Windows
Analysis Report
PO#4500550389.xla.xlsx
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
EXCEL.EXE (PID: 6968 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) mshta.exe (PID: 7932 cmdline:
C:\Windows \SysWOW64\ mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505) splwow64.exe (PID: 8048 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
EXCEL.EXE (PID: 5376 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\P O#45005503 89.xla.xls x" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: |
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-17T09:43:18.559061+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.9 | 58542 | 13.107.253.72 | 443 | TCP |
2025-03-17T09:43:24.796444+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.9 | 58544 | 13.107.253.72 | 443 | TCP |
2025-03-17T09:43:24.811495+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.9 | 58543 | 13.107.253.72 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | OLE: | ||
Source: | OLE: |
Source: | OLE indicator, VBA macros: |
Source: | Stream path 'MBD00C9763B/\x1Ole' : |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Window title found: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'MBD00C9763A/MBD00320C7F/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Source: | Window / User API: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
33% | Virustotal | Browse | ||
19% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
s-part-0044.t-0009.fb-t-msedge.net | 13.107.253.72 | true | false | high | |
kryx.ru | 188.225.72.170 | true | false | high | |
s-0005.dual-s-dc-msedge.net | 52.123.130.14 | true | false | high | |
otelrules.svc.static.microsoft | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.253.72 | s-part-0044.t-0009.fb-t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
198.12.89.24 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
188.225.72.170 | kryx.ru | Russian Federation | 9123 | TIMEWEB-ASRU | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1640393 |
Start date and time: | 2025-03-17 09:41:02 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Without Instrumentation |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | PO#4500550389.xla.xlsx |
Detection: | MAL |
Classification: | mal60.expl.winXLSX@6/4@2/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, SIHCli ent.exe, SgrmBroker.exe, conho st.exe, svchost.exe, MavInject 32.exe - Excluded IPs from analysis (wh
itelisted): 52.109.32.97, 52.1 09.28.47, 23.60.203.209, 199.2 32.214.172, 20.42.72.131, 20.4 2.65.90, 52.123.130.14, 20.190 .160.67, 4.245.163.56 - Excluded domains from analysis
(whitelisted): slscr.update.m icrosoft.com, onedscolprdeus14 .eastus.cloudapp.azure.com, eu r.roaming1.live.com.akadns.net , fs-wildcard.microsoft.com.ed gekey.net, fs-wildcard.microso ft.com.edgekey.net.globalredir .akadns.net, e16604.dscf.akama iedge.net, mobile.events.data. microsoft.com, roaming.officea pps.live.com, dual-s-0005-offi ce.config.skype.com, login.liv e.com, officeclient.microsoft. com, ukw-azsc-config.officeapp s.live.com, prod.fs.microsoft. com.akadns.net, c.pki.goog, wu -b-net.trafficmanager.net, ecs .office.com, self-events-data. trafficmanager.net, fs.microso ft.com, ctldl.windowsupdate.co m.delivery.microsoft.com, prod .configsvc1.live.com.akadns.ne t, self.events.data.microsoft. com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns. net, osiprod-uks-buff-azsc-000 .uksouth.cloudapp.azure.com, f e3cr.delivery.mp.microsoft.com , uks-azsc-000.roaming.officea pps.live.com, config.officeapp s.live.com, onedscolprdeus00.e astus.cloudapp.azure.com, ecs. office.trafficmanager.net, eur ope. - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
Time | Type | Description |
---|---|---|
04:43:12 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.253.72 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Hancitor | Browse | |||
198.12.89.24 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
kryx.ru | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | GuLoader, HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Sality | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Babadeda | Browse |
| ||
Get hash | malicious | Sality | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
s-part-0044.t-0009.fb-t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DanaBot | Browse |
| ||
Get hash | malicious | NovaSentinel | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AS-COLOCROSSINGUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AveMaria, PrivateLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Cobalt Strike, FormBook | Browse |
| ||
Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
TIMEWEB-ASRU | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Babadeda | Browse |
| ||
Get hash | malicious | Babadeda | Browse |
| ||
Get hash | malicious | Babadeda | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GhostRat, Mimikatz, Nitol | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 118 |
Entropy (8bit): | 3.5700810731231707 |
Encrypted: | false |
SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
MD5: | 573220372DA4ED487441611079B623CD |
SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 820 |
Entropy (8bit): | 2.7159862044217853 |
Encrypted: | false |
SSDEEP: | 24:YIrNyk+vpKAzH5wcfHGFAAJp9WtAZRJ5poIHWI:Ymt+RfzHuc8AAJtfJ52IHV |
MD5: | 4C216BA54D1A1E057DBD017884BCAE68 |
SHA1: | 04F6A2A122C952A6EE4E54FDB8185D4052074B21 |
SHA-256: | 80AB97552897B6DD6B37DC244018756D8FE893435AA360A26BFF8E6560D81E9C |
SHA-512: | 1F5F905260B372F9AEE7B6E574F0F427A85F74F30AB90B2CBF7847462A437C8907BDCA33D54260F685AEC64CC53E3241E37A8D6999AB01138C08DB2B39FF7371 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.3520167401771568 |
Encrypted: | false |
SSDEEP: | 3:qs/FFyGff:qsyWf |
MD5: | 5C22367453CA7CD5BD7CA96C4FD55742 |
SHA1: | FC7428D064740B4E331D57098AF028AA26FBC1AE |
SHA-256: | F5D3D989BFAC7CF7187B3665F8CB75AF84FD749DBE245E454E2F9F1AC562E543 |
SHA-512: | BE2C202040245F25CB24C7F7B44A69F0000A95984236C3AE671443C56A7E1AE05BD7ACED71979ADF1159490770A767D25F581E76540C9C653441558BAECC0C89 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.832961984010229 |
TrID: |
|
File name: | PO#4500550389.xla.xlsx |
File size: | 1'172'480 bytes |
MD5: | f871e42b797cf70e3ee4a79e21f02197 |
SHA1: | b03ebab29eab8c27f1a814494953147a9b90322f |
SHA256: | ecc360802ade998b33380472d1b5ce4dc95e4039daf93123ba3885e2716dc012 |
SHA512: | f641e3a231b6b0896fc35749ddcac371e5d5b46c07b0256eb8bf77d73e63eb149816d274c6b17c263481fbc54993e2b52d029f9fc7ca3f84ccc54043d14b3c76 |
SSDEEP: | 24576:BLA6DHtWjejsk4McupJIwgxIOXR8YhbBWvdp8tLUWBMDcaPFKM:+SaejH4MTpzguM8YkpwLUwhM |
TLSH: | 01450294EFC05A26CA0D02350FE38B5C5A15EEEA5745620F3235BE1D3EB6B3E0B72519 |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
Icon Hash: | 35e58a8c0c8a85b9 |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2025-03-17 02:57:46 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 97 a3 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . % _ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 25 5f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` % . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 60 25 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 32 10 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.2503503175049815 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . # \\ . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD00C9763A/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00C9763A/\x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 296 |
Entropy: | 3.2973193143624515 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . S h e e t 1 ! P r i n t _ A r e a . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 b7 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | MBD00C9763A/\x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 31156 |
Entropy: | 3.1876994904322484 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . y . . . . . . . . . . P . . . . . . . X . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K e n n y C h e u n g . . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . m . . . @ . . . . _ ~ . \\ S . @ . . . . . . . . . . . . G . . . x . . . . . . . . 0 . . . . . . . . . . T < . . . . . . . . . . . . . . & . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 84 79 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 70 00 00 00 12 00 00 00 80 00 00 00 0b 00 00 00 98 00 00 00 0c 00 00 00 a4 00 00 00 0d 00 00 00 b0 00 00 00 13 00 00 00 bc 00 00 00 11 00 00 00 c4 00 00 00 |
General | |
Stream Path: | MBD00C9763A/MBD00320C7F/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.219515110876372 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00C9763A/MBD00320C7F/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 613686 |
Entropy: | 7.989056691241232 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . . X . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 1a 58 13 82 c0 01 00 00 90 07 00 00 13 00 bb 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 b7 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00C9763A/MBD00321A49/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.219515110876372 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00C9763A/MBD00321A49/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 13665 |
Entropy: | 7.1661074658165225 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . . ~ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 c8 9d a8 db 7e 01 00 00 85 05 00 00 13 00 cf 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 cb 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00C9763A/Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 392615 |
Entropy: | 7.73377528201003 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . h : . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
General | |
Stream Path: | MBD00C9763B/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 662 |
Entropy: | 5.089050631517283 |
Base64 Encoded: | False |
Data ASCII: | . . . . C . i x . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . k . r . y . x . . . r . u . / . e . 3 . E . P . l . 0 . ? . & . c . e . r . t . i . f . i . c . a . t . i . o . n . = . e . x . c . l . u . s . i . v . e . & . k . i . t . t . y . = . t . h . i . n . k . a . b . l . e . . . D . A . m w P # . | - . - t # . + E X 3 a R { % . N o J 7 . Q E | . % v ] . . . a l | ! h E d . . z L . . . ; R F . . . . . . . . . . . . . . . . F . . . x . c . q . 0 . h . H . Y . X . 2 . |
Data Raw: | 01 00 00 02 b3 d0 c4 43 90 0f 69 78 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b ec 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6b 00 72 00 79 00 78 00 2e 00 72 00 75 00 2f 00 65 00 33 00 45 00 50 00 6c 00 30 00 3f 00 26 00 63 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 69 00 6f 00 6e 00 3d 00 65 00 78 00 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 96243 |
Entropy: | 7.9920296999361415 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . M q . n 1 . w _ E U ? R . . . d H V . . . $ & } / . . . . . . . . . . w . . . \\ . p . u ^ . . . . ^ Q . & . 1 % g ] A [ g . L O ~ C q . . L H . V F I . j s , . S z i Z a 9 . A $ . J . # . T - # * . G p A . + 4 . . B . . . a . . . . . . = . . . @ . . . . . . / 3 . . . . . 3 . . . . . @ . . . . . W . . . . s a . . . . e . . . m = . . . . P . 9 @ . _ . @ . . . . x . . . . " . . . . . . . . e | . . . j . . . 9 ` 1 . . . . [ . ) . _ A . . . [ ' . . X 1 . . . |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 4d b1 71 1e 6e c0 fc 9d f1 c6 fe a7 e0 92 a5 d5 31 c3 87 77 5f 45 55 3f df 52 0c c8 93 0b 64 48 56 0c 0d d0 af 24 de 26 7d fe 84 84 2f b7 fe e8 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 77 ad e2 00 00 00 5c 00 70 00 75 86 5e 86 d3 93 1d e2 f2 b5 16 d9 b1 91 5e 51 c9 0b 91 26 07 85 31 25 83 67 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 525 |
Entropy: | 5.197714347380842 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 8 F 3 A 6 E 9 F - 1 9 9 F - 4 9 5 E - B 5 F B - B E 8 7 6 4 8 B 0 E 8 1 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 5 2 5 0 4 D D 1 0 F D 5 0 F D 5 0 |
Data Raw: | 49 44 3d 22 7b 38 46 33 41 36 45 39 46 2d 31 39 39 46 2d 34 39 35 45 2d 42 35 46 42 2d 42 45 38 37 36 34 38 42 30 45 38 31 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2644 |
Entropy: | 3.992573102057176 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.360492237373647 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 e7 1d ef 69 0d 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-17T09:43:18.559061+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.9 | 58542 | 13.107.253.72 | 443 | TCP |
2025-03-17T09:43:24.796444+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.9 | 58544 | 13.107.253.72 | 443 | TCP |
2025-03-17T09:43:24.811495+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.9 | 58543 | 13.107.253.72 | 443 | TCP |
- Total Packets: 203
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 17, 2025 09:42:22.742979050 CET | 58531 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 17, 2025 09:42:22.747700930 CET | 53 | 58531 | 1.1.1.1 | 192.168.2.9 |
Mar 17, 2025 09:42:22.750613928 CET | 58531 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 17, 2025 09:42:22.757451057 CET | 53 | 58531 | 1.1.1.1 | 192.168.2.9 |
Mar 17, 2025 09:42:23.225125074 CET | 58531 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 17, 2025 09:42:23.241997957 CET | 53 | 58531 | 1.1.1.1 | 192.168.2.9 |
Mar 17, 2025 09:42:23.242054939 CET | 58531 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 17, 2025 09:43:03.017649889 CET | 58538 | 443 | 192.168.2.9 | 188.225.72.170 |
Mar 17, 2025 09:43:03.017694950 CET | 443 | 58538 | 188.225.72.170 | 192.168.2.9 |
Mar 17, 2025 09:43:03.017765999 CET | 58538 | 443 | 192.168.2.9 | 188.225.72.170 |
Mar 17, 2025 09:43:03.018095016 CET | 58538 | 443 | 192.168.2.9 | 188.225.72.170 |
Mar 17, 2025 09:43:03.018106937 CET | 443 | 58538 | 188.225.72.170 | 192.168.2.9 |
Mar 17, 2025 09:43:03.705368996 CET | 443 | 58538 | 188.225.72.170 | 192.168.2.9 |
Mar 17, 2025 09:43:03.705542088 CET | 58538 | 443 | 192.168.2.9 | 188.225.72.170 |
Mar 17, 2025 09:43:03.709801912 CET | 58538 | 443 | 192.168.2.9 | 188.225.72.170 |
Mar 17, 2025 09:43:03.709821939 CET | 443 | 58538 | 188.225.72.170 | 192.168.2.9 |
Mar 17, 2025 09:43:03.710175991 CET | 443 | 58538 | 188.225.72.170 | 192.168.2.9 |
Mar 17, 2025 09:43:03.710236073 CET | 58538 | 443 | 192.168.2.9 | 188.225.72.170 |
Mar 17, 2025 09:43:03.710690022 CET | 58538 | 443 | 192.168.2.9 | 188.225.72.170 |
Mar 17, 2025 09:43:03.756319046 CET | 443 | 58538 | 188.225.72.170 | 192.168.2.9 |
Mar 17, 2025 09:43:04.024261951 CET | 443 | 58538 | 188.225.72.170 | 192.168.2.9 |
Mar 17, 2025 09:43:04.024369955 CET | 443 | 58538 | 188.225.72.170 | 192.168.2.9 |
Mar 17, 2025 09:43:04.024419069 CET | 58538 | 443 | 192.168.2.9 | 188.225.72.170 |
Mar 17, 2025 09:43:04.024447918 CET | 58538 | 443 | 192.168.2.9 | 188.225.72.170 |
Mar 17, 2025 09:43:04.028989077 CET | 58538 | 443 | 192.168.2.9 | 188.225.72.170 |
Mar 17, 2025 09:43:04.029005051 CET | 443 | 58538 | 188.225.72.170 | 192.168.2.9 |
Mar 17, 2025 09:43:04.030790091 CET | 58539 | 80 | 192.168.2.9 | 198.12.89.24 |
Mar 17, 2025 09:43:04.035485029 CET | 80 | 58539 | 198.12.89.24 | 192.168.2.9 |
Mar 17, 2025 09:43:04.035595894 CET | 58539 | 80 | 192.168.2.9 | 198.12.89.24 |
Mar 17, 2025 09:43:04.035775900 CET | 58539 | 80 | 192.168.2.9 | 198.12.89.24 |
Mar 17, 2025 09:43:04.040637970 CET | 80 | 58539 | 198.12.89.24 | 192.168.2.9 |
Mar 17, 2025 09:43:04.503024101 CET | 80 | 58539 | 198.12.89.24 | 192.168.2.9 |
Mar 17, 2025 09:43:04.503058910 CET | 80 | 58539 | 198.12.89.24 | 192.168.2.9 |
Mar 17, 2025 09:43:04.503395081 CET | 58539 | 80 | 192.168.2.9 | 198.12.89.24 |
Mar 17, 2025 09:43:09.503743887 CET | 80 | 58539 | 198.12.89.24 | 192.168.2.9 |
Mar 17, 2025 09:43:09.506757975 CET | 58539 | 80 | 192.168.2.9 | 198.12.89.24 |
Mar 17, 2025 09:43:17.874387980 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:17.874429941 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:17.874598026 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:17.875194073 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:17.875210047 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.558990955 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.559061050 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.561101913 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.561115980 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.561378002 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.562810898 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.604330063 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.684273958 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.684313059 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.684340000 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.684390068 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.684402943 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.684432983 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.684459925 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.768425941 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.768455029 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.768508911 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.768529892 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.768574953 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.768593073 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.774907112 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.774924994 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.774977922 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.774983883 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.775017977 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.861195087 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.861217022 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.861258984 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.861273050 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.861329079 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.862469912 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.862483978 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.862549067 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.862560034 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.862643003 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.864190102 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.864206076 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.864263058 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.864269972 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.864329100 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.865856886 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.865873098 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.865917921 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.865925074 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.865950108 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.865978003 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.949505091 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.949526072 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.949598074 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.949608088 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.949645042 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.950212002 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.950234890 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.950282097 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.950288057 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.950315952 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.950336933 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.951280117 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.951297998 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.951334000 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.951340914 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.951373100 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.951394081 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.952272892 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.952291012 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.952338934 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.952344894 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.952354908 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.952379942 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.952409029 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.952415943 