Edit tour
Windows
Analysis Report
PURCHASE ORDER 5172025.xla.xlsx
Overview
General Information
| Sample name: | PURCHASE ORDER 5172025.xla.xlsx |
| Analysis ID: | 1648272 |
| MD5: | 42ad657229b182e1e3d922663fcd6fb5 |
| SHA1: | 512fd99e3b8aa2625e9fb3ac2dd4a6e7c2fff996 |
| SHA256: | fccb42f6351784b5530b26c97ef1d2011637ca62273324ff22d9e35657741dc7 |
| Tags: | xlaxlsxuser-abuse_ch |
| Infos: |  |
 | |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Classification
- System is w10x64
EXCEL.EXE (PID: 6856 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
splwow64.exe (PID: 916 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 1920 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\P URCHASE OR DER 517202 5.xla.xlsx " MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
⊘No yara matches
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-25T17:57:53.261037+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49700 | 13.107.246.72 | 443 | TCP |
| 2025-03-25T17:58:07.172894+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49702 | 13.107.246.72 | 443 | TCP |
| 2025-03-25T17:58:08.727648+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49703 | 13.107.246.72 | 443 | TCP |
| 2025-03-25T17:58:08.730797+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49704 | 13.107.246.72 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path 'MBD009B3F21/\x1Ole' : | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Stream path 'MBD009B3F20/Package' entropy: | ||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 31% | Virustotal | Browse | ||
| 31% | ReversingLabs | Win32.Exploit.CVE-2017-0199 |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
| host1.emobility.energy | 162.19.137.157 | true | false | high | |
| s-part-0044.t-0009.t-msedge.net | 13.107.246.72 | true | false | high | |
| s-0005.dual-s-msedge.net | 52.123.129.14 | true | false | high | |
| otelrules.svc.static.microsoft | unknown | unknown | false | high | |
| t.emobility.energy | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 13.107.246.72 | s-part-0044.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 162.19.137.157 | host1.emobility.energy | United States | 209 | CENTURYLINK-US-LEGACY-QWESTUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1648272 |
| Start date and time: | 2025-03-25 17:55:32 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 10s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Without Instrumentation |
| Number of analysed new started processes analysed: | 16 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | PURCHASE ORDER 5172025.xla.xlsx |
| Detection: | MAL |
| Classification: | mal48.winXLSX@4/4@2/2 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, SIHCli ent.exe, SgrmBroker.exe, conho st.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 52.109.20.38, 52.1 09.6.63, 184.31.69.3, 199.232. 214.172, 20.189.173.1, 20.189. 173.10, 52.123.129.14, 52.149. 20.212, 20.190.144.162 - Excluded domains from analysis
(whitelisted): onedscolprdwus 00.westus.cloudapp.azure.com, slscr.update.microsoft.com, sc us-azsc-config.officeapps.live .com, eus2-azsc-000.roaming.of ficeapps.live.com, fs-wildcard .microsoft.com.edgekey.net, fs -wildcard.microsoft.com.edgeke y.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, os iprod-eus2-buff-azsc-000.eastu s2.cloudapp.azure.com, mobile. events.data.microsoft.com, roa ming.officeapps.live.com, dual -s-0005-office.config.skype.co m, login.live.com, officeclien t.microsoft.com, prod.fs.micro soft.com.akadns.net, c.pki.goo g, wu-b-net.trafficmanager.net , ecs.office.com, self-events- data.trafficmanager.net, fs.mi crosoft.com, ctldl.windowsupda te.com.delivery.microsoft.com, prod.configsvc1.live.com.akad ns.net, self.events.data.micro soft.com, ctldl.windowsupdate. com, prod.roaming1.live.com.ak adns.net, fe3cr.delivery.mp.mi crosoft.com, us1.roaming1.live .com.akadns.net, config.office apps.live.com, us.configsvc1.l ive.com.akadns.net, onedscolpr dwus09.westus.cloudapp.azure.c om, - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 12:57:47 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 13.107.246.72 | Get hash | malicious | HTMLPhisher | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | XRed | Browse | |||
| Get hash | malicious | Quasar | Browse | |||
| 162.19.137.157 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AnarchyGrabber, AsyncRAT, DBatLoader, Discord Token Stealer, FritzFrog, HawkEye, Lokibot | Browse |
| ||
| host1.emobility.energy | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| s-part-0044.t-0009.t-msedge.net | Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AnarchyGrabber, AsyncRAT, DBatLoader, Discord Token Stealer, FritzFrog, HawkEye, Lokibot | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CENTURYLINK-US-LEGACY-QWESTUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Gafgyt, Okiru | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Gafgyt, Okiru | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | DarkVision Rat | Browse |
|
⊘No context
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 784 |
| Entropy (8bit): | 2.7137690747287806 |
| Encrypted: | false |
| SSDEEP: | 24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV |
| MD5: | 09F73B3902CD3D88E04312787956B654 |
| SHA1: | A6C275F1A65DB02D8A752C614C27E88326447C41 |
| SHA-256: | 72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26 |
| SHA-512: | 6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.7769794087092887 |
| Encrypted: | false |
| SSDEEP: | 3:iXKG/4N+RMlW8td:iXlMlW8/ |
| MD5: | 37BD8218D560948827D3B948CAFA579C |
| SHA1: | 24347FB0A66F2DA8AD3BAB818E3C24977104E5DA |
| SHA-256: | 189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6 |
| SHA-512: | A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.986081681596128 |
| TrID: |
|
| File name: | PURCHASE ORDER 5172025.xla.xlsx |
| File size: | 1'454'592 bytes |
| MD5: | 42ad657229b182e1e3d922663fcd6fb5 |
| SHA1: | 512fd99e3b8aa2625e9fb3ac2dd4a6e7c2fff996 |
| SHA256: | fccb42f6351784b5530b26c97ef1d2011637ca62273324ff22d9e35657741dc7 |
| SHA512: | f3d481f9acc3e5c6ca99245addc7f2d97eef3c7984536daf239220b8dd892215b220811613f8f9440f18b2e38f5afc8f2679b567fba2524bd9b1c4e558d72762 |
| SSDEEP: | 24576:OVxQ0LlWyd9Wq+ku+k0mkHeongDxUmPAeUKRq+RO5u8MP28QydFq6T/lokScRe:OVW080QfkuMrHWxbAZKRq+RZ8A28Qg/B |
| TLSH: | B8652341FC15BB4AD9D92436A6F2F82A0354DDD2BA14C5237356B32F72BBBB06183724 |
| File Content Preview: | ........................>.......................................................................................................................................}.............................................................................................. |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16 00:00:00 |
| Last Saved Time: | 2025-03-25 07:09:34 |
| Creating Application: | |
| Security: | 1 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | False |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e8 fc 93 36 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I - . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e8 fc 49 2d 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e8 fc 15 02 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . f . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e8 fc 66 f5 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.2503503175049815 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . T . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD009B3F20/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD009B3F20/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 1295689 |
| Entropy: | 7.996701301127075 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . w 1 . . . . j . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 77 31 d5 0e e3 01 00 00 6a 08 00 00 13 00 cd 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c9 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD009B3F21/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 788 |
| Entropy: | 5.291239637953238 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . d . ] . . . . . . . . . . . . . . . . . y . . . K . . . . . h . t . t . p . s . : . / . / . t . . . e . m . o . b . i . l . i . t . y . . . e . n . e . r . g . y . / . x . R . f . B . G . K . ? . & . d . e . s . i . g . n . e . r . = . g . l . o . s . s . y . . . . u . f . { i P . F L c # # . I + . . " . K ~ Q $ X . 3 . " ` T , . l j D < / | . 9 . . / B { m h . w n I . | y ; _ l o s 0 # . 5 K 8 @ G { u z . ? ; o F . D W / . u . . . . . . . . . . . . . . . . . . . . . T . H . 9 . 2 . J . Z . O . |
| Data Raw: | 01 00 00 02 1b 9b 05 64 00 5d 8e 13 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 04 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 74 00 2e 00 65 00 6d 00 6f 00 62 00 69 00 6c 00 69 00 74 00 79 00 2e 00 65 00 6e 00 65 00 72 00 67 00 79 00 2f 00 78 00 52 00 66 00 42 00 47 00 4b 00 3f 00 26 00 64 00 65 00 73 00 69 00 67 00 |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 133075 |
| Entropy: | 7.994877466987564 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . u S q . + B # h | b d . . e . ] . U < ; . j ^ j U P ! ' D . . . . . . . . . . { d . . . \\ . p . j . Q t ] $ [ . , . . / ] 3 . I 3 . . 2 . . , o . . + . t ! . ) } E . . . Z . * | # o I P . . V y . y & w 2 . t . B . . . a . . . H . . . = . . . M . . . . . | N . @ B | Z . . . N . . . . k . . . . k . . . . . . . . ^ + . . . = . . . ; . . . i & . 8 e 7 Y @ . . . . . . . 2 " . . . b ` . . . . . . . . . . . . H 1 . . . L . P . ) L a ? H . * i L N . 1 . . . H 2 |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 fc eb df 75 53 e7 71 1d 2b fb 42 23 68 7c 62 64 c1 ce 83 dd b2 65 1d ba 5d 17 c8 55 3c b4 3b 8b db 88 ec 6a b5 5e 6a 55 c4 50 f3 21 27 ac 44 9a 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 7b 64 e2 00 00 00 5c 00 70 00 9e 6a 7f 51 74 5d 24 5b e0 ed 02 bb 8e a2 84 2c 93 bf d6 83 ed ce 0c 2f 5d 33 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 527 |
| Entropy: | 5.205840445289228 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { 4 7 6 4 C 5 0 8 - 1 3 C 1 - 4 3 F B - B 9 8 5 - 6 4 9 3 3 0 3 1 E 4 2 6 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 7 9 7 B F 7 0 D F B 0 D F B 0 D F |
| Data Raw: | 49 44 3d 22 7b 34 37 36 34 43 35 30 38 2d 31 33 43 31 2d 34 33 46 42 2d 42 39 38 35 2d 36 34 39 33 33 30 33 31 45 34 32 36 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.9822715768237 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.3606301584537785 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E . |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 f5 e3 f9 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeDownload Network PCAP: filtered – full
| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-25T17:57:53.261037+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49700 | 13.107.246.72 | 443 | TCP |
| 2025-03-25T17:58:07.172894+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49702 | 13.107.246.72 | 443 | TCP |
| 2025-03-25T17:58:08.727648+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49703 | 13.107.246.72 | 443 | TCP |
| 2025-03-25T17:58:08.730797+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49704 | 13.107.246.72 | 443 | TCP |
- Total Packets: 426
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 25, 2025 17:57:38.834264040 CET | 49697 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:38.834309101 CET | 443 | 49697 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:38.834374905 CET | 49697 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:38.834676981 CET | 49697 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:38.834686995 CET | 443 | 49697 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:39.465925932 CET | 443 | 49697 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:39.466064930 CET | 49697 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:39.470828056 CET | 49697 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:39.470839024 CET | 443 | 49697 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:39.471122980 CET | 443 | 49697 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:39.471185923 CET | 49697 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:39.471606016 CET | 49697 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:39.516273022 CET | 443 | 49697 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:39.861233950 CET | 443 | 49697 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:39.861315012 CET | 443 | 49697 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:39.861397982 CET | 49697 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:39.862185001 CET | 49697 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:39.872947931 CET | 49697 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:39.872962952 CET | 443 | 49697 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:39.874030113 CET | 49698 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:39.874079943 CET | 443 | 49698 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:39.874167919 CET | 49698 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:39.874349117 CET | 49698 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:39.874358892 CET | 443 | 49698 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:40.254108906 CET | 443 | 49698 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:40.254302025 CET | 49698 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:40.254770994 CET | 49698 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:40.254781961 CET | 443 | 49698 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:40.255004883 CET | 49698 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:40.255012035 CET | 443 | 49698 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:40.628119946 CET | 443 | 49698 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:40.628149033 CET | 443 | 49698 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:40.628212929 CET | 443 | 49698 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:40.628249884 CET | 49698 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:40.628326893 CET | 49698 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:40.664932966 CET | 49698 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:40.664933920 CET | 49698 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:40.664966106 CET | 443 | 49698 | 162.19.137.157 | 192.168.2.7 |
| Mar 25, 2025 17:57:40.665021896 CET | 49698 | 443 | 192.168.2.7 | 162.19.137.157 |
| Mar 25, 2025 17:57:52.946830988 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:52.946866989 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:52.946996927 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:52.947386980 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:52.947402000 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.260951996 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.261037111 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.296632051 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.296715975 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.297079086 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.309930086 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.356276035 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.554881096 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.554910898 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.554927111 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.554972887 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.554990053 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.555027008 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.555049896 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.586432934 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.586468935 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.586515903 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.586524010 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.586576939 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.761729002 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.761758089 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.761807919 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.761821032 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.761832952 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.761851072 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.761879921 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.761893034 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.761910915 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.761919975 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.761936903 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.761986017 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.889419079 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.889442921 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.889489889 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.889523983 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.889533997 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.889556885 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.889569998 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.889605999 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.896760941 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.896776915 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.896835089 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.896842957 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.937551975 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.981905937 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.981944084 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.981983900 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.981993914 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:53.982033968 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:53.982059002 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.073327065 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.073352098 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.073416948 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.073450089 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.073599100 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.224675894 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.224709988 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.224769115 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.224786997 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.224816084 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.224832058 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.308384895 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.308429003 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.308476925 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.308492899 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.308522940 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.308541059 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.375838041 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.375861883 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.375931025 