Edit tour
Windows
Analysis Report
NEW ORDER (PO. 2100002 (BT-INC).xls
Overview
General Information
| Sample name: | NEW ORDER (PO. 2100002 (BT-INC).xls |
| Analysis ID: | 1632082 |
| MD5: | 9ffa462b92f1fb904ae6705f54fc6129 |
| SHA1: | 6da0f0185cad99e38adcb38bd56b4b94cea8ac44 |
| SHA256: | 4c08c510f53a98dcf73add3754dd23547385940012c7d94d76e59aa1b3a6e76f |
| Tags: | CVE-2017-0199xlsuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 64 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 6188 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
splwow64.exe (PID: 7500 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 7792 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\N EW ORDER ( PO. 210000 2 (BT-INC) .xls" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T19:35:37.178007+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.11 | 49715 | 13.107.246.60 | 443 | TCP |
| 2025-03-07T19:35:54.454499+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.11 | 49718 | 13.107.246.60 | 443 | TCP |
| 2025-03-07T19:35:54.539888+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.11 | 49717 | 13.107.246.60 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | Memory has grown: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD0036084A/\x1Ole' : | ||
| Source: | Stream path 'MBD0036084A/\x1Ole' : | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD00360849/Workbook' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Stream path 'MBD00360849/Workbook' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Extra Window Memory Injection | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 42% | Virustotal | Browse | ||
| 45% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 | ||
| 100% | Avira | W97M/AVI.Agent.drypn |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | W97M/AVI.Agent.drypn |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| link.orai.io | 104.26.0.139 | true | false | high | |
| st3.pro | 5.161.200.29 | true | false | high | |
| s-0005.dual-s-msedge.net | 52.123.128.14 | true | false | high | |
| s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | high | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false |
| unknown | |
| false | high | ||
| false | high | ||
| false | high | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.26.0.139 | link.orai.io | United States | 13335 | CLOUDFLARENETUS | false | |
| 5.161.200.29 | st3.pro | Germany | 24940 | HETZNER-ASDE | false | |
| 13.107.246.60 | s-part-0032.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1632082 |
| Start date and time: | 2025-03-07 19:33:21 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 59s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Without Instrumentation |
| Number of analysed new started processes analysed: | 16 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | NEW ORDER (PO. 2100002 (BT-INC).xls |
| Detection: | MAL |
| Classification: | mal64.winXLS@4/4@3/3 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, WMIADA P.exe, SgrmBroker.exe, conhost .exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 52.109.76.240, 52. 109.68.129, 23.60.203.209, 20. 189.173.23, 52.123.128.14, 40. 126.32.140 - Excluded domains from analysis
(whitelisted): ecs.office.com , self-events-data.trafficmana ger.net, fs.microsoft.com, pro d.configsvc1.live.com.akadns.n et, self.events.data.microsoft .com, osiprod-frc-buff-azsc-00 0.francecentral.cloudapp.azure .com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns .net, eur.roaming1.live.com.ak adns.net, fs-wildcard.microsof t.com.edgekey.net, fs-wildcard .microsoft.com.edgekey.net.glo balredir.akadns.net, roaming.o fficeapps.live.com, neu-azsc-c onfig.officeapps.live.com, dua l-s-0005-office.config.skype.c om, login.live.com, config.off iceapps.live.com, e16604.f.aka maiedge.net, frc-azsc-000.roam ing.officeapps.live.com, offic eclient.microsoft.com, ecs.off ice.trafficmanager.net, prod.f s.microsoft.com.akadns.net, on edscolprdwus16.westus.cloudapp .azure.com, c.pki.goog, europe .configsvc1.live.com.akadns.ne t - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 13:35:28 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.26.0.139 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 5.161.200.29 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 13.107.246.60 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-part-0032.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| link.orai.io | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| st3.pro | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| HETZNER-ASDE | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1129984 |
| Entropy (8bit): | 7.979370711612353 |
| Encrypted: | false |
| SSDEEP: | 24576:z9eCubzzkbYmZ/TOkgwi2vhkEtAbfFUTxbW73EFeZ:RZKw0mNmwvkEtIFU9yoE |
| MD5: | 9FFA462B92F1FB904AE6705F54FC6129 |
| SHA1: | 6DA0F0185CAD99E38ADCB38BD56B4B94CEA8AC44 |
| SHA-256: | 4C08C510F53A98DCF73ADD3754DD23547385940012C7D94D76E59AA1B3A6E76F |
| SHA-512: | F2100C92555841B0499ABC016247126446C99A5D63997884B7EB1AD0376DBD24817D2F5521639810D726DCCFC0A9F89D40354A75DFE464FD0F92F1330AF3FA5F |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.979370711612353 |
| TrID: |
|
| File name: | NEW ORDER (PO. 2100002 (BT-INC).xls |
| File size: | 1'129'984 bytes |
| MD5: | 9ffa462b92f1fb904ae6705f54fc6129 |
| SHA1: | 6da0f0185cad99e38adcb38bd56b4b94cea8ac44 |
| SHA256: | 4c08c510f53a98dcf73add3754dd23547385940012c7d94d76e59aa1b3a6e76f |
| SHA512: | f2100c92555841b0499abc016247126446c99a5d63997884b7eb1ad0376dbd24817d2f5521639810d726dccfc0a9f89d40354a75dfe464fd0f92f1330af3fa5f |
| SSDEEP: | 24576:z9eCubzzkbYmZ/TOkgwi2vhkEtAbfFUTxbW73EFeZ:RZKw0mNmwvkEtIFU9yoE |
| TLSH: | 013523C4FD448F16D180B4B409E1D5AA6719FE18EA08895B3B44378EE038F76CE97F98 |
| File Content Preview: | ........................>...............................................................................................................o.......q.............................................................................................................. |
 | |
| Icon Hash: | 35ed8e920e8c81b5 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-06 07:23:13 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q z y . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 51 f7 7a 79 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 51 f7 17 d2 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . 4 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 51 f7 08 34 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . % . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 51 f7 08 25 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.2820681057018666 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . h . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD00360849/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD00360849/\x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 356 |
| Entropy: | 3.4189844832102483 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P r o f o r m a . . . . . H o j a 2 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . d . . . . . . . . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 00 01 00 00 bc 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 |
General | |
| Stream Path: | MBD00360849/\x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 216 |
| Entropy: | 3.5987730370588222 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t M a c i n t o s h E x c e l . . . @ . . . . | . # . @ . . . . . b h . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a8 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 64 00 00 00 0c 00 00 00 88 00 00 00 0d 00 00 00 94 00 00 00 13 00 00 00 a0 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD00360849/Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 912898 |
| Entropy: | 7.998727408159767 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . . v % . D . T . @ W . M , P . 8 . . K } ' . . P V . 5 . . . . . . . . . . . . \\ . p . T n . W . . / S g < . . u k _ | . L s e N . U N . B Q . ( 3 . M R @ % ` u . . d ^ q , . B 7 1 ? . i . 9 - , . e 8 x ? 1 B . . . " a . . . > . . . = . . . . U . . . . J 4 J 7 C . H . . . > . . . / . k B . . . . O . . . . . . . . . x T . . . n Q . . . q _ = . . . + . . . t . B N k @ . . . y . . . p " . . . . . . . . 3 . . . . . . . 1 . . . \\ . + . F > O ( w ) q . H |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 dd 1b 76 25 06 b2 44 10 54 03 40 a8 57 e1 92 bb 92 4d 2c 97 f5 db e6 dd 50 dc af aa f6 38 f0 05 12 4b 7d 27 00 c0 eb 83 1c 97 50 56 a5 0c 35 09 e1 00 02 00 b0 04 c1 00 02 00 03 da e2 00 00 00 5c 00 70 00 8f f5 d3 f6 e1 54 6e f5 10 57 0c 83 e1 d1 ce de 1d 2f 53 dd 67 eb 3c 89 95 b0 06 2e 75 6b |
General | |
| Stream Path: | MBD0036084A/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 864 |
| Entropy: | 5.4891071500356325 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . | . Z V P . . . . . . . . . . . . f . . . y . . . K . b . . . h . t . t . p . s . : . / . / . l . i . n . k . . . o . r . a . i . . . i . o . / . u . G . u . Z . G . D . ? . & . a . n . n . u . a . l . = . h . a . r . d . & . e . g . g . p . l . a . n . t . = . a . b . i . d . i . n . g . & . p . n . e . u . m . o . n . i . a . . . . t < \\ . . m s R T @ . % . > 3 . Y 3 j T . | 1 X | = v U G ; . j p / ) O . i . | . 9 U - R Q l ) = o . . . . y ^ x I % v c . h . n . z . 5 . $ C " . ] p V ( a @ . 8 . |
| Data Raw: | 01 00 00 02 ad 7c 12 5a e2 56 a9 50 00 00 00 00 00 00 00 00 00 00 00 00 66 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 62 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6c 00 69 00 6e 00 6b 00 2e 00 6f 00 72 00 61 00 69 00 2e 00 69 00 6f 00 2f 00 75 00 47 00 75 00 5a 00 47 00 44 00 3f 00 26 00 61 00 6e 00 6e 00 75 00 61 00 6c 00 3d 00 68 00 61 00 72 00 64 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 191751 |
| Entropy: | 7.997150601507489 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . $ 8 K . 7 . C . { . . m r : M n P Y . . . . . . . = 6 . . . \\ . p . X . . . . W . * i F j . . t - . / w ] P S A ` . . S . ~ _ e X . Y s u 4 . ? r + 4 ~ . Y ' g . a * ~ [ . a t S : 6 a c | | o v . B . . . @ a . . . . | . . . = . . . V . j . . . . 3 f A . U E t _ . . . . . . . . . | . . . . A . . . . D [ . . . x . . . 8 = . . . . @ N n L " . . i b " @ . . . . . . . . " . . . O . . . . . . . . [ . . . . : 1 . . . 5 + . Q t . p / j v . . 1 } . | . 1 . . . |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 24 38 f4 e7 bb 4b 9f 1a 37 14 43 a9 e3 b4 e2 aa 86 9f 7b c5 ba 1f c6 e8 e3 96 cc 6d c7 72 3a bb 4d c1 b2 6e eb 50 eb e4 88 ed 59 ab c6 d3 e6 8c e1 00 02 00 b0 04 c1 00 02 00 3d 36 e2 00 00 00 5c 00 70 00 58 1e ca be de 1a ce a6 57 83 14 2a 69 46 c5 6a 10 c8 85 97 ca 74 fc e9 2d 0e 2f 77 5d 50 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 525 |
| Entropy: | 5.273860607501653 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { 2 7 4 D 1 8 B 5 - 1 A 9 B - 4 8 F D - A 5 2 6 - 9 A 9 3 E 5 D E 5 F C B } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 4 A 4 8 5 D E 9 1 7 E D 1 7 E D 1 |
| Data Raw: | 49 44 3d 22 7b 32 37 34 44 31 38 42 35 2d 31 41 39 42 2d 34 38 46 44 2d 41 35 32 36 2d 39 41 39 33 45 35 44 45 35 46 43 42 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.9918633113426054 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.362061277144529 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . E i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 45 db e0 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeDownload Network PCAP: filtered – full
| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T19:35:37.178007+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.11 | 49715 | 13.107.246.60 | 443 | TCP |
| 2025-03-07T19:35:54.454499+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.11 | 49718 | 13.107.246.60 | 443 | TCP |
| 2025-03-07T19:35:54.539888+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.11 | 49717 | 13.107.246.60 | 443 | TCP |
- Total Packets: 249
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 19:35:20.162580967 CET | 49712 | 443 | 192.168.2.11 | 104.26.0.139 |
| Mar 7, 2025 19:35:20.162626028 CET | 443 | 49712 | 104.26.0.139 | 192.168.2.11 |
| Mar 7, 2025 19:35:20.162707090 CET | 49712 | 443 | 192.168.2.11 | 104.26.0.139 |
| Mar 7, 2025 19:35:20.163016081 CET | 49712 | 443 | 192.168.2.11 | 104.26.0.139 |
| Mar 7, 2025 19:35:20.163031101 CET | 443 | 49712 | 104.26.0.139 | 192.168.2.11 |
| Mar 7, 2025 19:35:22.343590975 CET | 443 | 49712 | 104.26.0.139 | 192.168.2.11 |
| Mar 7, 2025 19:35:22.343658924 CET | 49712 | 443 | 192.168.2.11 | 104.26.0.139 |
| Mar 7, 2025 19:35:22.348316908 CET | 49712 | 443 | 192.168.2.11 | 104.26.0.139 |
| Mar 7, 2025 19:35:22.348330975 CET | 443 | 49712 | 104.26.0.139 | 192.168.2.11 |
| Mar 7, 2025 19:35:22.348555088 CET | 443 | 49712 | 104.26.0.139 | 192.168.2.11 |
| Mar 7, 2025 19:35:22.348599911 CET | 49712 | 443 | 192.168.2.11 | 104.26.0.139 |
| Mar 7, 2025 19:35:22.349062920 CET | 49712 | 443 | 192.168.2.11 | 104.26.0.139 |
| Mar 7, 2025 19:35:22.396316051 CET | 443 | 49712 | 104.26.0.139 | 192.168.2.11 |
| Mar 7, 2025 19:35:23.189979076 CET | 443 | 49712 | 104.26.0.139 | 192.168.2.11 |
| Mar 7, 2025 19:35:23.190126896 CET | 49712 | 443 | 192.168.2.11 | 104.26.0.139 |
| Mar 7, 2025 19:35:23.190149069 CET | 443 | 49712 | 104.26.0.139 | 192.168.2.11 |
| Mar 7, 2025 19:35:23.190210104 CET | 49712 | 443 | 192.168.2.11 | 104.26.0.139 |
| Mar 7, 2025 19:35:23.193846941 CET | 49712 | 443 | 192.168.2.11 | 104.26.0.139 |
| Mar 7, 2025 19:35:23.193876028 CET | 443 | 49712 | 104.26.0.139 | 192.168.2.11 |
| Mar 7, 2025 19:35:23.207815886 CET | 49713 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:23.207863092 CET | 443 | 49713 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:23.207938910 CET | 49713 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:23.208170891 CET | 49713 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:23.208185911 CET | 443 | 49713 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:25.425594091 CET | 443 | 49713 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:25.425683022 CET | 49713 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:25.430795908 CET | 49713 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:25.430804968 CET | 443 | 49713 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:25.431169033 CET | 443 | 49713 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:25.431220055 CET | 49713 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:25.431602955 CET | 49713 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:25.476319075 CET | 443 | 49713 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:26.276232004 CET | 443 | 49713 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:26.276331902 CET | 49713 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:26.276340961 CET | 443 | 49713 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:26.276381969 CET | 49713 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:26.286437988 CET | 49713 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:26.286465883 CET | 443 | 49713 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:26.289513111 CET | 49714 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:26.289547920 CET | 443 | 49714 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:26.289597034 CET | 49714 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:26.289921045 CET | 49714 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:26.289931059 CET | 443 | 49714 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:28.175880909 CET | 443 | 49714 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:28.176009893 CET | 49714 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:28.176492929 CET | 49714 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:28.176501036 CET | 443 | 49714 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:28.176709890 CET | 49714 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:28.176714897 CET | 443 | 49714 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:28.785938978 CET | 443 | 49714 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:28.786000013 CET | 443 | 49714 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:28.786173105 CET | 49714 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:28.786173105 CET | 49714 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:28.786199093 CET | 443 | 49714 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:28.786240101 CET | 49714 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:28.786938906 CET | 49714 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:28.786973953 CET | 49714 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:28.786977053 CET | 443 | 49714 | 5.161.200.29 | 192.168.2.11 |
| Mar 7, 2025 19:35:28.787019968 CET | 49714 | 443 | 192.168.2.11 | 5.161.200.29 |
| Mar 7, 2025 19:35:34.617798090 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:34.617850065 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:34.618120909 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:34.618549109 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:34.618566990 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:37.177918911 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:37.178006887 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:37.179819107 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:37.179848909 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:37.180263996 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:37.181700945 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:37.224325895 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.458996058 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.459060907 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.459105968 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.459134102 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.459177971 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.459197998 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.459232092 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.548671961 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.548721075 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.548738003 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.548796892 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.548815012 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.548861027 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.752130032 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.752193928 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.752221107 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.752275944 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.752291918 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.752343893 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.859419107 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.859477997 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.859503031 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.859513998 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.859555006 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.859577894 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.940793991 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.940829039 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.940860987 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.940907955 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:38.940918922 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:38.940959930 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.041627884 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.041675091 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.041707039 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.041747093 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.041765928 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.041796923 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.100929976 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.100969076 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.101013899 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.101052046 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.101072073 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.101095915 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.211958885 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.211997032 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.212060928 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.212090969 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.212109089 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.212131977 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.340832949 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.340863943 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.340960026 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.340960979 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.340996027 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.341238976 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.424868107 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.424902916 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.424959898 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.424983978 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.425010920 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.425066948 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.526087999 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.526125908 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.526207924 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.526230097 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.526252031 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.526402950 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.654313087 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.654378891 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.654490948 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.654490948 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.654520035 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.660974979 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.741074085 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.741134882 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.741166115 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.741178036 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.741200924 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.741333008 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.888463974 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.888518095 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.888559103 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.888581038 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:39.888607025 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:39.888917923 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.020752907 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.020806074 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.020941973 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.020941973 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.020975113 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.023817062 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.109097958 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.109169006 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.109236956 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.109271049 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.109288931 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.109633923 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.188481092 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.188534975 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.188618898 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.188690901 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.188740015 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.189065933 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.293814898 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.293869019 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.294064045 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.294064045 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.294137955 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.294229984 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.426024914 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.426090002 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.426251888 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.426253080 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.426327944 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.426383972 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.573221922 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.573256969 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.573307037 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.573333979 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.573359013 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.573374987 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.681082964 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.681119919 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.681184053 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.681205988 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.681226015 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.681382895 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.783910990 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.783960104 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.784037113 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.784070015 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.784089088 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.784116983 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.917149067 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.917182922 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.917236090 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.917263985 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:40.917294025 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:40.917316914 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.035213947 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.035279989 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.035346031 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.035372972 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.035394907 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.035418987 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.132415056 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.132466078 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.132626057 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.132654905 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.132707119 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.248687029 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.248745918 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.248776913 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.248804092 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.248821974 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.248842955 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.390794992 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.390852928 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.390919924 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.390995026 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.391032934 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.391305923 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.543108940 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.543149948 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.543255091 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.543275118 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.543507099 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.624345064 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.624402046 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.624517918 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.624567986 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.624594927 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.624628067 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.748395920 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.748451948 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.748503923 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.748532057 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.748560905 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.748581886 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.846621037 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.846698046 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.846848011 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.846848011 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.846920013 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.847047091 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.965022087 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.965070963 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.965229988 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.965229988 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:41.965276957 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:41.965606928 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.083283901 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.083352089 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.083548069 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.083548069 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.083620071 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.087116003 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.207005024 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.207065105 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.207140923 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.207212925 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.207251072 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.207330942 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.334358931 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.334422112 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.334542036 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.334575891 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.334624052 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.334762096 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.486030102 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.486098051 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.486205101 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.486275911 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.486315012 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.486352921 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.661385059 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.661451101 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.661478996 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.661516905 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.661545038 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.661545038 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.661597967 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.707632065 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.707684040 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.707719088 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.707767010 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.707794905 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.707815886 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.799917936 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.799969912 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.800159931 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.800190926 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.800250053 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.919795036 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.919850111 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.919887066 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.919907093 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:42.919939041 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:42.919960022 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.047970057 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.048018932 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.048103094 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.048135996 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.048160076 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.048180103 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.197165966 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.197220087 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.197256088 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.197298050 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.197326899 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.197348118 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.331846952 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.331898928 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.331942081 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.331999063 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.332035065 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.332058907 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.456695080 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.456748009 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.456933022 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.456978083 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.457127094 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.552217007 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.552273989 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.552469015 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.552500010 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.552683115 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.726419926 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.726469994 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.726521969 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.726572990 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.726598024 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.726761103 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.780631065 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.780683041 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.780797005 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.780797005 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.780818939 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.783413887 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.857407093 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.857458115 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.857533932 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.857568026 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.857593060 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.857755899 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.967833042 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.967883110 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.967936993 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.967978001 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:43.968005896 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:43.971577883 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.070893049 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.070955992 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.071064949 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.071104050 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.071264029 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.221075058 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.221132994 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.221219063 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.221266985 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.221297026 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.221437931 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.353990078 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.354048014 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.354147911 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.354192019 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.354221106 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.354242086 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.462212086 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.462259054 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.462460041 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.462495089 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.462555885 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.582768917 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.582787037 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.582979918 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.583008051 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.583069086 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.684860945 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.684879065 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.684937000 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.684969902 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.684997082 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.685017109 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.803695917 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.803714991 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.803817987 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.803838015 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.803894997 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.929063082 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.929080963 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.929210901 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:44.929240942 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:44.929291964 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.033652067 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.033673048 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.033763885 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.033782959 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.033833981 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.172219038 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.172243118 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.172372103 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.172410965 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.172471046 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.335756063 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.335777998 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.335854053 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.335890055 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.335949898 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.392524958 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.392544985 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.392611027 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.392628908 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.392688990 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.521927118 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.521950006 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.522048950 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.522119045 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.522231102 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.632215977 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.632234097 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.632455111 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.632500887 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.632725000 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.837127924 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.837148905 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.837239027 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.837287903 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.837317944 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.837352037 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.943525076 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.943547010 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.943660975 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:45.943687916 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:45.945086956 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:46.025238991 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:46.025306940 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:46.025341034 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:46.025361061 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:46.025391102 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:46.025860071 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:46.107952118 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:46.107988119 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:46.108031034 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:46.108059883 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:46.108086109 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:46.108108997 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:46.236985922 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:46.237023115 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:46.237097025 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:46.237169027 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:46.237215042 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:46.239193916 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:46.240807056 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:46.240902901 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:46.240962029 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:46.241002083 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:46.241024017 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:46.241036892 CET | 49715 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:46.241044044 CET | 443 | 49715 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:51.937679052 CET | 49717 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:51.937742949 CET | 443 | 49717 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:51.937901020 CET | 49717 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:51.938075066 CET | 49717 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:51.938086033 CET | 443 | 49717 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:51.938426971 CET | 49718 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:51.938488960 CET | 443 | 49718 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:51.939460993 CET | 49718 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:51.939634085 CET | 49718 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:51.939649105 CET | 443 | 49718 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:54.453819990 CET | 443 | 49718 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:54.454499006 CET | 49718 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:54.454525948 CET | 443 | 49718 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:54.455403090 CET | 49718 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:54.455406904 CET | 443 | 49718 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:54.539194107 CET | 443 | 49717 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:54.539887905 CET | 49717 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:54.539916039 CET | 443 | 49717 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:54.540734053 CET | 49717 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:54.540752888 CET | 443 | 49717 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:55.268963099 CET | 443 | 49718 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:55.280255079 CET | 443 | 49718 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:55.280322075 CET | 49718 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:55.280376911 CET | 49718 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:55.280394077 CET | 443 | 49718 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:55.280402899 CET | 49718 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:55.280410051 CET | 443 | 49718 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:55.478938103 CET | 443 | 49717 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:55.478981972 CET | 443 | 49717 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:55.479038000 CET | 49717 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:55.479055882 CET | 443 | 49717 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:55.479077101 CET | 443 | 49717 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:55.479125977 CET | 49717 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:55.479386091 CET | 49717 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:55.479403019 CET | 443 | 49717 | 13.107.246.60 | 192.168.2.11 |
| Mar 7, 2025 19:35:55.479412079 CET | 49717 | 443 | 192.168.2.11 | 13.107.246.60 |
| Mar 7, 2025 19:35:55.479418039 CET | 443 | 49717 | 13.107.246.60 | 192.168.2.11 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 19:35:20.049371004 CET | 57418 | 53 | 192.168.2.11 | 1.1.1.1 |
| Mar 7, 2025 19:35:20.060404062 CET | 53 | 57418 | 1.1.1.1 | 192.168.2.11 |
| Mar 7, 2025 19:35:23.195703983 CET | 58506 | 53 | 192.168.2.11 | 1.1.1.1 |
| Mar 7, 2025 19:35:23.206913948 CET | 53 | 58506 | 1.1.1.1 | 192.168.2.11 |
| Mar 7, 2025 19:35:34.609061956 CET | 61963 | 53 | 192.168.2.11 | 1.1.1.1 |
| Mar 7, 2025 19:35:34.616868973 CET | 53 | 61963 | 1.1.1.1 | 192.168.2.11 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 19:35:20.049371004 CET | 192.168.2.11 | 1.1.1.1 | 0x1adf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 19:35:23.195703983 CET | 192.168.2.11 | 1.1.1.1 | 0x2738 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 19:35:34.609061956 CET | 192.168.2.11 | 1.1.1.1 | 0x8e83 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 19:34:32.737284899 CET | 1.1.1.1 | 192.168.2.11 | 0x9b7f | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:34:32.737284899 CET | 1.1.1.1 | 192.168.2.11 | 0x9b7f | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:34:32.737284899 CET | 1.1.1.1 | 192.168.2.11 | 0x9b7f | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:35:20.060404062 CET | 1.1.1.1 | 192.168.2.11 | 0x1adf | No error (0) | 104.26.0.139 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:35:20.060404062 CET | 1.1.1.1 | 192.168.2.11 | 0x1adf | No error (0) | 104.26.1.139 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:35:20.060404062 CET | 1.1.1.1 | 192.168.2.11 | 0x1adf | No error (0) | 172.67.68.60 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:35:23.206913948 CET | 1.1.1.1 | 192.168.2.11 | 0x2738 | No error (0) | 5.161.200.29 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 19:35:34.616868973 CET | 1.1.1.1 | 192.168.2.11 | 0x8e83 | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:35:34.616868973 CET | 1.1.1.1 | 192.168.2.11 | 0x8e83 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:35:34.616868973 CET | 1.1.1.1 | 192.168.2.11 | 0x8e83 | No error (0) | shed.dual-low.s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:35:34.616868973 CET | 1.1.1.1 | 192.168.2.11 | 0x8e83 | No error (0) | s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 19:35:34.616868973 CET | 1.1.1.1 | 192.168.2.11 | 0x8e83 | No error (0) | 13.107.246.60 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.11 | 49712 | 104.26.0.139 | 443 | 6188 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:35:22 UTC | 236 | OUT | |
| 2025-03-07 18:35:23 UTC | 1040 | IN | |
| 2025-03-07 18:35:23 UTC | 45 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.11 | 49713 | 5.161.200.29 | 443 | 6188 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:35:25 UTC | 192 | OUT | |
| 2025-03-07 18:35:26 UTC | 397 | IN | |
| 2025-03-07 18:35:26 UTC | 38 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.11 | 49714 | 5.161.200.29 | 443 | 6188 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:35:28 UTC | 188 | OUT | |
| 2025-03-07 18:35:28 UTC | 454 | IN | |
| 2025-03-07 18:35:28 UTC | 2372 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.11 | 49715 | 13.107.246.60 | 443 | 6188 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:35:37 UTC | 226 | OUT | |
| 2025-03-07 18:35:38 UTC | 493 | IN | |
| 2025-03-07 18:35:38 UTC | 15891 | IN | |
| 2025-03-07 18:35:38 UTC | 16384 | IN | |
| 2025-03-07 18:35:38 UTC | 16384 | IN | |
| 2025-03-07 18:35:38 UTC | 16384 | IN | |
| 2025-03-07 18:35:38 UTC | 16384 | IN | |
| 2025-03-07 18:35:39 UTC | 16384 | IN | |
| 2025-03-07 18:35:39 UTC | 16384 | IN | |
| 2025-03-07 18:35:39 UTC | 16384 | IN | |
| 2025-03-07 18:35:39 UTC | 16384 | IN | |
| 2025-03-07 18:35:39 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.11 | 49718 | 13.107.246.60 | 443 | 6188 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:35:54 UTC | 214 | OUT | |
| 2025-03-07 18:35:55 UTC | 491 | IN | |
| 2025-03-07 18:35:55 UTC | 204 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.11 | 49717 | 13.107.246.60 | 443 | 6188 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 18:35:54 UTC | 214 | OUT | |
| 2025-03-07 18:35:55 UTC | 515 | IN | |
| 2025-03-07 18:35:55 UTC | 2128 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 13:34:25 |
| Start date: | 07/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8b0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 10 |
| Start time: | 13:35:28 |
| Start date: | 07/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7efdb0000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 14 |
| Start time: | 13:35:45 |
| Start date: | 07/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8b0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
⊘No disassembly