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.952435970 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.952467918 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.956768990 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.956788063 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.956851006 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:18.956857920 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:18.956974030 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.040318012 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.040350914 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.040400028 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.040416956 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.040458918 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.040476084 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.040646076 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.040663958 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.040714979 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.040721893 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.040776968 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.041151047 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.041168928 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.041212082 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.041218042 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.041245937 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.041270971 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.041676998 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.041696072 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.041750908 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.041757107 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.041861057 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.042438984 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.042454004 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.042510033 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.042515993 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.042557955 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.042557955 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.042684078 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.042701006 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.042747974 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.042752981 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.042836905 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.042836905 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.047102928 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.047121048 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.047178984 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.047184944 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.047215939 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.047230959 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.130722046 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.130742073 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.130810022 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.130829096 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.130908966 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.130947113 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.130964994 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131007910 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.131015062 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131043911 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.131063938 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.131263018 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131278992 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131333113 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.131340981 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131386995 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.131510973 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131529093 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131589890 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.131596088 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131793976 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.131848097 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131865978 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131901026 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.131905079 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131916046 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131937981 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.131938934 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131954908 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.131959915 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.131994009 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.132021904 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.132139921 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.132163048 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.132194042 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.132199049 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.132224083 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.132241011 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.137697935 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.137716055 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.137785912 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.137792110 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.137837887 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.221478939 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.221503019 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.221575022 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.221590042 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.221637964 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.222206116 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.222223997 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.222286940 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.222299099 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.222345114 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.222538948 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.222556114 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.222611904 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.222618103 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.222711086 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.222760916 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.222778082 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.222827911 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.222832918 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.222901106 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.222956896 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.222979069 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.223007917 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.223012924 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.223046064 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.223064899 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.223066092 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.223077059 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.223097086 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.223120928 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.223126888 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.223154068 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.223167896 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.223205090 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.223220110 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.223263025 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.223268986 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.223308086 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.228430033 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.228456974 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.228538990 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.228549004 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.228588104 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.312180996 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.312206030 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.312283993 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.312299967 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.312350035 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.312361002 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.312366962 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.312380075 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.312407970 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.312413931 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.312443972 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.312485933 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.312573910 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.312588930 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.312666893 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.312671900 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.312709093 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.312915087 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.312931061 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.312977076 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.312983036 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.313009024 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.313026905 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.313216925 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.313232899 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.313299894 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.313306093 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.313388109 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.313407898 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.313443899 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.313452959 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.313467026 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.313513994 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.313611031 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.313627005 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.313673973 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.313678980 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.313708067 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.313726902 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.319132090 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.319159031 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.319196939 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.319209099 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.319264889 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.402945042 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.402967930 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.403039932 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.403053045 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.403079033 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.403104067 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.403107882 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.403117895 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.403143883 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.403179884 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.403358936 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.403373957 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.403420925 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.403426886 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.403480053 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.403774977 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.403789997 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.403836012 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.403841019 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.403876066 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.403909922 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.403925896 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.403971910 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.403978109 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.404064894 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.404120922 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.404138088 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.404189110 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.404195070 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.404400110 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.404418945 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.404418945 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.404433012 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.404453993 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.404505014 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.409815073 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.409831047 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.409894943 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.409903049 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.409959078 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.493570089 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.493590117 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.493674040 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.493688107 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.493741989 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.493766069 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.493782043 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.493813038 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.493818998 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.493850946 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.493874073 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.494007111 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.494024038 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.494066954 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.494074106 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.494127989 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.494322062 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.494337082 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.494386911 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.494394064 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.494505882 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.494646072 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.494662046 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.494704962 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.494709969 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.494762897 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.494869947 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.494885921 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.494929075 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.494934082 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.494986057 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.495076895 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.495090961 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.495210886 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.495217085 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.495265007 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.500778913 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.500809908 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.500843048 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.500850916 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.500904083 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.584222078 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.584242105 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.584316969 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.584336042 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.584382057 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.584486961 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.584501028 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.584532022 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.584537983 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.584572077 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.584688902 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.584705114 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.584753036 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.584758043 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.584976912 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.584995985 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.585045099 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.585050106 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.585072041 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.585095882 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.585218906 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.585233927 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.585273981 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.585278988 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.585340977 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.585661888 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.585684061 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.585727930 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.585731983 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.585762024 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.585827112 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.585841894 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.585899115 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.585905075 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.585984945 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.591347933 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.591377020 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.591418028 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.591420889 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.591432095 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.591456890 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.591568947 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.591711044 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.591739893 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.591753006 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.591753006 CET | 58542 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:19.591762066 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:19.591768026 CET | 443 | 58542 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.074002028 CET | 58543 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.074067116 CET | 443 | 58543 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.074199915 CET | 58543 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.074460030 CET | 58543 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.074476957 CET | 443 | 58543 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.077063084 CET | 58544 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.077107906 CET | 443 | 58544 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.077286959 CET | 58544 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.077517033 CET | 58544 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.077529907 CET | 443 | 58544 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.758629084 CET | 443 | 58544 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.766192913 CET | 443 | 58543 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.796443939 CET | 58544 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.796479940 CET | 443 | 58544 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.798439026 CET | 58544 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.798453093 CET | 443 | 58544 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.811495066 CET | 58543 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.811515093 CET | 443 | 58543 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.816129923 CET | 58543 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.816145897 CET | 443 | 58543 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.906055927 CET | 443 | 58544 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.906080961 CET | 443 | 58544 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.906136036 CET | 58544 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.906169891 CET | 443 | 58544 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.906327963 CET | 443 | 58544 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.906416893 CET | 58544 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.925759077 CET | 443 | 58543 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.925844908 CET | 443 | 58543 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.925920010 CET | 58543 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.967164993 CET | 58544 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.967194080 CET | 443 | 58544 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.967216969 CET | 58544 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.967223883 CET | 443 | 58544 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.980504036 CET | 58543 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.980504036 CET | 58543 | 443 | 192.168.2.9 | 13.107.253.72 |
Mar 17, 2025 09:43:24.980537891 CET | 443 | 58543 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:43:24.980549097 CET | 443 | 58543 | 13.107.253.72 | 192.168.2.9 |
Mar 17, 2025 09:44:01.465572119 CET | 58539 | 80 | 192.168.2.9 | 198.12.89.24 |
Mar 17, 2025 09:44:01.473100901 CET | 80 | 58539 | 198.12.89.24 | 192.168.2.9 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 17, 2025 09:42:22.741087914 CET | 53 | 64063 | 1.1.1.1 | 192.168.2.9 |
Mar 17, 2025 09:43:02.916449070 CET | 61300 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 17, 2025 09:43:03.016242027 CET | 53 | 61300 | 1.1.1.1 | 192.168.2.9 |
Mar 17, 2025 09:43:17.783212900 CET | 56991 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 17, 2025 09:43:17.873270035 CET | 53 | 56991 | 1.1.1.1 | 192.168.2.9 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 17, 2025 09:43:02.916449070 CET | 192.168.2.9 | 1.1.1.1 | 0x62b2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 17, 2025 09:43:17.783212900 CET | 192.168.2.9 | 1.1.1.1 | 0x1952 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 17, 2025 09:42:13.032041073 CET | 1.1.1.1 | 192.168.2.9 | 0x926a | No error (0) | shed.s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:42:13.032041073 CET | 1.1.1.1 | 192.168.2.9 | 0x926a | No error (0) | s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:42:13.032041073 CET | 1.1.1.1 | 192.168.2.9 | 0x926a | No error (0) | 52.123.130.14 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:42:13.032041073 CET | 1.1.1.1 | 192.168.2.9 | 0x926a | No error (0) | 52.123.131.14 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:42:14.222842932 CET | 1.1.1.1 | 192.168.2.9 | 0xdaa7 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:42:14.222842932 CET | 1.1.1.1 | 192.168.2.9 | 0xdaa7 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:43:03.016242027 CET | 1.1.1.1 | 192.168.2.9 | 0x62b2 | No error (0) | 188.225.72.170 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2025 09:43:17.873270035 CET | 1.1.1.1 | 192.168.2.9 | 0x1952 | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:43:17.873270035 CET | 1.1.1.1 | 192.168.2.9 | 0x1952 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:43:17.873270035 CET | 1.1.1.1 | 192.168.2.9 | 0x1952 | No error (0) | shed.dual-low.s-part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:43:17.873270035 CET | 1.1.1.1 | 192.168.2.9 | 0x1952 | No error (0) | azurefd-t-fb-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:43:17.873270035 CET | 1.1.1.1 | 192.168.2.9 | 0x1952 | No error (0) | dual.s-part-0044.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:43:17.873270035 CET | 1.1.1.1 | 192.168.2.9 | 0x1952 | No error (0) | s-part-0044.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2025 09:43:17.873270035 CET | 1.1.1.1 | 192.168.2.9 | 0x1952 | No error (0) | 13.107.253.72 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.9 | 58539 | 198.12.89.24 | 80 | 6968 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 17, 2025 09:43:04.035775900 CET | 266 | OUT | |
Mar 17, 2025 09:43:04.503024101 CET | 1236 | IN | |
Mar 17, 2025 09:43:04.503058910 CET | 1009 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.9 | 58538 | 188.225.72.170 | 443 | 6968 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-17 08:43:03 UTC | 232 | OUT | |
2025-03-17 08:43:04 UTC | 509 | IN | |
2025-03-17 08:43:04 UTC | 118 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.9 | 58542 | 13.107.253.72 | 443 | 6968 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-17 08:43:18 UTC | 226 | OUT | |
2025-03-17 08:43:18 UTC | 500 | IN | |
2025-03-17 08:43:18 UTC | 15884 | IN | |
2025-03-17 08:43:18 UTC | 16384 | IN | |
2025-03-17 08:43:18 UTC | 16384 | IN | |
2025-03-17 08:43:18 UTC | 16384 | IN | |
2025-03-17 08:43:18 UTC | 16384 | IN | |
2025-03-17 08:43:18 UTC | 16384 | IN | |
2025-03-17 08:43:18 UTC | 16384 | IN | |
2025-03-17 08:43:18 UTC | 16384 | IN | |
2025-03-17 08:43:18 UTC | 16384 | IN | |
2025-03-17 08:43:18 UTC | 16384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.9 | 58544 | 13.107.253.72 | 443 | 6968 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-17 08:43:24 UTC | 214 | OUT | |
2025-03-17 08:43:24 UTC | 522 | IN | |
2025-03-17 08:43:24 UTC | 2128 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.9 | 58543 | 13.107.253.72 | 443 | 6968 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-17 08:43:24 UTC | 214 | OUT | |
2025-03-17 08:43:24 UTC | 491 | IN | |
2025-03-17 08:43:24 UTC | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 04:42:08 |
Start date: | 17/03/2025 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x710000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 10 |
Start time: | 04:43:03 |
Start date: | 17/03/2025 |
Path: | C:\Windows\SysWOW64\mshta.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1e0000 |
File size: | 13'312 bytes |
MD5 hash: | 06B02D5C097C7DB1F109749C45F3F505 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 12 |
Start time: | 04:43:12 |
Start date: | 17/03/2025 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61b330000 |
File size: | 163'840 bytes |
MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 14 |
Start time: | 04:43:22 |
Start date: | 17/03/2025 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x710000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |