Windows
Analysis Report
ENQUIRY - RFQ 674441-76450.xla.xlsx
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
EXCEL.EXE (PID: 1896 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) mshta.exe (PID: 7844 cmdline:
C:\Windows \SysWOW64\ mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505) splwow64.exe (PID: 7952 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
EXCEL.EXE (PID: 4572 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\E NQUIRY - R FQ 674441- 76450.xla. xlsx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: |
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-24T09:33:31.711934+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.9 | 49701 | 13.107.246.40 | 443 | TCP |
2025-03-24T09:33:37.900489+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.9 | 49703 | 13.107.246.40 | 443 | TCP |
2025-03-24T09:33:37.900636+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.9 | 49702 | 13.107.246.40 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: |
Source: | OLE indicator, VBA macros: |
Source: | Stream path 'MBD00356DE1/\x1Ole' : | ||
Source: | Stream path 'MBD00356DE1/\x1Ole' : |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Window title found: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'MBD00356DE0/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: | ||
Source: | Stream path 'Package' entropy: | ||
Source: | Stream path 'MBD00356DE0/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Source: | Window / User API: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Email Collection | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
28% | Virustotal | Browse | ||
28% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
s-part-0012.t-0009.t-msedge.net | 13.107.246.40 | true | false | high | |
host1.emobility.energy | 162.19.137.157 | true | false | unknown | |
microsoft-10.ovslegodl.sched.ovscdns.com | 43.152.182.96 | true | false | high | |
s-0005.dual-s-msedge.net | 52.123.128.14 | true | false | high | |
otelrules.svc.static.microsoft | unknown | unknown | false | high | |
t.emobility.energy | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false |
| unknown | |
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.246.40 | s-part-0012.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
43.152.182.96 | microsoft-10.ovslegodl.sched.ovscdns.com | Japan | 4249 | LILLY-ASUS | false | |
217.154.55.185 | unknown | United Kingdom | 8897 | KCOM-SPNService-ProviderNetworkex-MistralGB | false | |
162.19.137.157 | host1.emobility.energy | United States | 209 | CENTURYLINK-US-LEGACY-QWESTUS | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1646794 |
Start date and time: | 2025-03-24 09:31:13 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | ENQUIRY - RFQ 674441-76450.xla.xlsx |
Detection: | MAL |
Classification: | mal60.expl.winXLSX@6/9@2/4 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, SIHCli ent.exe, SgrmBroker.exe, conho st.exe, svchost.exe, MavInject 32.exe - Excluded IPs from analysis (wh
itelisted): 52.109.0.91, 23.20 4.23.20, 52.109.8.36, 13.89.17 9.10, 20.44.10.123, 52.123.128 .14, 4.175.87.197, 20.190.152. 19 - Excluded domains from analysis
(whitelisted): slscr.update.m icrosoft.com, onedscolprdcus12 .centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edg ekey.net, fs-wildcard.microsof t.com.edgekey.net.globalredir. akadns.net, e16604.dscf.akamai edge.net, mobile.events.data.m icrosoft.com, onedscolprdcus05 .centralus.cloudapp.azure.com, roaming.officeapps.live.com, osiprod-cus-buff-azsc-000.cent ralus.cloudapp.azure.com, dual -s-0005-office.config.skype.co m, login.live.com, wus-azsc-co nfig.officeapps.live.com, offi ceclient.microsoft.com, prod.f s.microsoft.com.akadns.net, c. pki.goog, wu-b-net.trafficmana ger.net, ecs.office.com, self- events-data.trafficmanager.net , fs.microsoft.com, ctldl.wind owsupdate.com.delivery.microso ft.com, prod.configsvc1.live.c om.akadns.net, self.events.dat a.microsoft.com, ctldl.windows update.com, prod.roaming1.live .com.akadns.net, cus-azsc-000. roaming.officeapps.live.com, f e3cr.delivery.mp.microsoft.com , us1.roaming1.live.com.akadns .net, config.officeapps.live.c om, us.configsvc1.live.com.aka dns. - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtOpenFile calls found . - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadFile calls found . - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
Time | Type | Description |
---|---|---|
04:33:25 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.246.40 | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
217.154.55.185 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
162.19.137.157 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
microsoft-10.ovslegodl.sched.ovscdns.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | XRed | Browse |
| ||
Get hash | malicious | XRed | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | XRed, XWorm | Browse |
| ||
Get hash | malicious | XRed, XWorm | Browse |
| ||
host1.emobility.energy | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
s-part-0012.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | XRed | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | XRed, XWorm | Browse |
| ||
Get hash | malicious | XRed, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | XWorm | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
LILLY-ASUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
KCOM-SPNService-ProviderNetworkex-MistralGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | GO Backdoor | Browse |
| ||
Get hash | malicious | WhiteSnake Stealer | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | GO Backdoor, LummaC Stealer | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
CENTURYLINK-US-LEGACY-QWESTUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Poisonivy | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | XRed | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Amadey, CryptOne, LummaC Stealer, Socks5Systemz | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | XRed | Browse |
| ||
Get hash | malicious | XRed | Browse |
|
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 118 |
Entropy (8bit): | 3.5700810731231707 |
Encrypted: | false |
SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
MD5: | 573220372DA4ED487441611079B623CD |
SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 820 |
Entropy (8bit): | 2.7159862044217853 |
Encrypted: | false |
SSDEEP: | 24:YIrNyk+vpKAzH5wcfHGFAAJp9WtAZRJ5poIHWI:Ymt+RfzHuc8AAJtfJ52IHV |
MD5: | 4C216BA54D1A1E057DBD017884BCAE68 |
SHA1: | 04F6A2A122C952A6EE4E54FDB8185D4052074B21 |
SHA-256: | 80AB97552897B6DD6B37DC244018756D8FE893435AA360A26BFF8E6560D81E9C |
SHA-512: | 1F5F905260B372F9AEE7B6E574F0F427A85F74F30AB90B2CBF7847462A437C8907BDCA33D54260F685AEC64CC53E3241E37A8D6999AB01138C08DB2B39FF7371 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 634880 |
Entropy (8bit): | 7.886858057536777 |
Encrypted: | false |
SSDEEP: | 12288:HX33Nhjs7sv94GMBG1HcdhUyvcgQ5dM+9lYay1HLycEvQG/2ipLsbdBR2T:n3NhB4GMBXZ1OdM+9cxEveOoBf2 |
MD5: | 91B3395CC3DB0945E3187D012BEB5369 |
SHA1: | 1666E3C39D49CFE38BE6C0C0C2EF35623EC9373B |
SHA-256: | 8297FA9B0E2E1881D942DCDA85EE2CB7D6A9DC1DEB05B6BD876263121D73170A |
SHA-512: | 4989F4F98E9DA3BBCBFD7E6A6A02F68EFAC131583F13E92186C4097EC7524BED36C3FBE3898578B17C080AF5348B3176FAD0D50AA6640A9CD4C42573C12FD083 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 633344 |
Entropy (8bit): | 7.923599169232986 |
Encrypted: | false |
SSDEEP: | 12288:MX33Nhjs7sv94GMBG1HcdhUyvcgQ5dM+9lYay1HLycEvQG/2ipLsbdBR2T:K3NhB4GMBXZ1OdM+9cxEveOoBf2 |
MD5: | 40EEF5A58533874DB28316B7D9A7BF3B |
SHA1: | EC548BF829FDB4968453E52D80184C3991F13ECE |
SHA-256: | C4F68E9817BE6C4FFA493BFBF3AB07AE78630D415BBE790A2E09E6F66310B2FA |
SHA-512: | 0F290FEAF13C1540CE1F8D817D4B0E3075F055121A7145D016EBFB03A8FBCBA1E2D45205F8BE48A156E3B4D9C96D8BA4257B1C7B548D66CCB01B784FD9BD575C |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1416192 |
Entropy (8bit): | 7.9836198533327485 |
Encrypted: | false |
SSDEEP: | 24576:63NhB4GMBXZ1OdM+9cxEveOoBf2AbMzbXj2gI5GEYP2z8YbVPVp1uCy:Kxypr+9cce/Bf2BzLu8Ybr |
MD5: | 96EC5B48F5D7E610A1C3571CC8770936 |
SHA1: | 25C0F75729C5E7F90B22C870D7FBB52C7A86B49E |
SHA-256: | 4EEF0DAA76DE7C1E377F3C87989AEB32D6926B2A64D73A19C1D44DE2F4E06C36 |
SHA-512: | 69FD0E219F573E7B199B93558C42AE512A342723647F7882A5E8F5B5F0B7022420A844A1BB24A1EF7D910B5346A91A54EE936F49A590F8088AFF7E579464A8BD |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1416192 |
Entropy (8bit): | 7.9836198533327485 |
Encrypted: | false |
SSDEEP: | 24576:63NhB4GMBXZ1OdM+9cxEveOoBf2AbMzbXj2gI5GEYP2z8YbVPVp1uCy:Kxypr+9cce/Bf2BzLu8Ybr |
MD5: | 96EC5B48F5D7E610A1C3571CC8770936 |
SHA1: | 25C0F75729C5E7F90B22C870D7FBB52C7A86B49E |
SHA-256: | 4EEF0DAA76DE7C1E377F3C87989AEB32D6926B2A64D73A19C1D44DE2F4E06C36 |
SHA-512: | 69FD0E219F573E7B199B93558C42AE512A342723647F7882A5E8F5B5F0B7022420A844A1BB24A1EF7D910B5346A91A54EE936F49A590F8088AFF7E579464A8BD |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.3520167401771568 |
Encrypted: | false |
SSDEEP: | 3:qs/FFyGff:qsyWf |
MD5: | 5C22367453CA7CD5BD7CA96C4FD55742 |
SHA1: | FC7428D064740B4E331D57098AF028AA26FBC1AE |
SHA-256: | F5D3D989BFAC7CF7187B3665F8CB75AF84FD749DBE245E454E2F9F1AC562E543 |
SHA-512: | BE2C202040245F25CB24C7F7B44A69F0000A95984236C3AE671443C56A7E1AE05BD7ACED71979ADF1159490770A767D25F581E76540C9C653441558BAECC0C89 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.9787592112424885 |
TrID: |
|
File name: | ENQUIRY - RFQ 674441-76450.xla.xlsx |
File size: | 1'304'064 bytes |
MD5: | 728def92ce2cf1e59208b5747c4f29e8 |
SHA1: | b4a65a2275e8b1dbb37bb1ad7949f6f456da1773 |
SHA256: | e822eabb8cd2fdd493bda865b2deebc1d4e272da9f1b17b8729de2289a31da3e |
SHA512: | 9c4201cf59f67abaadcf6cc937eb8348220b0a67339cb39fa349550897db8532eb795a8c249e1a3ce81d5454558c9cd0fe64876c86a0296aebff929af9fcaedb |
SSDEEP: | 24576:JKWmHNSyAZ0F17OhsB4GMBXZ1SMP8NzzHLzevHOGMUxyPEu:JM7oWypulzHLzevuGmPEu |
TLSH: | 1555230BBAC2DB42E8A755B4DD939D6522083F016B0AC55733847B6A773D230D7A3B1E |
File Content Preview: | ........................>...................................(...........................................................k.......m.......o.......q.......s...................................................................................................... |
Icon Hash: | 35e58a8c0c8a85b9 |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2025-03-24 01:30:09 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 af c3 70 e0 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 af c3 4f d1 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 af c3 fc 53 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 af c3 cc c0 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.3020681057018666 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . G \\ . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD00356DE0/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 99 |
Entropy: | 3.631242196770981 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00356DE0/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 668928 |
Entropy: | 7.977799713326433 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . . N . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 dd 84 4e d1 e5 01 00 00 16 08 00 00 13 00 cc 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c8 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD00356DE1/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 788 |
Entropy: | 4.903728938701706 |
Base64 Encoded: | False |
Data ASCII: | . . . . . a . . . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . t . . . e . m . o . b . i . l . i . t . y . . . e . n . e . r . g . y . / . 3 . y . R . D . Y . q . ? . & . b . a . l . a . n . c . e . = . t . e . s . t . e . d . & . c . l . e . a . n . e . r . . . & . F . . J T E l i E . . . O p . . . . > . 9 . . [ . . i . h . < ) c . = . A . F $ . k . l . . # 2 K ! . / k @ . . . . . . . . . . . . . . . . . . . V . 7 . v . G . E . 9 . 6 . H . j . T . L . 9 . g . D . b . I . c |
Data Raw: | 01 00 00 02 b9 13 61 0c b8 a5 be 14 00 00 00 00 00 00 00 00 00 00 00 00 de 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b da 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 74 00 2e 00 65 00 6d 00 6f 00 62 00 69 00 6c 00 69 00 74 00 79 00 2e 00 65 00 6e 00 65 00 72 00 67 00 79 00 2f 00 33 00 79 00 52 00 44 00 59 00 71 00 3f 00 26 00 62 00 61 00 6c 00 61 00 6e 00 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 610734 |
Entropy: | 7.999428911070794 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . z . w O O ^ ! . E Z . l O X 1 < - E . o c r . t 4 . . . . . . . . . . N . . . \\ . p . . c - U Y Y v 7 D e 4 . J r | * N p 9 7 l . W 9 ~ 2 O _ T . m G ( x . . . $ w k " r . x B Q ` Y ~ . q . f P r . g I . N G > ( 9 h B . . . \\ a . . . ~ . . . = . . . . o O G . . . . . m . \\ J 2 ? . . . . . . . . ; p . . . . . . . . . D . . . . o . . . = . . . * u Q . 1 + Y i 6 ; I @ . . . . . . . P " . . . . = . . . . f . . . + . . . . | 1 . . . . Z * . ' , F S ~ . . . ^ |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 7a 8c 95 0b ce c1 77 4f d3 4f 5e 8e 21 e8 8a a0 45 e0 ca 5a 06 6c d0 4f 58 31 c8 3c 2d ac 98 45 d2 92 6f 63 cf 72 be 96 84 e9 18 9f c7 74 34 f5 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 cc 4e e2 00 00 00 5c 00 70 00 bf 93 d6 18 63 2d af b9 55 59 59 76 ff 80 37 f5 ec 44 65 c6 34 19 c5 e7 4a de |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 531 |
Entropy: | 5.226461353032341 |
Base64 Encoded: | True |
Data ASCII: | I D = " { B 6 A C 0 8 C 9 - 0 9 D E - 4 E 0 8 - A 4 5 A - F 0 7 7 3 E 1 E 5 3 5 4 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 9 E 9 C 7 3 F 5 9 3 0 D 0 B 1 1 0 |
Data Raw: | 49 44 3d 22 7b 42 36 41 43 30 38 43 39 2d 30 39 44 45 2d 34 45 30 38 2d 41 34 35 41 2d 46 30 37 37 33 45 31 45 35 33 35 34 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2644 |
Entropy: | 4.000746481629967 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.371982954211479 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . 7 C i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 37 43 f8 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-24T09:33:31.711934+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.9 | 49701 | 13.107.246.40 | 443 | TCP |
2025-03-24T09:33:37.900489+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.9 | 49703 | 13.107.246.40 | 443 | TCP |
2025-03-24T09:33:37.900636+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.9 | 49702 | 13.107.246.40 | 443 | TCP |
- Total Packets: 247
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 24, 2025 09:32:27.146379948 CET | 49687 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:27.244469881 CET | 80 | 49687 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:27.244612932 CET | 49687 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:27.248343945 CET | 49687 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:27.349298000 CET | 80 | 49687 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:27.350023985 CET | 80 | 49687 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:27.350150108 CET | 80 | 49687 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:27.350348949 CET | 49687 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:27.407335997 CET | 80 | 49687 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:27.407387018 CET | 49687 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:27.459073067 CET | 49687 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:27.561091900 CET | 80 | 49687 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:28.475783110 CET | 49689 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:28.575062037 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:28.575146914 CET | 49689 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:28.575257063 CET | 49689 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:28.673719883 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:28.674036980 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:28.674077988 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:28.674117088 CET | 49689 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:28.674209118 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:28.674576044 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:28.674591064 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:28.674618959 CET | 49689 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:28.674644947 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:28.674658060 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:28.674665928 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:28.674685955 CET | 49689 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:28.674736977 CET | 49689 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:28.727093935 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:28.727139950 CET | 49689 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:32:28.776071072 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:32:28.776120901 CET | 49689 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:33:17.959242105 CET | 49699 | 443 | 192.168.2.9 | 162.19.137.157 |
Mar 24, 2025 09:33:17.959304094 CET | 443 | 49699 | 162.19.137.157 | 192.168.2.9 |
Mar 24, 2025 09:33:17.959391117 CET | 49699 | 443 | 192.168.2.9 | 162.19.137.157 |
Mar 24, 2025 09:33:17.959619045 CET | 49699 | 443 | 192.168.2.9 | 162.19.137.157 |
Mar 24, 2025 09:33:17.959635019 CET | 443 | 49699 | 162.19.137.157 | 192.168.2.9 |
Mar 24, 2025 09:33:18.341684103 CET | 443 | 49699 | 162.19.137.157 | 192.168.2.9 |
Mar 24, 2025 09:33:18.341780901 CET | 49699 | 443 | 192.168.2.9 | 162.19.137.157 |
Mar 24, 2025 09:33:18.347543001 CET | 49699 | 443 | 192.168.2.9 | 162.19.137.157 |
Mar 24, 2025 09:33:18.347558022 CET | 443 | 49699 | 162.19.137.157 | 192.168.2.9 |
Mar 24, 2025 09:33:18.347896099 CET | 443 | 49699 | 162.19.137.157 | 192.168.2.9 |
Mar 24, 2025 09:33:18.347971916 CET | 49699 | 443 | 192.168.2.9 | 162.19.137.157 |
Mar 24, 2025 09:33:18.349246979 CET | 49699 | 443 | 192.168.2.9 | 162.19.137.157 |
Mar 24, 2025 09:33:18.396325111 CET | 443 | 49699 | 162.19.137.157 | 192.168.2.9 |
Mar 24, 2025 09:33:18.718049049 CET | 443 | 49699 | 162.19.137.157 | 192.168.2.9 |
Mar 24, 2025 09:33:18.718128920 CET | 443 | 49699 | 162.19.137.157 | 192.168.2.9 |
Mar 24, 2025 09:33:18.718154907 CET | 49699 | 443 | 192.168.2.9 | 162.19.137.157 |
Mar 24, 2025 09:33:18.718205929 CET | 49699 | 443 | 192.168.2.9 | 162.19.137.157 |
Mar 24, 2025 09:33:18.746886969 CET | 49699 | 443 | 192.168.2.9 | 162.19.137.157 |
Mar 24, 2025 09:33:18.746948957 CET | 443 | 49699 | 162.19.137.157 | 192.168.2.9 |
Mar 24, 2025 09:33:18.750401974 CET | 49700 | 80 | 192.168.2.9 | 217.154.55.185 |
Mar 24, 2025 09:33:18.919512987 CET | 80 | 49700 | 217.154.55.185 | 192.168.2.9 |
Mar 24, 2025 09:33:18.919586897 CET | 49700 | 80 | 192.168.2.9 | 217.154.55.185 |
Mar 24, 2025 09:33:18.919820070 CET | 49700 | 80 | 192.168.2.9 | 217.154.55.185 |
Mar 24, 2025 09:33:19.090862989 CET | 80 | 49700 | 217.154.55.185 | 192.168.2.9 |
Mar 24, 2025 09:33:19.090887070 CET | 80 | 49700 | 217.154.55.185 | 192.168.2.9 |
Mar 24, 2025 09:33:19.090900898 CET | 80 | 49700 | 217.154.55.185 | 192.168.2.9 |
Mar 24, 2025 09:33:19.090913057 CET | 80 | 49700 | 217.154.55.185 | 192.168.2.9 |
Mar 24, 2025 09:33:19.090920925 CET | 49700 | 80 | 192.168.2.9 | 217.154.55.185 |
Mar 24, 2025 09:33:19.090928078 CET | 80 | 49700 | 217.154.55.185 | 192.168.2.9 |
Mar 24, 2025 09:33:19.090948105 CET | 49700 | 80 | 192.168.2.9 | 217.154.55.185 |
Mar 24, 2025 09:33:19.091002941 CET | 49700 | 80 | 192.168.2.9 | 217.154.55.185 |
Mar 24, 2025 09:33:24.120640993 CET | 80 | 49700 | 217.154.55.185 | 192.168.2.9 |
Mar 24, 2025 09:33:24.120714903 CET | 49700 | 80 | 192.168.2.9 | 217.154.55.185 |
Mar 24, 2025 09:33:28.678514957 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:33:28.678576946 CET | 49689 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:33:28.688265085 CET | 49689 | 80 | 192.168.2.9 | 43.152.182.96 |
Mar 24, 2025 09:33:28.789479971 CET | 80 | 49689 | 43.152.182.96 | 192.168.2.9 |
Mar 24, 2025 09:33:31.392121077 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:31.392162085 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:31.392222881 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:31.392659903 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:31.392672062 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:31.711863995 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:31.711934090 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:31.713781118 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:31.713789940 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:31.714092016 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:31.715357065 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:31.760324955 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.041899920 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.041937113 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.041954994 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.041991949 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.042018890 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.042047977 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.042061090 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.075170040 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.075198889 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.075248957 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.075277090 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.075293064 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.075308084 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.153939962 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.153964996 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.154041052 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.154062033 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.154103041 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.177666903 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.177686930 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.177726030 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.177742004 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.177761078 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.177788019 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.238581896 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.238656998 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.238663912 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.238687038 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.238714933 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.238727093 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.265860081 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.265885115 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.265964031 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.265981913 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.266026974 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.292814016 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.292840958 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.292884111 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.292912960 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.292927980 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.292963982 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.340589046 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.340610981 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.340657949 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.340678930 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.340704918 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.340723991 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.373603106 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.373651981 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.373676062 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.373687983 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.373729944 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.406558990 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.406578064 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.406640053 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.406656027 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.406693935 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.444853067 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.444880962 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.444998980 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.444998980 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.445014954 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.445312977 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.470782995 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.470808029 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.470915079 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.470915079 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.470933914 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.471235037 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.503643036 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.503663063 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.503797054 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.503809929 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.504030943 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.543152094 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.543171883 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.543427944 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.543457031 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.543751955 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.572138071 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.572166920 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.572591066 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.572603941 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.573023081 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.600617886 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.600637913 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.600788116 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.600805044 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.601058006 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.637696981 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.637716055 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.637823105 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.637823105 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.637837887 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.637989044 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.665199995 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.665222883 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.665345907 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.665345907 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.665359974 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.665503979 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.688524008 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.688551903 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.688636065 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.688652039 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.688733101 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.688903093 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.718034983 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.718054056 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.718311071 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.718326092 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.718599081 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.751903057 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.751923084 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.752123117 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.752135038 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.752222061 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.772834063 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.772852898 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.773334980 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.773345947 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.773787975 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.799391031 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.799416065 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.799541950 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.799554110 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.800754070 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.834197044 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.834219933 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.834311962 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.834330082 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.836692095 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.860469103 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.860498905 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.860641003 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.860641956 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.860675097 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.860892057 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.881019115 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.881050110 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.881175041 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.881175041 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.881186008 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.881273985 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.907768965 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.907795906 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.907881021 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.907881021 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.907902002 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.908288956 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.940120935 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.940144062 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.940242052 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.940242052 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.940263033 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.940476894 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.967552900 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.967576981 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.967775106 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.967787981 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.968082905 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.986897945 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.986920118 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.987055063 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.987055063 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:32.987063885 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:32.987185955 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.010051012 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.010076046 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.010163069 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.010163069 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.010171890 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.010611057 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.037055016 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.037077904 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.037153959 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.037153959 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.037163973 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.037364006 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.062561989 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.062583923 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.062668085 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.062678099 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.062697887 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.062887907 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.085545063 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.085575104 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.085660934 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.085675955 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.085730076 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.086883068 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.105745077 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.105778933 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.105811119 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.105827093 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.105873108 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.105873108 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.133172989 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.133244038 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.133291960 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.133307934 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.133342028 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.133565903 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.164366961 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.164417982 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.164530039 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.164530039 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.164546967 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.164849043 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.182121992 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.182140112 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.182221889 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.182244062 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.182882071 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.201112032 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.201131105 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.201349974 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.201375008 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.201513052 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.219136953 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.219155073 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.219361067 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.219376087 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.219475031 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.245409012 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.245426893 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.245906115 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.245919943 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.246151924 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.266875029 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.266894102 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.267020941 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.267021894 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.267038107 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.267236948 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.288225889 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.288254976 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.288336039 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.288357019 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.288393021 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.288692951 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.307390928 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.307411909 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.307499886 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.307519913 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.307540894 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.307837963 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.322818995 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.322839022 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.322941065 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.322941065 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.322953939 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.323093891 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.352758884 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.352777958 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.352902889 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.352902889 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.352919102 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.352974892 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.369801998 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.369827032 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.369932890 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.369932890 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.369950056 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.370115042 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.395642042 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.395661116 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.395772934 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.395772934 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.395787954 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.395946026 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.413155079 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.413172960 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.413279057 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.413279057 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.413295031 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.413537979 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.427786112 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.427803993 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.427894115 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.427908897 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.428097010 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.452833891 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.452856064 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.452972889 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.452972889 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.452987909 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.453087091 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.470973969 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.470999956 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.471071959 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.471088886 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.471123934 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.471123934 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.491900921 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.491925955 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.491971970 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.491988897 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.492079020 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.509690046 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.509711981 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.509809971 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.509809971 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.509825945 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.509875059 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.526063919 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.526081085 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.526120901 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.526135921 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.526174068 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.526335955 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.548226118 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.548247099 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.548322916 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.548338890 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.548481941 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.565531969 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.565552950 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.565628052 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.565640926 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.565664053 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.565735102 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.588275909 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.588294029 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.588398933 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.588416100 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.588465929 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.588465929 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.605473042 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.605499029 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.605567932 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.605597019 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.606688976 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.621047020 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.621074915 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.621167898 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.621186018 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.621196032 