytes |
| MD5 hash: | F9F7B6C42211B06E7AC3E4B60AA8FB77 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 4 |
| Start time: | 11:11:12 |
| Start date: | 16/12/2024 |
| Path: | C:\Windows\System32\appidpolicyconverter.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff700040000 |
| File size: | 155'648 bytes |
| MD5 hash: | 6567D9CF2545FAAC60974D9D682700D4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 11:11:12 |
| Start date: | 16/12/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7c7360000 |
| File size: | 1'040'384 bytes |
| MD5 hash: | 9698384842DA735D80D278A427A229AB |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 14 |
| Start time: | 11:11:38 |
| Start date: | 16/12/2024 |
| Path: | C:\Windows\System32\mshta.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7d8840000 |
| File size: | 32'768 bytes |
| MD5 hash: | 36D15DDE6D71802D9588CC0D48EDF8EA |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 17 |
| Start time: | 11:11:45 |
| Start date: | 16/12/2024 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7a4380000 |
| File size: | 192'512 bytes |
| MD5 hash: | AF4A7EBF6114EE9E6FBCC910EC3C96E6 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 19 |
| Start time: | 11:11:47 |
| Start date: | 16/12/2024 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7a4380000 |
| File size: | 192'512 bytes |
| MD5 hash: | AF4A7EBF6114EE9E6FBCC910EC3C96E6 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 29 |
| Start time: | 11:12:11 |
| Start date: | 16/12/2024 |
| Path: | C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff790540000 |
| File size: | 70'082'712 bytes |
| MD5 hash: | F9F7B6C42211B06E7AC3E4B60AA8FB77 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet1" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
| 9 | Attribute VB_Name = "Sheet1" |
| 10 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 11 | Attribute VB_GlobalNameSpace = False |
| 12 | Attribute VB_Creatable = False |
| 13 | Attribute VB_PredeclaredId = True |
| 14 | Attribute VB_Exposed = True |
| 15 | Attribute VB_TemplateDerived = False |
| 16 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "Sheet2" |
| 2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
| 9 | Attribute VB_Name = "Sheet2" |
| 10 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
| 11 | Attribute VB_GlobalNameSpace = False |
| 12 | Attribute VB_Creatable = False |
| 13 | Attribute VB_PredeclaredId = True |
| 14 | Attribute VB_Exposed = True |
| 15 | Attribute VB_TemplateDerived = False |
| 16 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
| Line | Content |
|---|---|
| 1 | Attribute VB_Name = "ThisWorkbook" |
| 2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
| 3 | Attribute VB_GlobalNameSpace = False |
| 4 | Attribute VB_Creatable = False |
| 5 | Attribute VB_PredeclaredId = True |
| 6 | Attribute VB_Exposed = True |
| 7 | Attribute VB_TemplateDerived = False |
| 8 | Attribute VB_Customizable = True |
| 9 | Attribute VB_Name = "ThisWorkbook" |
| 10 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
| 11 | Attribute VB_GlobalNameSpace = False |
| 12 | Attribute VB_Creatable = False |
| 13 | Attribute VB_PredeclaredId = True |
| 14 | Attribute VB_Exposed = True |
| 15 | Attribute VB_TemplateDerived = False |
| 16 | Attribute VB_Customizable = True |