Edit tour
Windows
Analysis Report
Purchase Order.xla.xlsx
Overview
General Information
| Sample name: | Purchase Order.xla.xlsx |
| Analysis ID: | 1632080 |
| MD5: | dad37e3090b45447788f8175d0d25a67 |
| SHA1: | be59341ac2a206ddc30a67bdb8951a792a690b96 |
| SHA256: | fc49f63b65f6ec5493e8ac495c22e1ac56ced2531cdbe24c37be758723695c53 |
| Tags: | CVE-2017-0199xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 60 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Excel sheet contains many unusual embedded objects
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 7148 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
splwow64.exe (PID: 4468 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 3652 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\P urchase Or der.xla.xl sx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T19:32:48.580774+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.6 | 49698 | 13.107.246.60 | 443 | TCP |
| 2025-03-07T19:32:56.829202+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.6 | 49700 | 13.107.246.60 | 443 | TCP |
| 2025-03-07T19:32:56.874999+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.6 | 49699 | 13.107.246.60 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD0026E067/\x1Ole' : | ||
| Source: | Stream path 'MBD0026E067/\x1Ole' : | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD0026E066/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Stream path 'Package' entropy: | ||
| Source: | Stream path 'MBD0026E066/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 43% | Virustotal | Browse | ||
| 37% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 | ||
| 100% | Avira | W97M/AVI.Agent.nvusu |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| link.orai.io | 104.26.0.139 | true | false | high | |
| st3.pro | 5.161.200.29 | true | false | high | |
| s-0005.dual-s-msedge.net | 52.123.129.14 | true | false | high | |
| s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | high | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false |
| unknown | |
| false | high | ||
| false | high | ||
| false | high | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.26.0.139 | link.orai.io | United States | 13335 | CLOUDFLARENETUS | false | |
| 5.161.200.29 | st3.pro | Germany | 24940 | HETZNER-ASDE | false | |
| 13.107.246.60 | s-part-0032.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1632080 |
| Start date and time: | 2025-03-07 19:30:20 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 29s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Without Instrumentation |
| Number of analysed new started processes analysed: | 12 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Purchase Order.xla.xlsx |
| Detection: | MAL |
| Classification: | mal60.winXLSX@4/9@3/3 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, WMIADA P.exe, conhost.exe, svchost.ex e - Excluded IPs from analysis (wh
itelisted): 52.109.76.240, 23. 60.203.209, 52.109.28.47, 20.1 89.173.24, 52.109.32.97, 20.42 .72.131, 52.123.129.14, 20.190 .159.130 - Excluded domains from analysis
(whitelisted): fs-wildcard.mi crosoft.com.edgekey.net, fs-wi ldcard.microsoft.com.edgekey.n et.globalredir.akadns.net, eur .roaming1.live.com.akadns.net, mobile.events.data.microsoft. com, roaming.officeapps.live.c om, dual-s-0005-office.config. skype.com, login.live.com, off iceclient.microsoft.com, prod. fs.microsoft.com.akadns.net, u kw-azsc-config.officeapps.live .com, c.pki.goog, ecs.office.c om, self-events-data.trafficma nager.net, fs.microsoft.com, p rod.configsvc1.live.com.akadns .net, self.events.data.microso ft.com, ctldl.windowsupdate.co m, prod.roaming1.live.com.akad ns.net, osiprod-uks-buff-azsc- 000.uksouth.cloudapp.azure.com , neu-azsc-config.officeapps.l ive.com, uks-azsc-000.roaming. officeapps.live.com, config.of ficeapps.live.com, e16604.f.ak amaiedge.net, onedscolprdeus00 .eastus.cloudapp.azure.com, on edscolprdwus23.westus.cloudapp .azure.com, ecs.office.traffic manager.net, europe.configsvc1 .live.com.akadns.net, mobile.e vents.data.trafficmanager.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 13:32:40 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.26.0.139 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 5.161.200.29 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 13.107.246.60 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| link.orai.io | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| st3.pro | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| HETZNER-ASDE | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer, PureLog Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
⊘No context
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 784 |
| Entropy (8bit): | 2.7137690747287806 |
| Encrypted: | false |
| SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
| MD5: | 09F73B3902CD3D88E04312787956B654 |
| SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
| SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
| SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1056768 |
| Entropy (8bit): | 7.965377006992582 |
| Encrypted: | false |
| SSDEEP: | 24576:zuCwF0EtC90qOU48EOIb7QaXtA3hK40UY86TyJIwg:sq4bcLY+zg |
| MD5: | 5159CB0F8AE2538FEB7A535169339A88 |
| SHA1: | D51A02FDD2D7EDEC2D73A853ED42A339814D29FF |
| SHA-256: | B3E7FA8416E2F6E8B5019DEE679195325B499C26944173E25A61FE99827AB0C8 |
| SHA-512: | 090EFA712CF9D323BD222AAB9433DCD3BAD2A508AAA455102EB48C5BC05121B3DF1CC4F73406B4511CF9D1D68B2AC2614A93BFF33C57A4300EB82AB04BACE2F9 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1077248 |
| Entropy (8bit): | 7.937097366046363 |
| Encrypted: | false |
| SSDEEP: | 24576:guCwF0EtC90qOU48EOIb7QaXtA3hK40UY86TyJIwg:/q4bcLY+zg |
| MD5: | AA4B54FA8A957960AC89E49DF93B551D |
| SHA1: | 4FC8E436DD1AD37D5A139BD0E716389A6144E58E |
| SHA-256: | FA3AE06A6F6D3CF594140B7EDC4B44B9C9F55FC8A5107A520C15EE16CAB879AF |
| SHA-512: | 17BBC892AB556A8ABA425D070EB08021F761C9B5B0FA18820711C6ABE53E8F0ED1E4DCAC3AC850C864F5BD0A93B1547D5537D02A358EE744BF9FCD3BDBD2CFFC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1343488 |
| Entropy (8bit): | 7.989247598537048 |
| Encrypted: | false |
| SSDEEP: | 24576:euCwF0EtC90qOU48EOIb7QaXtA3hK40UY86TyJIwgB6Ffw:hq4bcLY+zgA |
| MD5: | 8AB286D4DD1C170892739E3102A958D5 |
| SHA1: | D70138FD1E50918D6E68E9693EB74CB6FD8716DA |
| SHA-256: | 6DAFE2B2DDC52F0BB1A0BEA104FEFB4E3EF7F82AF89E711FFC5152C74760522B |
| SHA-512: | 40E06F1EFD187E9926ED60A7DD8420394E1FDE0079A1D7D29085AD086674B06FBF03BC259DA69E3277F0912B35D87173166A1C0E89ED56871ED73025A7B08A25 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | modified |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1343488 |
| Entropy (8bit): | 7.989247598537048 |
| Encrypted: | false |
| SSDEEP: | 24576:euCwF0EtC90qOU48EOIb7QaXtA3hK40UY86TyJIwgB6Ffw:hq4bcLY+zgA |
| MD5: | 8AB286D4DD1C170892739E3102A958D5 |
| SHA1: | D70138FD1E50918D6E68E9693EB74CB6FD8716DA |
| SHA-256: | 6DAFE2B2DDC52F0BB1A0BEA104FEFB4E3EF7F82AF89E711FFC5152C74760522B |
| SHA-512: | 40E06F1EFD187E9926ED60A7DD8420394E1FDE0079A1D7D29085AD086674B06FBF03BC259DA69E3277F0912B35D87173166A1C0E89ED56871ED73025A7B08A25 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.610853976637159 |
| Encrypted: | false |
| SSDEEP: | 3:iXFQLjLlAWFd:97 |
| MD5: | CA2C2DB316A89F044206082EEB3A366E |
| SHA1: | B1B7DFF94B991B26093AA29BF3793DDE245412E1 |
| SHA-256: | 12393F1035745AD02C149920E37AFFE459CD0448A2AFEE25C1FABA8060758FF7 |
| SHA-512: | 66BC8C779431737A3FA00AF7697C299BC473B6FD22D48914986821DA7C0AB90554D32F7F2B471EAB5410F9C0DE7E076F4D6DEDDCCE1948818F7781DAE9EDEBE7 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.980127087808385 |
| TrID: |
|
| File name: | Purchase Order.xla.xlsx |
| File size: | 1'231'360 bytes |
| MD5: | dad37e3090b45447788f8175d0d25a67 |
| SHA1: | be59341ac2a206ddc30a67bdb8951a792a690b96 |
| SHA256: | fc49f63b65f6ec5493e8ac495c22e1ac56ced2531cdbe24c37be758723695c53 |
| SHA512: | 7780cef11801ccad2ab86ef47bb2b5d7f48268935a75c36d2fd6dc1e3e08b8fa0fc2a504e5ebe63971bdd73210ed5e54ed6a32f0b6b045f266968be21ad1817c |
| SSDEEP: | 24576:xJIwgbtTgdAnIOXR8YhbBWvdp8tLUWBMDcPrhU3Vjo+nQFSMCxpVGWT:xzgZTcM8YkpwLUwhyo+nKSfzVGWT |
| TLSH: | 534523E4ED947E02CF4B867A5B4AD41E9427FE4E3349900B3134775A063BA7C46F6A0E |
| File Content Preview: | ........................>...............................................................................................................y.......{.............................................................................................................. |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-06 02:58:22 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c da a3 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c f9 12 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c 9c 8a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c 95 85 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.226575879994164 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . C . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD0026E066/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD0026E066/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 919251 |
| Entropy: | 7.992716595778883 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . h . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 d5 68 cd d7 f9 01 00 00 da 08 00 00 13 00 c4 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c0 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD0026E067/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 984 |
| Entropy: | 5.527672040042076 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . o . 0 . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . l . i . n . k . . . o . r . a . i . . . i . o . / . b . D . t . O . t . A . ? . & . d . i . s . a . s . t . e . r . = . v . o . l . a . t . i . l . e . & . c . h . i . p . m . u . n . k . = . d . i . z . z . y . & . a . l . a . r . m . = . o . b . s . e . r . v . a . n . t . & . t . u . t . u . . . 7 C P . . H . ? . Y . 4 u ? K . D 0 . . n 2 . b [ 2 . K , O . > a a % A . Y P j . @ . g n < . r " K \\ . * ( * . B . |
| Data Raw: | 01 00 00 02 83 9a f6 6f da 0f ac 30 00 00 00 00 00 00 00 00 00 00 00 00 9e 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 9a 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6c 00 69 00 6e 00 6b 00 2e 00 6f 00 72 00 61 00 69 00 2e 00 69 00 6f 00 2f 00 62 00 44 00 74 00 4f 00 74 00 41 00 3f 00 26 00 64 00 69 00 73 00 61 00 73 00 74 00 65 00 72 00 3d 00 76 00 6f 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 287688 |
| Entropy: | 7.998293666295266 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . . n A @ . l O 6 o 4 Q * . 1 G y K i T J ( ( Z . . . . . . . . . . . . . . . \\ . p . . 1 . 2 . T . 1 . . k ; ] t . f a . . f , > . m " . ) . z . k + ? ~ ) 6 o . K p . . . b H t O } . . O D + . K B . ; b P B . . . E a . . . j & . . . = . . . . u b T & . . . J ~ % y . . q + . . . : . . . . . . . . . . . . u . . . n . . . K . = . . . . E _ x ; q ) . . @ . . . . . . . . . " . . . ? s . . . . } . . . k . . . $ 1 . . . . + \\ . \\ A 1 { 1 . ; n 2 % D ( 1 . . . 6 |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 e9 e7 0e ff 9c dd 6e 41 40 ae d1 a1 6c 4f 36 6f bc e1 34 b6 c5 f6 f4 51 2a 08 8d 31 47 79 4b 69 fc 54 ca 4a a0 ce 28 cd 28 8b 9e b1 b4 5a d9 8c 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 fa 00 e2 00 00 00 5c 00 70 00 06 a7 f3 31 0d 32 96 03 54 c3 db c4 b5 fb 31 1e a1 b1 07 6b 3b 5d f2 74 9d 85 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 525 |
| Entropy: | 5.212796843587302 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { D B 7 8 F 5 A A - 8 A 4 6 - 4 8 A C - 8 0 7 2 - 6 D 5 1 E 0 9 5 E 4 2 1 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 2 7 2 5 C 6 C 4 4 A 4 4 0 8 4 8 0 |
| Data Raw: | 49 44 3d 22 7b 44 42 37 38 46 35 41 41 2d 38 41 34 36 2d 34 38 41 43 2d 38 30 37 32 2d 36 44 35 31 45 30 39 35 45 34 32 31 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.997077137692501 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.3912088754515315 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . u i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 75 9d e0 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeDownload Network PCAP: filtered – full
| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T19:32:48.580774+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.6 | 49698 | 13.107.246.60 | 443 | TCP |
| 2025-03-07T19:32:56.829202+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.6 | 49700 | 13.107.246.60 | 443 | TCP |
| 2025-03-07T19:32:56.874999+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.6 | 49699 | 13.107.246.60 | 443 | TCP |
- Total Packets: 229
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 19:32:30.582293987 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
| Mar 7, 2025 19:32:30.582335949 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
| Mar 7, 2025 19:32:30.582406044 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
| Mar 7, 2025 19:32:30.585167885 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
| Mar 7, 2025 19:32:30.585189104 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
| Mar 7, 2025 19:32:32.654055119 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
| Mar 7, 2025 19:32:32.654200077 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
| Mar 7, 2025 19:32:32.659343004 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
| Mar 7, 2025 19:32:32.659363985 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
| Mar 7, 2025 19:32:32.659631968 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
| Mar 7, 2025 19:32:32.659799099 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
| Mar 7, 2025 19:32:32.660221100 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
| Mar 7, 2025 19:32:32.704339027 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
| Mar 7, 2025 19:32:33.364924908 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
| Mar 7, 2025 19:32:33.365010023 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
| Mar 7, 2025 19:32:33.365041971 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
| Mar 7, 2025 19:32:33.365077019 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
| Mar 7, 2025 19:32:33.371001959 CET | 49695 | 443 | 192.168.2.6 | 104.26.0.139 |
| Mar 7, 2025 19:32:33.371031046 CET | 443 | 49695 | 104.26.0.139 | 192.168.2.6 |
| Mar 7, 2025 19:32:33.393745899 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:33.393794060 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:33.393865108 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:33.394176006 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:33.394192934 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:35.549537897 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:35.549736023 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:35.554924965 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:35.554945946 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:35.555190086 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:35.555247068 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:35.555908918 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:35.600325108 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:36.159265995 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:36.159358978 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:36.159388065 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:36.159406900 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:36.168463945 CET | 49696 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:36.168482065 CET | 443 | 49696 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:36.169502020 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:36.169545889 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:36.169622898 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:36.169883966 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:36.169899940 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:38.664824963 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:38.665016890 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:38.666026115 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:38.666042089 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:38.666397095 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:38.666405916 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:39.188796997 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:39.189102888 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:39.190212011 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:39.190285921 CET | 443 | 49697 | 5.161.200.29 | 192.168.2.6 |
| Mar 7, 2025 19:32:39.190387964 CET | 49697 | 443 | 192.168.2.6 | 5.161.200.29 |
| Mar 7, 2025 19:32:44.741841078 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:44.741899967 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:44.742044926 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:44.742554903 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:44.742571115 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:48.580656052 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:48.580774069 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.582995892 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.583015919 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:48.583292961 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:48.585088968 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:48.628320932 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.197467089 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.197552919 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.197597027 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.197652102 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.197712898 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.197746038 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.197771072 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.275003910 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.275059938 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.275099993 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.275135040 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.275165081 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.275187016 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.321484089 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.321532011 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.321578026 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.321609020 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.321645021 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.321666956 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.368057013 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.368175030 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.368180990 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.368210077 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.368257046 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.368284941 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.411374092 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.411432028 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.411499023 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.411513090 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.411576033 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.459634066 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.459667921 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.459729910 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.459747076 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.459793091 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.459817886 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.499491930 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.499517918 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.499577045 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.499603033 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.499633074 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.499644995 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.535857916 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.535880089 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.535938978 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.535952091 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.535996914 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.536021948 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.556791067 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.556824923 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.556888103 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.556899071 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.556937933 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.556948900 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.575454950 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.575476885 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.575648069 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.575660944 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.575822115 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.597084045 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.597162008 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.597204924 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.597212076 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.597261906 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.597275019 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.622551918 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.622598886 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.622646093 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.622652054 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.622684956 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.622711897 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.648988962 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.649008989 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.649091959 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.649105072 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.649151087 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.663417101 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.663459063 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.663516045 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.663522005 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.663544893 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.663633108 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.676944971 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.676986933 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.677046061 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.677062988 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.677078009 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.677149057 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.696347952 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.696372032 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.696438074 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.696454048 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.696469069 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.696495056 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.732765913 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.732784033 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.732853889 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.732868910 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.732914925 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.762032986 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.762104034 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.762114048 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.762130022 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.762152910 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.762175083 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.792354107 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.792406082 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.792452097 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.792463064 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.792491913 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.792515993 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.830184937 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.830230951 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.830279112 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.830286026 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.830327034 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.830349922 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.832401037 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.832461119 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.832479954 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.832487106 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.832525015 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.832535028 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.834883928 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.834927082 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.834964037 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.834969997 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.835007906 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.835026026 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.836636066 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.836683989 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.836726904 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.836733103 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.836771011 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.836867094 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.841511965 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.841552019 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.841597080 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.841630936 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.841643095 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.841689110 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.865051985 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.865094900 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.865122080 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.865128994 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.865149021 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.865252972 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.887991905 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.888036013 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.888086081 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.888092041 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.888124943 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.888153076 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.903465986 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.903507948 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.903572083 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.903578997 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.903615952 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.903639078 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.915416956 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.915473938 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.915505886 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.915512085 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.915553093 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.919544935 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.919615984 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.919677973 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.919684887 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.919707060 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.919727087 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.926697016 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.926740885 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.926826954 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.926837921 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.926938057 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.936542988 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.936584949 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.936655045 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.936661005 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.936709881 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.951474905 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.951523066 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.951560020 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.951566935 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.951632977 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.968331099 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.968346119 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.968415976 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.968435049 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.968477964 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.986605883 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.986619949 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.986712933 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:49.986743927 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:49.986845970 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.002871990 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.002886057 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.002958059 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.002964973 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.003002882 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.009439945 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.009497881 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.009533882 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.009541035 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.009594917 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.015202999 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.015247107 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.015284061 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.015290022 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.015341997 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.022870064 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.022914886 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.022953033 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.022989035 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.023008108 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.023396015 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.031337023 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.031378984 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.031408072 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.031416893 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.031455994 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.031476974 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.045892000 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.045922041 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.045969009 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.045991898 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.046010017 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.046036959 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.063396931 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.063412905 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.063483953 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.063492060 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.063544989 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.093502045 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.093523026 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.093591928 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.093609095 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.093650103 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.119930029 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.119951010 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.120001078 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.120009899 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.120045900 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.120085001 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.131226063 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.131248951 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.131462097 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.131478071 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.131531000 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.136835098 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.136857986 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.136917114 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.136924982 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.136964083 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.146584034 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.146605968 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.146646976 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.146656990 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.146703005 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.159174919 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.159193993 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.159255981 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.159264088 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.159321070 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.178436995 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.178459883 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.178524971 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.178539991 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.178567886 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.178587914 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.205168962 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.205199003 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.205252886 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.205264091 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.205316067 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.263652086 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.263669968 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.263812065 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.263825893 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.263889074 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.327124119 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.327141047 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.327244997 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.327255011 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.327318907 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.350719929 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.350743055 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.350795984 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.350805044 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.350852966 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.364130020 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.364150047 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.364204884 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.364213943 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.364276886 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.382591963 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.382637978 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.382679939 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.382703066 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.382725000 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.382745981 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.409749985 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.409768105 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.409838915 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.409848928 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.409889936 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.439655066 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.439671040 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.439737082 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.439764977 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.439778090 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.439805031 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.461570024 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.461589098 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.461648941 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.461674929 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.461726904 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.513726950 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.513747931 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.513813972 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.513819933 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.513871908 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.571643114 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.571693897 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.571753979 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.571775913 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.571790934 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.571818113 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.585036039 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.585127115 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.585134029 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.585175991 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.585196972 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.585314989 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.590572119 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.590595007 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.590661049 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.590667963 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.590718031 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.600963116 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.600984097 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.601047993 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.601053953 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.601272106 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.612685919 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.612709045 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.612792969 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.612799883 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.612994909 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.624425888 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.624445915 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.624525070 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.624530077 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.624667883 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.635632038 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.635653973 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.635726929 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.635749102 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.637559891 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.667654991 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.667675972 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.667733908 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.667761087 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.667783976 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.667802095 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.711237907 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.711260080 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.711325884 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.711349010 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.711370945 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.711386919 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.720472097 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.720488071 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.720518112 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.720550060 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.720566988 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.720588923 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.720588923 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.720633030 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.720899105 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.720915079 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:50.720925093 CET | 49698 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:50.720930099 CET | 443 | 49698 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:54.238257885 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:54.238260984 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:54.238320112 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:54.238322020 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:54.238420010 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:54.238684893 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:54.238686085 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:54.238684893 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:54.238708019 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:54.238724947 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:56.828088045 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:56.829201937 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:56.829235077 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:56.830249071 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:56.830255032 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:56.874408007 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:56.874999046 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:56.875030994 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:56.875875950 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:56.875883102 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:57.688445091 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:57.688524008 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:57.688649893 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:57.690026045 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:57.690047026 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:57.690057039 CET | 49700 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:57.690063000 CET | 443 | 49700 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:57.693526983 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:57.693557978 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:57.693629980 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:57.693635941 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:57.693679094 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:57.693830967 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:57.693852901 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
| Mar 7, 2025 19:32:57.693866014 CET | 49699 | 443 | 192.168.2.6 | 13.107.246.60 |
| Mar 7, 2025 19:32:57.693872929 CET | 443 | 49699 | 13.107.246.60 | 192.168.2.6 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 19:32:30.570559978 CET | 56766 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 7, 2025 19:32:30.581379890 CET | 53 | 56766 | 1.1.1.1 | 192.168.2.6 |
| Mar 7, 2025 19:32:33.374598980 CET | 62444 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 7, 2025 19:32:33.387696028 CET | 53 | 62444 | 1.1.1.1 | 192.168.2.6 |
| Mar 7, 2025 19:32:44.695858002 CET | 52254 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 7, 2025 19:32:44.704216957 CET | 53 | 52254 | 1.1.1.1 | 192.168.2.6 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 19:32:30.570559978 CET | 192.168.2.6 | 1.1.1.1 | 0x6911 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 19:32:33.374598980 CET | 192.168.2.6 | 1.1.1.1 | 0xf234 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 19:32:44.695858002 CET | 192.168.2.6 | 1.1.1.1 | 0xfdce | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 19:31:43.427517891 CET | 1.1.1.1 | 192.168.2.6 | 0xa818 | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:31:43.427517891 CET | 1.1.1.1 | 192.168.2.6 | 0xa818 | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:31:43.427517891 CET | 1.1.1.1 | 192.168.2.6 | 0xa818 | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:30.581379890 CET | 1.1.1.1 | 192.168.2.6 | 0x6911 | No error (0) | 104.26.0.139 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:30.581379890 CET | 1.1.1.1 | 192.168.2.6 | 0x6911 | No error (0) | 172.67.68.60 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:30.581379890 CET | 1.1.1.1 | 192.168.2.6 | 0x6911 | No error (0) | 104.26.1.139 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:33.387696028 CET | 1.1.1.1 | 192.168.2.6 | 0xf234 | No error (0) | 5.161.200.29 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:44.704216957 CET | 1.1.1.1 | 192.168.2.6 | 0xfdce | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:44.704216957 CET | 1.1.1.1 | 192.168.2.6 | 0xfdce | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:44.704216957 CET | 1.1.1.1 | 192.168.2.6 | 0xfdce | No error (0) | shed.dual-low.s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:44.704216957 CET | 1.1.1.1 | 192.168.2.6 | 0xfdce | No error (0) | s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:32:44.704216957 CET | 1.1.1.1 | 192.168.2.6 | 0xfdce | No error (0) | 13.107.246.60 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49695 | 104.26.0.139 | 443 | 7148 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:32:32 UTC | 251 | OUT | |
| 2025-03-07 18:32:33 UTC | 1050 | IN | |
| 2025-03-07 18:32:33 UTC | 45 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.6 | 49696 | 5.161.200.29 | 443 | 7148 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:32:35 UTC | 192 | OUT | |
| 2025-03-07 18:32:36 UTC | 397 | IN | |
| 2025-03-07 18:32:36 UTC | 38 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.6 | 49697 | 5.161.200.29 | 443 | 7148 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:32:38 UTC | 188 | OUT | |
| 2025-03-07 18:32:39 UTC | 454 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.6 | 49698 | 13.107.246.60 | 443 | 7148 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:32:48 UTC | 226 | OUT | |
| 2025-03-07 18:32:49 UTC | 493 | IN | |
| 2025-03-07 18:32:49 UTC | 15891 | IN | |
| 2025-03-07 18:32:49 UTC | 16384 | IN | |
| 2025-03-07 18:32:49 UTC | 16384 | IN | |
| 2025-03-07 18:32:49 UTC | 16384 | IN | |
| 2025-03-07 18:32:49 UTC | 16384 | IN | |
| 2025-03-07 18:32:49 UTC | 16384 | IN | |
| 2025-03-07 18:32:49 UTC | 16384 | IN | |
| 2025-03-07 18:32:49 UTC | 16384 | IN | |
| 2025-03-07 18:32:49 UTC | 16384 | IN | |
| 2025-03-07 18:32:49 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.6 | 49700 | 13.107.246.60 | 443 | 7148 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:32:56 UTC | 214 | OUT | |
| 2025-03-07 18:32:57 UTC | 470 | IN | |
| 2025-03-07 18:32:57 UTC | 204 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.6 | 49699 | 13.107.246.60 | 443 | 7148 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:32:56 UTC | 214 | OUT | |
| 2025-03-07 18:32:57 UTC | 515 | IN | |
| 2025-03-07 18:32:57 UTC | 2128 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 13:31:34 |
| Start date: | 07/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xde0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 6 |
| Start time: | 13:32:40 |
| Start date: | 07/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7b41c0000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 9 |
| Start time: | 13:33:02 |
| Start date: | 07/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xde0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly