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.621274948 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.724956036 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.724983931 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.725045919 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.725059032 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.725074053 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.725106001 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.725106001 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.725136042 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.725140095 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.725157976 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.725172997 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.725184917 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.725184917 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.725224018 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.725251913 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.725258112 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.725270033 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.725291967 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.725313902 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.725317955 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.725327969 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.725346088 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.725380898 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.725380898 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.725390911 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.725471020 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.733774900 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.733793020 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.733875990 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.733889103 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.733937025 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.766953945 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.766979933 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.767071009 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.767071009 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.767088890 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.767129898 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.795046091 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.795069933 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.795115948 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.795118093 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.795133114 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.795154095 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.795192957 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.795198917 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.795214891 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.795242071 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.795289040 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.795588970 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.795588970 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:33.795604944 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:33.795613050 CET | 443 | 49701 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:37.606143951 CET | 49702 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:37.606197119 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:37.606507063 CET | 49702 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:37.606709957 CET | 49702 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:37.606719017 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:37.607973099 CET | 49703 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:37.608012915 CET | 443 | 49703 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:37.608146906 CET | 49703 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:37.608300924 CET | 49703 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:37.608309984 CET | 443 | 49703 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:37.899725914 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:37.899859905 CET | 443 | 49703 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:37.900489092 CET | 49703 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:37.900516033 CET | 443 | 49703 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:37.900635958 CET | 49702 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:37.900665998 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:37.901477098 CET | 49702 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:37.901484966 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:37.902105093 CET | 49703 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:37.902112007 CET | 443 | 49703 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:38.090267897 CET | 443 | 49703 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:38.090291023 CET | 443 | 49703 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:38.090353012 CET | 443 | 49703 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:38.090372086 CET | 49703 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:38.090483904 CET | 49703 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:38.090733051 CET | 49703 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:38.090733051 CET | 49703 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:38.090756893 CET | 443 | 49703 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:38.090768099 CET | 443 | 49703 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:38.092942953 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:38.093271971 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:38.096581936 CET | 49702 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:38.099214077 CET | 49702 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:38.099214077 CET | 49702 | 443 | 192.168.2.9 | 13.107.246.40 |
Mar 24, 2025 09:33:38.099236965 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:33:38.099242926 CET | 443 | 49702 | 13.107.246.40 | 192.168.2.9 |
Mar 24, 2025 09:34:14.661489964 CET | 49700 | 80 | 192.168.2.9 | 217.154.55.185 |
Mar 24, 2025 09:34:15.114818096 CET | 49700 | 80 | 192.168.2.9 | 217.154.55.185 |
Mar 24, 2025 09:34:16.004935980 CET | 49700 | 80 | 192.168.2.9 | 217.154.55.185 |
Mar 24, 2025 09:34:17.770670891 CET | 49700 | 80 | 192.168.2.9 | 217.154.55.185 |
Mar 24, 2025 09:34:21.301888943 CET | 49700 | 80 | 192.168.2.9 | 217.154.55.185 |
Mar 24, 2025 09:34:28.348764896 CET | 49700 | 80 | 192.168.2.9 | 217.154.55.185 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 24, 2025 09:33:17.831415892 CET | 59433 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 24, 2025 09:33:17.958359957 CET | 53 | 59433 | 1.1.1.1 | 192.168.2.9 |
Mar 24, 2025 09:33:31.287343979 CET | 62267 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 24, 2025 09:33:31.391124964 CET | 53 | 62267 | 1.1.1.1 | 192.168.2.9 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 24, 2025 09:33:17.831415892 CET | 192.168.2.9 | 1.1.1.1 | 0xbaf7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 09:33:31.287343979 CET | 192.168.2.9 | 1.1.1.1 | 0x2500 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 24, 2025 09:32:26.507072926 CET | 1.1.1.1 | 192.168.2.9 | 0xc65a | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 24, 2025 09:32:26.507072926 CET | 1.1.1.1 | 192.168.2.9 | 0xc65a | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 09:32:26.507072926 CET | 1.1.1.1 | 192.168.2.9 | 0xc65a | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 09:32:27.139607906 CET | 1.1.1.1 | 192.168.2.9 | 0x460f | No error (0) | microsoft-10.ovslegodl.sched.ovscdns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 24, 2025 09:32:27.139607906 CET | 1.1.1.1 | 192.168.2.9 | 0x460f | No error (0) | 43.152.182.96 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 09:32:27.139607906 CET | 1.1.1.1 | 192.168.2.9 | 0x460f | No error (0) | 43.175.186.85 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 09:32:27.139607906 CET | 1.1.1.1 | 192.168.2.9 | 0x460f | No error (0) | 43.152.136.87 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 09:32:27.139607906 CET | 1.1.1.1 | 192.168.2.9 | 0x460f | No error (0) | 43.175.170.196 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 09:32:27.139607906 CET | 1.1.1.1 | 192.168.2.9 | 0x460f | No error (0) | 43.152.134.210 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 09:32:27.139607906 CET | 1.1.1.1 | 192.168.2.9 | 0x460f | No error (0) | 43.175.186.87 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 09:32:27.139607906 CET | 1.1.1.1 | 192.168.2.9 | 0x460f | No error (0) | 43.152.183.76 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 09:32:27.139607906 CET | 1.1.1.1 | 192.168.2.9 | 0x460f | No error (0) | 43.152.136.170 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 09:32:27.139607906 CET | 1.1.1.1 | 192.168.2.9 | 0x460f | No error (0) | 43.152.183.74 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 09:32:27.139607906 CET | 1.1.1.1 | 192.168.2.9 | 0x460f | No error (0) | 43.152.135.101 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 09:33:17.958359957 CET | 1.1.1.1 | 192.168.2.9 | 0xbaf7 | No error (0) | host1.emobility.energy | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 24, 2025 09:33:17.958359957 CET | 1.1.1.1 | 192.168.2.9 | 0xbaf7 | No error (0) | 162.19.137.157 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 09:33:31.391124964 CET | 1.1.1.1 | 192.168.2.9 | 0x2500 | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 24, 2025 09:33:31.391124964 CET | 1.1.1.1 | 192.168.2.9 | 0x2500 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 24, 2025 09:33:31.391124964 CET | 1.1.1.1 | 192.168.2.9 | 0x2500 | No error (0) | shed.dual-low.s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 24, 2025 09:33:31.391124964 CET | 1.1.1.1 | 192.168.2.9 | 0x2500 | No error (0) | s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 24, 2025 09:33:31.391124964 CET | 1.1.1.1 | 192.168.2.9 | 0x2500 | No error (0) | 13.107.246.40 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.9 | 49687 | 43.152.182.96 | 80 | 1896 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 24, 2025 09:32:27.248343945 CET | 287 | OUT | |
Mar 24, 2025 09:32:27.350023985 CET | 303 | IN | |
Mar 24, 2025 09:32:27.407335997 CET | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
1 | 192.168.2.9 | 49689 | 43.152.182.96 | 80 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 24, 2025 09:32:28.575257063 CET | 196 | OUT | |
Mar 24, 2025 09:32:28.674036980 CET | 388 | IN | |
Mar 24, 2025 09:32:28.674077988 CET | 1254 | IN | |
Mar 24, 2025 09:32:28.674209118 CET | 1254 | IN | |
Mar 24, 2025 09:32:28.674576044 CET | 1254 | IN | |
Mar 24, 2025 09:32:28.674591064 CET | 1254 | IN | |
Mar 24, 2025 09:32:28.674644947 CET | 1254 | IN | |
Mar 24, 2025 09:32:28.674658060 CET | 1254 | IN | |
Mar 24, 2025 09:32:28.674665928 CET | 272 | IN | |
Mar 24, 2025 09:32:28.727093935 CET | 1 | IN | |
Mar 24, 2025 09:32:28.776071072 CET | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.9 | 49700 | 217.154.55.185 | 80 | 1896 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 24, 2025 09:33:18.919820070 CET | 267 | OUT | |
Mar 24, 2025 09:33:19.090862989 CET | 1254 | IN | |
Mar 24, 2025 09:33:19.090887070 CET | 1254 | IN | |
Mar 24, 2025 09:33:19.090900898 CET | 1254 | IN | |
Mar 24, 2025 09:33:19.090913057 CET | 1254 | IN | |
Mar 24, 2025 09:33:19.090928078 CET | 1017 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.9 | 49699 | 162.19.137.157 | 443 | 1896 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-24 08:33:18 UTC | 226 | OUT | |
2025-03-24 08:33:18 UTC | 621 | IN | |
2025-03-24 08:33:18 UTC | 119 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.9 | 49701 | 13.107.246.40 | 443 | 1896 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-24 08:33:31 UTC | 226 | OUT | |
2025-03-24 08:33:32 UTC | 500 | IN | |
2025-03-24 08:33:32 UTC | 15884 | IN | |
2025-03-24 08:33:32 UTC | 16384 | IN | |
2025-03-24 08:33:32 UTC | 16384 | IN | |
2025-03-24 08:33:32 UTC | 16384 | IN | |
2025-03-24 08:33:32 UTC | 16384 | IN | |
2025-03-24 08:33:32 UTC | 16384 | IN | |
2025-03-24 08:33:32 UTC | 16384 | IN | |
2025-03-24 08:33:32 UTC | 16384 | IN | |
2025-03-24 08:33:32 UTC | 16384 | IN | |
2025-03-24 08:33:32 UTC | 16384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.9 | 49702 | 13.107.246.40 | 443 | 1896 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-24 08:33:37 UTC | 214 | OUT | |
2025-03-24 08:33:38 UTC | 491 | IN | |
2025-03-24 08:33:38 UTC | 204 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.9 | 49703 | 13.107.246.40 | 443 | 1896 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-24 08:33:37 UTC | 214 | OUT | |
2025-03-24 08:33:38 UTC | 494 | IN | |
2025-03-24 08:33:38 UTC | 2128 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 04:32:21 |
Start date: | 24/03/2025 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb60000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 11 |
Start time: | 04:33:17 |
Start date: | 24/03/2025 |
Path: | C:\Windows\SysWOW64\mshta.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xab0000 |
File size: | 13'312 bytes |
MD5 hash: | 06B02D5C097C7DB1F109749C45F3F505 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 13 |
Start time: | 04:33:25 |
Start date: | 24/03/2025 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e080000 |
File size: | 163'840 bytes |
MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 16 |
Start time: | 04:33:43 |
Start date: | 24/03/2025 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb60000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet1" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet2" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet3" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "ThisWorkbook" |
2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |