Windows
Analysis Report
quotation_1.xlsx
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
EXCEL.EXE (PID: 6520 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) splwow64.exe (PID: 7464 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
INDICATOR_XML_LegacyDrawing_AutoLoad_Document | detects AutoLoad documents using LegacyDrawing | ditekSHen |
|
System Summary |
---|
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-25T12:49:11.943370+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.9 | 49699 | 13.107.246.72 | 443 | TCP |
2025-03-25T12:49:18.784945+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.9 | 49700 | 13.107.246.72 | 443 | TCP |
2025-03-25T12:49:18.785006+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.9 | 49701 | 13.107.246.72 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
54% | Virustotal | Browse | ||
71% | ReversingLabs | Document-Office.Exploit.CVE-2017-11882 | ||
100% | Avira | EXP/CVE-2017-11882.Gen |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
s-part-0044.t-0009.t-msedge.net | 13.107.246.72 | true | false | high | |
s-0005.dual-s-msedge.net | 52.123.129.14 | true | false | high | |
otelrules.svc.static.microsoft | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.246.72 | s-part-0044.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1647954 |
Start date and time: | 2025-03-25 12:46:29 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 18s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | quotation_1.xlsx |
Detection: | MAL |
Classification: | mal64.winXLSX@3/2@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, WMIADA P.exe, SIHClient.exe, SgrmBrok er.exe, conhost.exe, svchost.e xe - Excluded IPs from analysis (wh
itelisted): 52.109.0.91, 184.3 1.69.3, 52.109.16.112, 199.232 .214.172, 52.168.117.168, 52.1 23.129.14, 40.126.24.84, 4.175 .87.197 - Excluded domains from analysis
(whitelisted): slscr.update.m icrosoft.com, fs-wildcard.micr osoft.com.edgekey.net, fs-wild card.microsoft.com.edgekey.net .globalredir.akadns.net, e1660 4.dscf.akamaiedge.net, osiprod -ncus-buff-azsc-000.northcentr alus.cloudapp.azure.com, ncus- azsc-000.roaming.officeapps.li ve.com, roaming.officeapps.liv e.com, dual-s-0005-office.conf ig.skype.com, login.live.com, wus-azsc-config.officeapps.liv e.com, officeclient.microsoft. com, prod.fs.microsoft.com.aka dns.net, c.pki.goog, wu-b-net. trafficmanager.net, ecs.office .com, self-events-data.traffic manager.net, fs.microsoft.com, ctldl.windowsupdate.com.deliv ery.microsoft.com, prod.config svc1.live.com.akadns.net, self .events.data.microsoft.com, ct ldl.windowsupdate.com, prod.ro aming1.live.com.akadns.net, fe 3cr.delivery.mp.microsoft.com, us1.roaming1.live.com.akadns. net, config.officeapps.live.co m, us.configsvc1.live.com.akad ns.net, onedscolprdeus07.eastu s.cloudapp.azure.com, ecs.offi ce.trafficmanager.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
Time | Type | Description |
---|---|---|
07:49:06 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.246.72 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | XRed | Browse | |||
Get hash | malicious | Quasar | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
s-part-0044.t-0009.t-msedge.net | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | XRed | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
bg.microsoft.map.fastly.net | Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 118 |
Entropy (8bit): | 3.5700810731231707 |
Encrypted: | false |
SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
MD5: | 573220372DA4ED487441611079B623CD |
SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.3520167401771568 |
Encrypted: | false |
SSDEEP: | 3:qs/FFyGff:qsyWf |
MD5: | 5C22367453CA7CD5BD7CA96C4FD55742 |
SHA1: | FC7428D064740B4E331D57098AF028AA26FBC1AE |
SHA-256: | F5D3D989BFAC7CF7187B3665F8CB75AF84FD749DBE245E454E2F9F1AC562E543 |
SHA-512: | BE2C202040245F25CB24C7F7B44A69F0000A95984236C3AE671443C56A7E1AE05BD7ACED71979ADF1159490770A767D25F581E76540C9C653441558BAECC0C89 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.998552885008379 |
TrID: |
|
File name: | quotation_1.xlsx |
File size: | 1'614'337 bytes |
MD5: | d605ac3af2f2df976d97079ad4403230 |
SHA1: | a0418b45d8b5d26f4df1b773276983c969ca04b6 |
SHA256: | ff7eab60677d54572eecafca54c450d04aa49462ec7f71f44f0af67268ae8312 |
SHA512: | cf5433b5fc95750484bfed8f3ab84751fcaed98bba80518d918e6fe4a6ff2dc8362a3647e07cf91e333675f71b86913ec09a99c726863845727bc33e4532e3ca |
SSDEEP: | 24576:eioOz5APfi+5wWmqbPfX5kEywTE8zKFemyGOt2/yySP00Ivth66Gdqg71g:eyz5AHRrPP5dyGnm9Ot2xrur71g |
TLSH: | F275336DA27C4848DA3CA53BD28C152EC95D2984F45C905E3BB432FE58D9C0BF2749EE |
File Content Preview: | PK.........-yZ7.......c.......[Content_Types].xmlUT....A.g.A.g.A.g.U.N.1......n.S.....B..B"~@i/P........A01a".D7.L........K.-!D.l.Zy.e`.S.N..6zl..,..J.g.`........6.bFh..6C.w.G9.R..y.43q..H.a...s1..n6o.t..b....v.d h..P.|.%....Hl...r.c......&.7Z.$.|i.....L. |
Icon Hash: | 35e58a8c0c8a85b9 |
Document Type: | OpenXML |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Author: | |
Last Saved By: | |
Create Time: | 2022-11-18T02:05:27Z |
Last Saved Time: | 2022-11-18T02:07:12Z |
Creating Application: | |
Security: | 0 |
Thumbnail Scaling Desired: | false |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1OLe10NatiVE |
CLSID: | |
File Type: | data |
Stream Size: | 1867055 |
Entropy: | 7.558757514744515 |
Base64 Encoded: | True |
Data ASCII: | _ . . F . I . . F $ . u _ I N / _ u . w = o @ 1 P . M s . - ' d . @ . . v . f . h P . : s S @ _ ? 5 W D s 4 Z k 4 ; . { . . . . s . . n : . d . . . - n H . . . 9 . Z [ . b X : h . . ' / H X . % 0 0 Z C . M J ? . w . 5 % h d b @ H j S y . h . . K . S l . = # - 9 1 . F ; . ? . . X . # . D ; ^ . N . . C I R k } . . N a ' . u o . 0 / . [ ; ] . ; T l R - . } M . ' q . . . R D . . P 8 . % . . ] _ q g . ! U z 1 < . . . . Y M . . . . . c f n 1 . . ] . L H . . , B . a . U W # b . r 4 b | ) k . . F a . d . X r . / |
Data Raw: | 5f 82 e1 04 03 46 17 49 fb 8d 01 08 46 24 bd 9a 0b 75 5f 81 ed 49 4e 2f 5f 8b 75 eb 8b 06 b9 f0 e7 77 3d 81 e1 b5 6f ce 40 8b 31 50 ff d6 05 4d b2 73 0b 2d 27 87 64 0b ff e0 e7 e4 40 00 1a 91 ed eb ec 76 d6 1b 80 66 a3 1d 68 b7 50 02 a1 9d 3a 73 53 f2 9a 40 8c 5f 3f 35 57 e6 f2 44 73 34 5a 20 6b 34 bc e8 3b d3 1f cf 7b 03 08 0c 16 b4 dc 73 09 0d b2 6e 3a fa 01 df e1 64 90 e9 1c a8 |
General | |
Stream Path: | 02Gmz |
CLSID: | |
File Type: | empty |
Stream Size: | 0 |
Entropy: | 0.0 |
Base64 Encoded: | False |
Data ASCII: | |
Data Raw: |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-25T12:49:11.943370+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.9 | 49699 | 13.107.246.72 | 443 | TCP |
2025-03-25T12:49:18.784945+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.9 | 49700 | 13.107.246.72 | 443 | TCP |
2025-03-25T12:49:18.785006+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.9 | 49701 | 13.107.246.72 | 443 | TCP |
- Total Packets: 192
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 25, 2025 12:49:11.650573969 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:11.650609016 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:11.650701046 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:11.651106119 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:11.651122093 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:11.943253040 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:11.943370104 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:11.948443890 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:11.948461056 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:11.948720932 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:11.950035095 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:11.996268988 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.208476067 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.208498001 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.208513021 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.208612919 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.208641052 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.208693981 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.237974882 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.238008976 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.238063097 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.238075972 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.238111019 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.238132954 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.307492018 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.307542086 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.307604074 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.307619095 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.307648897 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.307668924 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.324843884 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.324862957 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.324908972 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.324925900 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.324939966 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.324961901 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.350013018 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.350033998 