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.375947952 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.376004934 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.478549004 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.478584051 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.478635073 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.478650093 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.478682995 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.478703976 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.605680943 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.605710983 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.605767965 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.605784893 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.605814934 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.605835915 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.764867067 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.764899015 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.764939070 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.764955044 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.764982939 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.765036106 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.843729973 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.843760967 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.843854904 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.843873978 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.843976021 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.981388092 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.981420994 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.981496096 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.981515884 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:54.981553078 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:54.981571913 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:55.174479961 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:55.174508095 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:55.174587965 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:55.174603939 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:55.174654007 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:55.330840111 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:55.330874920 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:55.330925941 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:55.330943108 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:55.330985069 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:55.490629911 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:55.490650892 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:55.490724087 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:55.490739107 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:55.490755081 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:55.490777016 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:55.758323908 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:55.758358002 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:55.758538008 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:55.758557081 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:55.758605003 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.018584013 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.018599987 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.018619061 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.018667936 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.018687010 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.018717051 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.018744946 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.262073040 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.262089968 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.262137890 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.262140989 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.262171030 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.262177944 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.262201071 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.262238026 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.422815084 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.422842979 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.422915936 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.422935009 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.422962904 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.422981977 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.602345943 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.602411032 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.602442980 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.602461100 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.602490902 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.602503061 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.831667900 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.831684113 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.831728935 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.831753016 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.831772089 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:56.831799984 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:56.831815004 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.028420925 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.028450012 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.028523922 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.028539896 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.028568029 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.028578043 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.225462914 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.225498915 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.225552082 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.225570917 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.225593090 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.225614071 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.414421082 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.414490938 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.414515018 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.414534092 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.414578915 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.414598942 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.548121929 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.548177958 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.548209906 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.548229933 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.548278093 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.548278093 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.724576950 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.724602938 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.724687099 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.724709034 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.724980116 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.848088980 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.848119974 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.848167896 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.848186970 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:57.848202944 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:57.848407030 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.054604053 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.054647923 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.054696083 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.054719925 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.054800987 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.054811954 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.054991961 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.151784897 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.151810884 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.151896000 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.151916027 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.152065992 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.347734928 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.347760916 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.347826004 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.347848892 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.347999096 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.636370897 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.636414051 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.636460066 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.636464119 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.636485100 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.636501074 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.636512041 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.636540890 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.749511003 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.749577045 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.749619961 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.749649048 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.749666929 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.749900103 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.947237968 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.947307110 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.947333097 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.947360992 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:58.947380066 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:58.947396994 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.117692947 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.117758989 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.117782116 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.117813110 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.117830992 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.117985010 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.268513918 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.268543005 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.268615961 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.268646955 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.270035982 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.405522108 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.405586004 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.405610085 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.405647039 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.405648947 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.405782938 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.542107105 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.542138100 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.542223930 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.542248011 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.542387009 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.684313059 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.684387922 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.684417963 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.684447050 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.684463978 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.684731960 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.781447887 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.781544924 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.781570911 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.781601906 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.781621933 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.781649113 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.938245058 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.938314915 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.938353062 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.938388109 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:57:59.938405991 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:57:59.938443899 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.093965054 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.094046116 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.094072104 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.094103098 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.094119072 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.094161987 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.265974998 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.266037941 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.266160011 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.266160011 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.266196012 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.266262054 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.406639099 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.406666040 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.406864882 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.406897068 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.406960964 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.550035954 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.550102949 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.550138950 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.550169945 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.550190926 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.550204992 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.659342051 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.659400940 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.659437895 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.659470081 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.659488916 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.659509897 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.794169903 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.794231892 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.794265032 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.794301987 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.794318914 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.794410944 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.908041954 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.908111095 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.908154011 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.908186913 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:00.908204079 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:00.908427000 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.022716045 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.022785902 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.022841930 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.022875071 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.022891998 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.022929907 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.121027946 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.121108055 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.121246099 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.121246099 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.121277094 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.121445894 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.278815985 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.278889894 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.278933048 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.278965950 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.278985023 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.279113054 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.376422882 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.376446962 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.376631975 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.376661062 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.376879930 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.653707027 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.653726101 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.653764963 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.653810978 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.653845072 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.653862953 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.653939009 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.705236912 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.705307007 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.705360889 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.705390930 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.705411911 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.705786943 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.887623072 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.887701035 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.887794018 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.887806892 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:01.887842894 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:01.887854099 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:02.152292013 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.152332067 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.152381897 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.152398109 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:02.152452946 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:02.152461052 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.154417038 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:02.263370037 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.263441086 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.263461113 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:02.263478994 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.263521910 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:02.263521910 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:02.506078959 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.506119967 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.506169081 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.506208897 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:02.506222963 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.506269932 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:02.758980036 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.759018898 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.759063959 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:02.759066105 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.759125948 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:02.759135008 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:02.759171963 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.019463062 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.019481897 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.019520044 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.019555092 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.019588947 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.019603968 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.019643068 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.317698956 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.317714930 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.317740917 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.317799091 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.317826986 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.317861080 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.317883968 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.504478931 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.504503012 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.504573107 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.504586935 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.504602909 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.504625082 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.651427984 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.651520014 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.651545048 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.651581049 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.651602983 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.651741028 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.651750088 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.651772976 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.651959896 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.653557062 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.653574944 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:03.653582096 CET | 49700 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:03.653595924 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:06.869334936 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:06.869385958 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:06.869652033 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:06.870011091 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:06.870026112 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.172666073 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.172894001 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.186410904 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.186429977 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.186775923 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.222436905 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.264276028 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.573790073 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.573822975 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.573859930 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.573879004 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.573921919 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.573921919 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.573940992 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.573959112 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.573981047 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.574021101 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.574048042 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.608383894 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.608413935 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.608555079 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.608570099 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.608639956 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.709671974 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.709706068 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.709780931 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.709796906 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.709815025 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.709952116 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.906301975 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.906337976 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.906374931 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.906399012 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.906440973 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.906461954 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.979490995 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.979521036 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.979598045 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.979613066 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:07.979646921 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:07.980369091 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.172935009 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.173010111 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.173086882 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.173086882 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.173106909 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.173181057 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.340399027 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.340431929 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.340512991 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.340512991 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.340532064 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.340603113 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.421678066 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.421716928 CET | 443 | 49703 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.421775103 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.421845913 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.421907902 CET | 443 | 49704 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.421964884 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.422347069 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.422358036 CET | 443 | 49703 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.422458887 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.422472000 CET | 443 | 49704 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.504662037 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.504692078 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.504942894 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.504942894 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.504961967 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.505023003 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.674824953 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.674851894 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.674906969 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.674923897 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.674945116 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.675180912 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.727142096 CET | 443 | 49703 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.727648020 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.727689028 CET | 443 | 49703 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.728514910 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.728521109 CET | 443 | 49703 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.729727030 CET | 443 | 49704 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.730797052 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.730818033 CET | 443 | 49704 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.731719971 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.731729031 CET | 443 | 49704 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.819139004 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.819164991 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.819364071 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.819364071 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.819377899 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.822530031 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.927440882 CET | 443 | 49703 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.927675962 CET | 443 | 49703 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.930018902 CET | 443 | 49704 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.930041075 CET | 443 | 49704 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.930103064 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.930129051 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.930169106 CET | 443 | 49704 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.930471897 CET | 443 | 49704 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.930695057 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.960638046 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.960659981 CET | 443 | 49703 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.960666895 CET | 49703 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.960673094 CET | 443 | 49703 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.962251902 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.962285042 CET | 443 | 49704 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.962297916 CET | 49704 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.962304115 CET | 443 | 49704 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.974735022 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.974766016 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.975045919 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.975045919 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:08.975063086 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:08.975123882 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.108917952 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.108942986 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.109122038 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.109137058 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.109270096 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.220015049 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.220037937 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.220104933 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.220125914 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.220165014 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.220165014 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.345207930 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.345235109 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.345618963 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.345618963 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.345633030 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.346384048 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.445961952 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.445986032 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.446099043 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.446114063 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.446209908 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.634697914 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.634723902 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.634968042 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.634968042 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.634983063 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.635037899 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.708710909 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.708731890 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.708828926 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.708842993 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.710515976 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.880824089 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.880851984 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.880981922 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:09.880997896 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:09.881100893 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:10.137597084 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:10.137626886 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:10.138461113 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:10.138461113 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:10.138475895 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:10.142463923 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:10.235728025 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:10.235752106 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:10.235836983 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:10.235865116 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:10.236274958 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:10.236274958 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:10.459605932 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:10.459645987 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:10.459714890 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:10.459731102 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:10.459779978 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:10.459779978 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:10.702270031 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:10.702296019 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:10.702475071 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:10.702493906 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:10.702568054 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.064970016 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.064985991 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.065023899 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.065119028 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.065136909 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.065170050 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.065749884 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.248172045 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.248203039 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.248250008 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.248264074 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.248301983 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.248325109 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.468863964 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.468878984 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.468915939 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.468974113 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.468990088 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.469002008 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.469038963 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.663711071 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.663743019 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.663845062 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.663858891 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.663913012 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.881609917 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.881625891 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.881645918 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.881700039 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.881717920 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:11.881757975 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:11.881777048 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:12.215301037 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:12.215313911 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:12.215342045 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:12.215383053 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:12.215396881 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:12.215447903 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:12.347676039 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:12.347739935 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:12.347757101 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:12.347773075 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:12.347800016 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:12.347816944 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:12.672812939 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:12.672828913 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:12.672848940 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:12.672914028 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:12.672939062 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:12.672969103 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:12.672990084 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.006853104 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.006892920 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.006946087 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.006947041 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.006985903 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.006994009 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.007061958 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.007093906 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.310224056 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.310276985 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.310312986 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.310328007 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.310370922 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.310384035 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.310410023 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.310431957 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.583708048 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.583748102 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.583798885 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.583807945 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.583862066 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.583875895 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.583942890 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.781013966 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.781086922 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.781101942 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.781119108 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.781148911 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.781160116 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.981106043 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.981172085 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.981200933 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.981219053 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:13.981246948 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:13.981262922 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.220290899 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.220331907 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.220383883 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.220429897 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.220429897 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.220463991 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.220479012 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.220711946 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.399238110 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.399266958 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.399348021 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.399367094 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.399389029 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.399478912 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.595347881 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.595374107 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.595494986 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.595494986 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.595510006 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.595562935 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.765522003 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.765558004 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.765860081 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.765860081 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.765877962 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.765959978 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.965992928 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.966020107 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.966101885 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.966114044 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:14.966164112 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:14.966164112 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:15.190330029 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.190345049 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.190381050 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.190493107 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:15.190510988 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.190542936 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:15.190728903 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:15.359801054 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.359827995 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.359891891 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:15.359911919 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.360822916 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:15.541089058 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.541112900 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.541233063 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:15.541249990 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.541429996 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:15.783152103 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.783169031 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.783211946 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.783296108 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:15.783314943 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.783351898 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:15.783370972 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:15.941937923 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.941962004 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.942130089 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:15.942147970 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:15.942200899 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:16.136492968 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:16.136521101 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:16.136610985 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:16.136629105 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:16.136694908 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:16.317907095 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:16.317934990 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:16.318070889 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:16.318089008 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:16.318137884 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:16.470380068 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:16.470452070 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:16.470549107 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:16.470565081 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:16.470597029 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:16.470659018 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:16.646717072 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:16.646758080 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:16.646891117 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:16.646908045 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:16.646965027 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:17.007100105 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.007117033 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.007138014 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.007224083 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:17.007253885 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.007267952 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.007325888 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:17.216586113 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.216600895 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.216644049 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.216803074 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:17.216831923 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.216921091 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:17.399833918 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.399894953 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.400007010 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:17.400007010 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:17.400026083 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.400283098 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:17.667113066 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.667131901 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.667166948 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.667395115 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:17.667416096 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:17.667583942 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:18.071007013 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:18.071027994 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:18.071168900 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:18.071211100 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:18.071240902 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:18.071357965 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:18.649666071 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:18.649682999 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:18.649713993 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:18.649765015 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:18.649800062 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:18.649854898 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:18.649888992 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:19.181516886 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:19.181555986 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:19.181601048 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:19.181873083 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:19.181873083 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:19.181905031 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:19.182157993 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:19.570722103 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:19.570738077 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:19.570774078 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:19.571000099 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:19.571000099 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:19.571024895 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:19.571110010 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:19.770859957 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:19.770886898 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:19.770998001 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:19.770998001 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:19.771023989 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:19.771081924 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:20.029511929 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:20.029556036 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:20.029624939 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:20.029664993 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:20.029812098 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:20.029825926 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:20.030020952 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:20.373861074 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:20.373898983 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:20.373951912 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:20.373955011 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:20.373984098 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:20.373999119 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:20.374013901 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:20.374042988 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:20.775773048 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:20.775789976 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:20.775826931 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:20.775934935 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:20.775955915 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:20.775990963 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:20.776012897 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.011259079 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.011275053 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.011408091 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.011435032 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.011457920 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.011477947 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.011499882 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.310688019 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.310704947 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.310738087 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.310791016 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.310815096 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.310887098 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.310887098 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.537926912 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.537944078 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.537981987 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.538239956 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.538239956 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.538275003 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.538352013 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.751533031 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.751549959 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.751594067 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.751698017 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.751698017 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.751714945 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.751966953 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.906729937 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.906759024 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.906805992 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.906829119 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.906913996 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.909265041 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.926805973 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.926950932 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.927042961 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.927118063 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.927118063 CET | 49702 | 443 | 192.168.2.7 | 13.107.246.72 |
| Mar 25, 2025 17:58:21.927140951 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Mar 25, 2025 17:58:21.927153111 CET | 443 | 49702 | 13.107.246.72 | 192.168.2.7 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 25, 2025 17:57:38.680639029 CET | 62497 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 25, 2025 17:57:38.833288908 CET | 53 | 62497 | 1.1.1.1 | 192.168.2.7 |
| Mar 25, 2025 17:57:52.839627028 CET | 61672 | 53 | 192.168.2.7 | 1.1.1.1 |
| Mar 25, 2025 17:57:52.945823908 CET | 53 | 61672 | 1.1.1.1 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 25, 2025 17:57:38.680639029 CET | 192.168.2.7 | 1.1.1.1 | 0xfda4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 25, 2025 17:57:52.839627028 CET | 192.168.2.7 | 1.1.1.1 | 0xa7bb | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 25, 2025 17:56:50.369286060 CET | 1.1.1.1 | 192.168.2.7 | 0x914c | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 25, 2025 17:56:50.369286060 CET | 1.1.1.1 | 192.168.2.7 | 0x914c | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 25, 2025 17:56:50.369286060 CET | 1.1.1.1 | 192.168.2.7 | 0x914c | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 25, 2025 17:56:50.541474104 CET | 1.1.1.1 | 192.168.2.7 | 0x16f1 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 25, 2025 17:56:50.541474104 CET | 1.1.1.1 | 192.168.2.7 | 0x16f1 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 25, 2025 17:57:38.833288908 CET | 1.1.1.1 | 192.168.2.7 | 0xfda4 | No error (0) | host1.emobility.energy | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 25, 2025 17:57:38.833288908 CET | 1.1.1.1 | 192.168.2.7 | 0xfda4 | No error (0) | 162.19.137.157 | A (IP address) | IN (0x0001) | false | ||
| Mar 25, 2025 17:57:52.945823908 CET | 1.1.1.1 | 192.168.2.7 | 0xa7bb | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 25, 2025 17:57:52.945823908 CET | 1.1.1.1 | 192.168.2.7 | 0xa7bb | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 25, 2025 17:57:52.945823908 CET | 1.1.1.1 | 192.168.2.7 | 0xa7bb | No error (0) | shed.dual-low.s-part-0044.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 25, 2025 17:57:52.945823908 CET | 1.1.1.1 | 192.168.2.7 | 0xa7bb | No error (0) | s-part-0044.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 25, 2025 17:57:52.945823908 CET | 1.1.1.1 | 192.168.2.7 | 0xa7bb | No error (0) | 13.107.246.72 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49697 | 162.19.137.157 | 443 | 6856 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-25 16:57:39 UTC | 219 | OUT | |
| 2025-03-25 16:57:39 UTC | 539 | IN | |
| 2025-03-25 16:57:39 UTC | 38 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49698 | 162.19.137.157 | 443 | 6856 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-25 16:57:40 UTC | 199 | OUT | |
| 2025-03-25 16:57:40 UTC | 590 | IN | |
| 2025-03-25 16:57:40 UTC | 4645 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49700 | 13.107.246.72 | 443 | 6856 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-25 16:57:53 UTC | 226 | OUT | |
| 2025-03-25 16:57:53 UTC | 493 | IN | |
| 2025-03-25 16:57:53 UTC | 15891 | IN | |
| 2025-03-25 16:57:53 UTC | 16384 | IN | |
| 2025-03-25 16:57:53 UTC | 16384 | IN | |
| 2025-03-25 16:57:53 UTC | 16384 | IN | |
| 2025-03-25 16:57:53 UTC | 16384 | IN | |
| 2025-03-25 16:57:53 UTC | 16384 | IN | |
| 2025-03-25 16:57:53 UTC | 16384 | IN | |
| 2025-03-25 16:57:53 UTC | 16384 | IN | |
| 2025-03-25 16:57:53 UTC | 16384 | IN | |
| 2025-03-25 16:57:54 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 49702 | 13.107.246.72 | 443 | 1920 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-25 16:58:07 UTC | 226 | OUT | |
| 2025-03-25 16:58:07 UTC | 472 | IN | |
| 2025-03-25 16:58:07 UTC | 15912 | IN | |
| 2025-03-25 16:58:07 UTC | 16384 | IN | |
| 2025-03-25 16:58:07 UTC | 16384 | IN | |
| 2025-03-25 16:58:07 UTC | 16384 | IN | |
| 2025-03-25 16:58:07 UTC | 16384 | IN | |
| 2025-03-25 16:58:07 UTC | 16384 | IN | |
| 2025-03-25 16:58:08 UTC | 16384 | IN | |
| 2025-03-25 16:58:08 UTC | 16384 | IN | |
| 2025-03-25 16:58:08 UTC | 16384 | IN | |
| 2025-03-25 16:58:08 UTC | 16384 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.7 | 49703 | 13.107.246.72 | 443 | 6856 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-25 16:58:08 UTC | 214 | OUT | |
| 2025-03-25 16:58:08 UTC | 470 | IN | |
| 2025-03-25 16:58:08 UTC | 204 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.7 | 49704 | 13.107.246.72 | 443 | 6856 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-25 16:58:08 UTC | 214 | OUT | |
| 2025-03-25 16:58:08 UTC | 494 | IN | |
| 2025-03-25 16:58:08 UTC | 2128 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 12:56:43 |
| Start date: | 25/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x9c0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 10 |
| Start time: | 12:57:47 |
| Start date: | 25/03/2025 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff620b60000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 12 |
| Start time: | 12:58:01 |
| Start date: | 25/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x9c0000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly