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.350117922 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.350133896 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.350289106 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.407489061 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.407517910 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.407589912 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.407603979 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.407639980 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.407656908 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.438123941 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.438149929 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.438275099 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.438275099 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.438287973 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.438644886 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.482567072 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.482597113 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.482702971 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.482717991 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.483625889 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.508390903 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.508413076 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.508480072 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.508491039 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.508548975 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.536485910 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.536505938 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.536590099 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.536601067 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.536639929 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.578994036 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.579020023 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.579133034 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.579139948 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.579184055 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.604468107 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.604491949 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.604573965 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.604581118 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.604626894 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.630108118 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.630127907 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.630209923 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.630218029 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.630270004 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.664839029 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.664866924 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.664937019 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.664946079 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.664999962 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.694467068 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.694530010 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.694564104 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.694570065 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.694628000 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.719170094 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.719196081 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.719289064 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.719296932 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.719341993 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.754457951 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.754508018 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.754595041 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.754604101 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.754648924 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.777903080 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.777925014 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.777995110 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.778003931 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.778244019 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.804440975 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.804466009 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.804655075 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.804682970 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.805035114 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.829588890 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.829627991 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.829699993 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.829711914 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.829765081 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.860846043 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.860874891 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.860939980 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.860950947 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.860969067 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.860991001 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.887216091 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.887239933 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.887295961 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.887304068 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.887336969 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.887356043 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.909257889 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.909279108 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.909326077 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.909332991 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.909368038 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.909387112 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.940078974 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.940114975 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.940208912 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.940208912 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.940217972 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.940264940 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.965970993 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.965989113 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.966037035 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.966042995 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.966077089 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.966077089 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.986779928 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.986802101 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.986855984 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.986861944 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:12.986886024 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:12.986896992 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.009746075 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.009773970 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.009818077 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.009835005 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.009845972 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.009913921 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.034598112 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.034616947 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.034668922 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.034677982 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.034748077 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.034748077 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.059921026 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.059937000 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.060004950 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.060014009 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.060108900 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.084218979 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.084237099 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.084302902 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.084310055 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.084340096 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.084361076 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.103771925 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.103794098 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.103852034 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.103859901 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.103987932 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.130697966 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.130717993 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.130800009 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.130808115 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.130887985 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.152430058 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.152451038 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.152539968 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.152558088 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.152667999 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.174000978 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.174030066 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.174118996 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.174128056 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.174241066 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.196553946 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.196588039 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.196664095 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.196671963 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.196752071 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.217130899 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.217158079 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.217251062 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.217266083 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.218091011 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.242163897 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.242186069 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.242301941 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.242314100 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.242503881 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.259066105 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.259103060 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.259140968 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.259147882 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.259191990 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.279366970 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.279393911 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.279488087 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.279501915 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.281203985 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.304503918 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.304548025 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.304672003 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.304681063 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.304722071 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.322751999 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.322772026 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.322890997 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.322899103 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.322943926 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.345330000 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.345351934 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.345438004 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.345454931 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.346291065 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.367124081 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.367185116 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.367280006 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.367290974 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.367340088 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.386519909 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.386571884 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.386620045 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.386636972 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.386663914 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.386677027 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.403429031 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.403460026 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.403515100 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.403522968 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.403556108 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.403569937 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.422255993 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.422282934 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.422367096 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.422379017 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.424309969 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.442966938 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.442991018 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.443077087 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.443084955 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.444312096 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.461617947 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.461642027 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.461714029 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.461721897 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.464314938 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.481044054 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.481082916 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.481127977 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.481153011 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.481170893 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.481193066 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.500055075 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.500083923 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.500180960 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.500193119 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.500299931 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.517519951 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.517540932 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.517616987 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.517632961 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.520319939 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.540568113 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.540587902 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.540642023 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.540651083 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.540703058 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.555191040 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.555212021 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.555315971 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.555315971 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.555327892 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.555373907 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.573863029 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.573885918 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.573987007 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.573998928 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.574050903 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.590614080 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.590632915 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.590676069 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.590687037 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.590699911 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.590727091 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.610233068 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.610259056 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.610348940 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.610348940 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.610363007 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.610424042 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.628062963 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.628093958 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.628142118 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.628149986 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.628179073 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.628197908 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.642740965 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.642756939 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.642812014 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.642826080 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.642872095 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.642872095 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.662307978 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.662365913 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.662393093 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.662408113 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.662426949 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.662446022 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.680011034 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.680058002 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.680083036 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.680092096 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.680119991 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.680141926 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.696588039 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.696638107 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.696676016 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.696683884 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.696743965 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.711899042 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.711968899 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.711999893 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.712025881 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.712059021 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.712079048 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.731055021 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.731103897 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.731134892 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.731148958 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.731179953 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.731210947 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.743606091 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.743653059 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.743679047 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.743685961 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.743717909 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.743741035 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.764961958 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.764993906 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.765039921 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.765049934 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.765079975 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.765095949 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.779612064 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.779659033 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.779695034 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.779706001 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.779743910 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.779752970 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.793411970 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.793457031 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.793498039 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.793531895 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.793550968 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.793595076 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.811553955 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.811604023 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.811666012 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.811686993 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.811708927 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.811772108 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.811777115 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.811885118 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:13.812113047 CET | 49699 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:13.812134027 CET | 443 | 49699 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.496273994 CET | 49700 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.496288061 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.496310949 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.496332884 CET | 443 | 49701 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.496658087 CET | 49700 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.496658087 CET | 49700 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.496682882 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.497090101 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.497090101 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.497124910 CET | 443 | 49701 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.774254084 CET | 443 | 49701 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.781908989 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.784945011 CET | 49700 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.784962893 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.785006046 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.785064936 CET | 443 | 49701 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.786015034 CET | 49700 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.786020994 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.786741018 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.786746025 CET | 443 | 49701 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.958801031 CET | 443 | 49701 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.958832979 CET | 443 | 49701 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.958900928 CET | 443 | 49701 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.959177017 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.959177017 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.968333960 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.968416929 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.968734980 CET | 49700 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.970709085 CET | 49700 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.970730066 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.971565008 CET | 49700 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.971571922 CET | 443 | 49700 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.972177029 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.972177029 CET | 49701 | 443 | 192.168.2.9 | 13.107.246.72 |
Mar 25, 2025 12:49:18.972206116 CET | 443 | 49701 | 13.107.246.72 | 192.168.2.9 |
Mar 25, 2025 12:49:18.972218990 CET | 443 | 49701 | 13.107.246.72 | 192.168.2.9 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 25, 2025 12:49:11.551714897 CET | 60248 | 53 | 192.168.2.9 | 1.1.1.1 |
Mar 25, 2025 12:49:11.649427891 CET | 53 | 60248 | 1.1.1.1 | 192.168.2.9 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 25, 2025 12:49:11.551714897 CET | 192.168.2.9 | 1.1.1.1 | 0x437f | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 25, 2025 12:48:06.952687979 CET | 1.1.1.1 | 192.168.2.9 | 0xbf4b | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 12:48:06.952687979 CET | 1.1.1.1 | 192.168.2.9 | 0xbf4b | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 12:48:06.952687979 CET | 1.1.1.1 | 192.168.2.9 | 0xbf4b | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 12:48:08.173356056 CET | 1.1.1.1 | 192.168.2.9 | 0xf664 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 12:48:08.173356056 CET | 1.1.1.1 | 192.168.2.9 | 0xf664 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 25, 2025 12:49:11.649427891 CET | 1.1.1.1 | 192.168.2.9 | 0x437f | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 12:49:11.649427891 CET | 1.1.1.1 | 192.168.2.9 | 0x437f | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 12:49:11.649427891 CET | 1.1.1.1 | 192.168.2.9 | 0x437f | No error (0) | shed.dual-low.s-part-0044.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 12:49:11.649427891 CET | 1.1.1.1 | 192.168.2.9 | 0x437f | No error (0) | s-part-0044.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 25, 2025 12:49:11.649427891 CET | 1.1.1.1 | 192.168.2.9 | 0x437f | No error (0) | 13.107.246.72 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.9 | 49699 | 13.107.246.72 | 443 | 6520 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 11:49:11 UTC | 226 | OUT | |
2025-03-25 11:49:12 UTC | 493 | IN | |
2025-03-25 11:49:12 UTC | 15891 | IN | |
2025-03-25 11:49:12 UTC | 16384 | IN | |
2025-03-25 11:49:12 UTC | 16384 | IN | |
2025-03-25 11:49:12 UTC | 16384 | IN | |
2025-03-25 11:49:12 UTC | 16384 | IN | |
2025-03-25 11:49:12 UTC | 16384 | IN | |
2025-03-25 11:49:12 UTC | 16384 | IN | |
2025-03-25 11:49:12 UTC | 16384 | IN | |
2025-03-25 11:49:12 UTC | 16384 | IN | |
2025-03-25 11:49:12 UTC | 16384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.9 | 49700 | 13.107.246.72 | 443 | 6520 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 11:49:18 UTC | 214 | OUT | |
2025-03-25 11:49:18 UTC | 470 | IN | |
2025-03-25 11:49:18 UTC | 204 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.9 | 49701 | 13.107.246.72 | 443 | 6520 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-25 11:49:18 UTC | 214 | OUT | |
2025-03-25 11:49:18 UTC | 515 | IN | |
2025-03-25 11:49:18 UTC | 2128 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:48:02 |
Start date: | 25/03/2025 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7f0000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 10 |
Start time: | 07:49:06 |
Start date: | 25/03/2025 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6798f0000 |
File size: | 163'840 bytes |
MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |