Windows
Analysis Report
Inquiry-140-120.xla.xlsx
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
EXCEL.EXE (PID: 7900 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) splwow64.exe (PID: 4792 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
EXCEL.EXE (PID: 7308 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\I nquiry-140 -120.xla.x lsx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
System Summary |
---|
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-04-02T09:00:39.455612+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49729 | 13.107.246.40 | 443 | TCP |
2025-04-02T09:00:47.726914+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49730 | 13.107.246.40 | 443 | TCP |
2025-04-02T09:00:47.731645+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49731 | 13.107.246.40 | 443 | TCP |
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: |
Source: | OLE indicator, VBA macros: |
Source: | Stream path 'MBD004F80F4/\x1Ole' : | ||
Source: | Stream path 'MBD004F80F4/\x1Ole' : |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Window title found: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'MBD004F80F3/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: | ||
Source: | Stream path 'Package' entropy: | ||
Source: | Stream path 'MBD004F80F3/Package' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Source: | Window / User API: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
14% | ReversingLabs | |||
15% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
s-part-0012.t-0009.t-msedge.net | 13.107.246.40 | true | false | high | |
s-0005.dual-s-msedge.net | 52.123.128.14 | true | false | high | |
otelrules.svc.static.microsoft | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.246.40 | s-part-0012.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1654281 |
Start date and time: | 2025-04-02 08:58:19 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Without Instrumentation |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Inquiry-140-120.xla.xlsx |
Detection: | MAL |
Classification: | mal52.winXLSX@4/9@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTask Host.exe, audiodg.exe, sppsvc. exe, ShellExperienceHost.exe, WMIADAP.exe, SgrmBroker.exe, c onhost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 184.31.69.3, 52.10 9.8.89, 23.204.23.20, 52.109.1 3.127, 20.42.73.28, 20.50.201. 205, 52.123.128.14, 204.79.197 .222, 172.202.163.200, 40.126. 24.84 - Excluded domains from analysis
(whitelisted): fp.msedge.net, slscr.update.microsoft.com, c us-config.officeapps.live.com, fs-wildcard.microsoft.com.edg ekey.net, fs-wildcard.microsof t.com.edgekey.net.globalredir. akadns.net, e16604.dscf.akamai edge.net, mobile.events.data.m icrosoft.com, roaming.officeap ps.live.com, dual-s-0005-offic e.config.skype.com, ocsp.digic ert.com, login.live.com, offic eclient.microsoft.com, prod.fs .microsoft.com.akadns.net, c.p ki.goog, ecs.office.com, self- events-data.trafficmanager.net , fs.microsoft.com, eus-azsc-0 00.roaming.officeapps.live.com , prod.configsvc1.live.com.aka dns.net, self.events.data.micr osoft.com, ctldl.windowsupdate .com, prod.roaming1.live.com.a kadns.net, fe3cr.delivery.mp.m icrosoft.com, us1.roaming1.liv e.com.akadns.net, config.offic eapps.live.com, us.configsvc1. live.com.akadns.net, onedscolp rdeus15.eastus.cloudapp.azure. com, onedscolprdweu13.westeuro pe.cloudapp.azure.com, ecs.off ice.trafficmanager.net, mobile .events.data.trafficmanager.ne t - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateKey calls foun d. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadFile calls found . - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
Time | Type | Description |
---|---|---|
03:00:40 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.246.40 | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
s-0005.dual-s-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
s-part-0012.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | NetSupport RAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
|
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 118 |
Entropy (8bit): | 3.5700810731231707 |
Encrypted: | false |
SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
MD5: | 573220372DA4ED487441611079B623CD |
SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 836 |
Entropy (8bit): | 2.7151910322565733 |
Encrypted: | false |
SSDEEP: | 24:J3fIxk+vpKAk6ScvoGA8xpiOnAvJ5yoIHWK:h3+RfkpcvoGAYcvJ5LIHD |
MD5: | 92A7E6E963E0E668F6585E8694F68380 |
SHA1: | 9CFB8F0EA9A80C54FEBF664E2E8DA3A20C6F5DAE |
SHA-256: | F09EE04026948847263A11CC3D3276A676246EF074A985681DBEF03D76801482 |
SHA-512: | F3E94DC16458B4CE76A18D44360256A233CDF918A34FDB0AB3A85AF5FA3ADEB8B0BBB173CE658D8344939FE77AEB467C04D111A887424A65BA2833897DE3F4E2 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 745472 |
Entropy (8bit): | 7.9436174750117 |
Encrypted: | false |
SSDEEP: | 12288:TQJUmy+LwGY7DpT8Jspn4VEKtXYBY3irsH3E7S8x6e+elaWfGIc6YMRMtTXga:3mNLwGYnJ8JsCVEmUYya07SITTg+RIMe |
MD5: | A08CC53A58B107B83A5F0268CA711283 |
SHA1: | 997A7D4B05F9AD00E5F20A65CB1E8BB39674BC4F |
SHA-256: | 55FA0F92808017BB1EC21725FE1007195B6B843D7AE2249C634806AF21391EE6 |
SHA-512: | 8CE749A83E501F9AAA5DB2D22AC0226160ED73B2F86C657D6300171885649601BCCE0A525365CEF416FACE981AE93629AC6B65156608FFA79693645B23C34CBB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 737792 |
Entropy (8bit): | 7.982848598143179 |
Encrypted: | false |
SSDEEP: | 12288:1QJUmy+LwGY7DpT8Jspn4VEKtXYBY3irsH3E7S8x6e+elaWfGIc6YMRMtTXga:NmNLwGYnJ8JsCVEmUYya07SITTg+RIMe |
MD5: | A1BE5968718141E6B1D26AEF211AEEBE |
SHA1: | 15C33FEACB0B73F97C803E0DF38C4CB84E70941F |
SHA-256: | E9AE3F49686A9BB1254F7719398D3A440201ABD42C0E1D4BB9C3CE4D21DB9512 |
SHA-512: | E6E55B55CAC25A5B309BF5DA4730C2740509EC315CD2771649E734027177A0AB64EB7F03F3E6FF935CAA64FB9D581AF0CFF12D32224559D0A7CA116CAE5A9636 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 981504 |
Entropy (8bit): | 7.985651237978558 |
Encrypted: | false |
SSDEEP: | 24576:imNLwGYnJ8JsCVEmUYya07SITTg+RIMRuvn5ALgMb9g:EGYnJCgma/SeU+RIZMW |
MD5: | B919040241E3A4A930689110BC1BEC59 |
SHA1: | 79281BC061B0C1A7DFCB589C742F42D8120B252F |
SHA-256: | 3CD9C89E032C3DA1FE9943B3204D00558085429C74E92EACCF0D8DD6595B7AE6 |
SHA-512: | 32F330E94B8E07150C8AD1148CBCBD2F0BFF97061E9924D88878299D0B28D198B327F0C65FA7ED8FFCD07B90A86F3FE34B73C54C9C4EC35F9334738A24DDCED1 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 981504 |
Entropy (8bit): | 7.985651237978558 |
Encrypted: | false |
SSDEEP: | 24576:imNLwGYnJ8JsCVEmUYya07SITTg+RIMRuvn5ALgMb9g:EGYnJCgma/SeU+RIZMW |
MD5: | B919040241E3A4A930689110BC1BEC59 |
SHA1: | 79281BC061B0C1A7DFCB589C742F42D8120B252F |
SHA-256: | 3CD9C89E032C3DA1FE9943B3204D00558085429C74E92EACCF0D8DD6595B7AE6 |
SHA-512: | 32F330E94B8E07150C8AD1148CBCBD2F0BFF97061E9924D88878299D0B28D198B327F0C65FA7ED8FFCD07B90A86F3FE34B73C54C9C4EC35F9334738A24DDCED1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:KVC+cAmltV:KVC+cR |
MD5: | 9C7132B2A8CABF27097749F4D8447635 |
SHA1: | 71D7F78718A7AFC3EAB22ED395321F6CBE2F9899 |
SHA-256: | 7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83 |
SHA-512: | 333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.982236826273992 |
TrID: |
|
File name: | Inquiry-140-120.xla.xlsx |
File size: | 1'208'832 bytes |
MD5: | 184b186803e3cd34f34952ade6ed8f1d |
SHA1: | ae81de594f4f3b1e32eb5e5291fb28c3343a420c |
SHA256: | 9ed36f226beb7031af2c4fc6beea0aa61180d56b4649acda65927c8b2aba7f90 |
SHA512: | 054f22dc598fcaeef2585c53705208d0bf142386c6ab56d847b082948141a802f20a55b3382c3b252bb52a407931156577fcabc9deed647a52ae462b8a057bd3 |
SSDEEP: | 24576:g6gA1jj+NpBQ2Ge9lkaWnBMlss4sFyzF/50Vc865eRuv:g6gAV+/BQzaWnBKPFy5/5oc865eg |
TLSH: | AC452354B8AAD309D21384B191B3C8750A21BDE53A8EC5933BCD7B1D7132574BB9BC2E |
File Content Preview: | ........................>.......................................................................................................}...............a.............................................................................................................. |
Icon Hash: | 35e58a8c0c8a85b9 |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2025-04-02 03:17:45 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 49 13 e1 18 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I . : . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 49 13 b2 3a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I . p 1 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 49 13 70 31 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I . " . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 49 13 a5 22 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.292068105701867 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . h } . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD004F80F3/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 99 |
Entropy: | 3.631242196770981 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD004F80F3/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 758888 |
Entropy: | 7.989909275240376 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . 9 | . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 db 39 7c be ae 01 00 00 0e 06 00 00 13 00 d4 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 d0 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD004F80F4/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 846 |
Entropy: | 4.283897110500678 |
Base64 Encoded: | False |
Data ASCII: | . . . . ? k G . 3 . . . . . . . . . . . . . . . . y . . . K . . . . . h . t . t . p . s . : . / . / . L . i . n . k . e . d . i . n . d . f . k . s . d . j . k . f . w . e . i . f . g . j . h . d . f . h . g . j . u . h . u . e . g . f . d . j . g . h . j . f . h . j . g . h . d . f . j . g . h . h . u . h . f . d . g . j . h . j . f . h . g . g . j . h . f . g . u . h . d . f . j . g . j . f . f . h . j . h . g . h . j . v . c . u . b . r . e . j . h . h . . . d . O . C . @ . k . u . h . l . i . n . k . s |
Data Raw: | 01 00 00 02 ff 3f 6b 47 a8 b0 00 33 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 14 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 4c 00 69 00 6e 00 6b 00 65 00 64 00 69 00 6e 00 64 00 66 00 6b 00 73 00 64 00 6a 00 6b 00 66 00 77 00 65 00 69 00 66 00 67 00 6a 00 68 00 64 00 66 00 68 00 67 00 6a 00 75 00 68 00 75 00 65 00 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 425943 |
Entropy: | 7.999116372245071 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . . " * j : _ h . . ~ ; % ~ . _ S . & $ . > = A . . . . . . . . . . . . . \\ . p . 9 . . . ] C . | g . S = . e C . p . @ . c , . [ . . c . . Z ` . a . Y > * . / 4 } X . . . . . c + & l 6 . . w b - 2 . B . . . E a . . . < . . . = . . . 3 . Z . . . . . X . . p : . . . . . . . . . . . . . . . . . . K . . . $ . . . _ . = . . . U g f 4 < c . Z G . @ . . . F . . . . " . . . . . . . . . y . . . . . . Z 1 . . . ? z . * K . . Y . V . C 3 J . _ C 1 . . . . M . _ . _ |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 0c 96 22 2a a1 f9 6a 3a a5 a7 5f d6 68 08 f4 18 c1 f2 c1 ad 7e 3b 25 9e 7e a8 ad b0 a1 b5 cd ca 9c 88 e9 5f 86 bd 53 0d 26 fd 24 01 3e 84 3d 41 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 b0 f1 e2 00 00 00 5c 00 70 00 39 b3 83 9c 9c 10 f9 9b c7 11 d3 8f 5d 43 dd 1a 7c 67 8c 05 53 3d d0 97 b3 94 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 517 |
Entropy: | 5.22331819792307 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 4 0 A 3 7 9 4 A - 6 2 D 4 - 4 9 F 2 - 8 6 1 E - B F F 3 8 6 B 5 0 5 1 C } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " B 1 B 3 6 0 8 0 6 4 8 0 6 4 8 0 6 |
Data Raw: | 49 44 3d 22 7b 34 30 41 33 37 39 34 41 2d 36 32 44 34 2d 34 39 46 32 2d 38 36 31 45 2d 42 46 46 33 38 36 42 35 30 35 31 43 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2644 |
Entropy: | 3.9805586022967634 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.3664341854159625 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . 9 . j . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 ee 39 04 6a 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-04-02T09:00:39.455612+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49729 | 13.107.246.40 | 443 | TCP |
2025-04-02T09:00:47.726914+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49730 | 13.107.246.40 | 443 | TCP |
2025-04-02T09:00:47.731645+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49731 | 13.107.246.40 | 443 | TCP |
- Total Packets: 199
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 09:00:39.160722971 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.160775900 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.160866976 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.161250114 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.161273956 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.455528021 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.455611944 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.457206011 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.457222939 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.457437992 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.459184885 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.500272036 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.725833893 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.725869894 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.725889921 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.725943089 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.725970984 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.725986004 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.726310015 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.752712965 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.752737045 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.752819061 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.752836943 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.752974987 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.824959040 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.824980021 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.825102091 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.825123072 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.825356007 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.841097116 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.841115952 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.841187954 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.841203928 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.841253996 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.860543013 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.860562086 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.860626936 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:39.860641956 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:39.860780001 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.445467949 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.445503950 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.445538044 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.445568085 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.445600986 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.445619106 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.445641041 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.627140999 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.627173901 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.627396107 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.627418041 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.627521992 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.717622042 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.717649937 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.717840910 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.717860937 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.717905998 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.759006023 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.759032011 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.759144068 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.759166956 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.759371996 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.847248077 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.847274065 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.847337961 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.847373009 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.847392082 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.847585917 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.887366056 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.887388945 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.887487888 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.887511969 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.887705088 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.925554037 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.925575018 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.925668955 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.925688982 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.925890923 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.965435028 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.965455055 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.965506077 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.965526104 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:40.965543985 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:40.965688944 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.005116940 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.005141020 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.005206108 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.005233049 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.010965109 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.044848919 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.044874907 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.044912100 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.044929028 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.044946909 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.044970989 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.078670979 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.078687906 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.078775883 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.078797102 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.078845024 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.121968031 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.121989965 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.122061968 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.122061968 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.122091055 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.122193098 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.152697086 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.152712107 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.152775049 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.152795076 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.153206110 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.192329884 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.192352057 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.192394972 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.192420959 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.192439079 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.193172932 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.229391098 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.229418993 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.229454994 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.229470968 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.229489088 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.229506016 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.257812023 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.257837057 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.257874966 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.257889032 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.257915974 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.257932901 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.296384096 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.296401024 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.296458960 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.296478033 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.297512054 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.328433037 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.328459978 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.328510046 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.328531981 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.328548908 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.329379082 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.358916044 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.358939886 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.359023094 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.359039068 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.359186888 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.407442093 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.407464027 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.407545090 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.407565117 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.411201000 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.442888021 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.442905903 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.442972898 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.442987919 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.443136930 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.474781036 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.474809885 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.474925041 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.474946976 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.475132942 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.511552095 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.511574030 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.511645079 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.511667013 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.515193939 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.542898893 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.542922974 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.543014050 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.543030977 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.543183088 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.674082994 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.674107075 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.674190044 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.674196005 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.674213886 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.674237967 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.674252987 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.674290895 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.674303055 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.674324036 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.674387932 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.674397945 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.674669981 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.675059080 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.675080061 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.675122976 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.675136089 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.675151110 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.675170898 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.722085953 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.722115993 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.722173929 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.722196102 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.722230911 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.722242117 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.766336918 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.766359091 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.766449928 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.766470909 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.766669989 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.819315910 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.819339037 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.819451094 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.819477081 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.821376085 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.861505032 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.861526966 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.861612082 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.861635923 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.863737106 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.909514904 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.909554005 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.909584045 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.909605026 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.909624100 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.909643888 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.951719999 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.951771975 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.951833963 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:41.951855898 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:41.951913118 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.000468969 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.000509977 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.000561953 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.000590086 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.000607967 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.001240015 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.037040949 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.037064075 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.037152052 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.037175894 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.037508011 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.077279091 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.077301025 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.077347994 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.077369928 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.077387094 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.077423096 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.124032974 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.124058962 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.124102116 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.124124050 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.124140978 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.124171019 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.155426025 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.155451059 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.155494928 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.155517101 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.155534983 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.155632973 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.200876951 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.200901985 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.200942039 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.200964928 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.200983047 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.201004028 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.235341072 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.235363960 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.235404015 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.235425949 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.235441923 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.235457897 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.277848959 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.277874947 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.277916908 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.277935982 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.277954102 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.277971029 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.322227955 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.322251081 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.322926998 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.322926998 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.322947979 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.322993040 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.357904911 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.357925892 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.357984066 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.358002901 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.358031988 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.358048916 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.402203083 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.402230024 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.402280092 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.402301073 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.402317047 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.402335882 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.434741974 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.434799910 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.434818029 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.434838057 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.434864998 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.434880972 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.475104094 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.475132942 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.475178957 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.475199938 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.475215912 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.475236893 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.514435053 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.514466047 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.514519930 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.514540911 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.514569044 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.514586926 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.549978018 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.550005913 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.550054073 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.550075054 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.550096035 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.550112009 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.596533060 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.596554995 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.596622944 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.596643925 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.596671104 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.596693039 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.628766060 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.628789902 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.628859997 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.628879070 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.628900051 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.628916025 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.664051056 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.664074898 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.664165020 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.664182901 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.664268970 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.708233118 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.708272934 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.708331108 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.708353996 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.708380938 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.708396912 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.739595890 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.739619017 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.739703894 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.739726067 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.739768982 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.784277916 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.784300089 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.784356117 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.784377098 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.784395933 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.784416914 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.816138983 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.816159964 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.816230059 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.816250086 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.816278934 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.816910982 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.853430033 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.853451967 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.853491068 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.853512049 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.853530884 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.853549957 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.897433043 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.897454023 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.897526026 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.897555113 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.897571087 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.897767067 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.928711891 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.928735018 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.928807974 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.928831100 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.928844929 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.928965092 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.973792076 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.973813057 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.973855019 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.973875999 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:42.973891973 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:42.974170923 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:43.005805016 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:43.005829096 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:43.005862951 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:43.005881071 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:43.005894899 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:43.005947113 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:43.039280891 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:43.039303064 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:43.039372921 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:43.039402008 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:43.039417982 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:43.039437056 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:43.081068039 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:43.081091881 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:43.081141949 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:43.081176996 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:43.081196070 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:43.081219912 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:43.081228018 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:43.081269026 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:43.081465960 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:43.081485033 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:43.081496954 CEST | 49729 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:43.081502914 CEST | 443 | 49729 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.447171926 CEST | 49730 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:47.447240114 CEST | 443 | 49730 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.447554111 CEST | 49730 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:47.449047089 CEST | 49731 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:47.449106932 CEST | 443 | 49731 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.449359894 CEST | 49730 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:47.449371099 CEST | 49731 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:47.449378014 CEST | 443 | 49730 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.449506998 CEST | 49731 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:47.449522018 CEST | 443 | 49731 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.725908995 CEST | 443 | 49730 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.726913929 CEST | 49730 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:47.726937056 CEST | 443 | 49730 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.727235079 CEST | 49730 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:47.727247953 CEST | 443 | 49730 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.731184006 CEST | 443 | 49731 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.731645107 CEST | 49731 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:47.731664896 CEST | 443 | 49731 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.732419968 CEST | 49731 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:47.732424974 CEST | 443 | 49731 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.955704927 CEST | 443 | 49730 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.955761909 CEST | 443 | 49730 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.955811024 CEST | 49730 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:47.955826044 CEST | 443 | 49730 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.955883980 CEST | 443 | 49730 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:47.955925941 CEST | 49730 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:47.959449053 CEST | 49730 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:47.959470987 CEST | 443 | 49730 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:48.220447063 CEST | 443 | 49731 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:48.220535040 CEST | 443 | 49731 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:48.220597982 CEST | 49731 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:48.221060991 CEST | 49731 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:48.221086025 CEST | 443 | 49731 | 13.107.246.40 | 192.168.2.4 |
Apr 2, 2025 09:00:48.221098900 CEST | 49731 | 443 | 192.168.2.4 | 13.107.246.40 |
Apr 2, 2025 09:00:48.221103907 CEST | 443 | 49731 | 13.107.246.40 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 09:00:39.056611061 CEST | 52199 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 2, 2025 09:00:39.159657955 CEST | 53 | 52199 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 2, 2025 09:00:39.056611061 CEST | 192.168.2.4 | 1.1.1.1 | 0xf430 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 2, 2025 08:59:34.794379950 CEST | 1.1.1.1 | 192.168.2.4 | 0xb6ba | No error (0) | s-0005.dual-s-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 2, 2025 08:59:34.794379950 CEST | 1.1.1.1 | 192.168.2.4 | 0xb6ba | No error (0) | 52.123.128.14 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 08:59:34.794379950 CEST | 1.1.1.1 | 192.168.2.4 | 0xb6ba | No error (0) | 52.123.129.14 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 09:00:39.159657955 CEST | 1.1.1.1 | 192.168.2.4 | 0xf430 | No error (0) | otelrules-bzhndjfje8dvh5fd.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 2, 2025 09:00:39.159657955 CEST | 1.1.1.1 | 192.168.2.4 | 0xf430 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 2, 2025 09:00:39.159657955 CEST | 1.1.1.1 | 192.168.2.4 | 0xf430 | No error (0) | shed.dual-low.s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 2, 2025 09:00:39.159657955 CEST | 1.1.1.1 | 192.168.2.4 | 0xf430 | No error (0) | s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 2, 2025 09:00:39.159657955 CEST | 1.1.1.1 | 192.168.2.4 | 0xf430 | No error (0) | 13.107.246.40 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49729 | 13.107.246.40 | 443 | 7900 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 07:00:39 UTC | 226 | OUT | |
2025-04-02 07:00:39 UTC | 493 | IN | |
2025-04-02 07:00:39 UTC | 15891 | IN | |
2025-04-02 07:00:39 UTC | 16384 | IN | |
2025-04-02 07:00:39 UTC | 16384 | IN | |
2025-04-02 07:00:39 UTC | 16384 | IN | |
2025-04-02 07:00:39 UTC | 16384 | IN | |
2025-04-02 07:00:40 UTC | 16384 | IN | |
2025-04-02 07:00:40 UTC | 16384 | IN | |
2025-04-02 07:00:40 UTC | 16384 | IN | |
2025-04-02 07:00:40 UTC | 16384 | IN | |
2025-04-02 07:00:40 UTC | 16384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49730 | 13.107.246.40 | 443 | 7900 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 07:00:47 UTC | 214 | OUT | |
2025-04-02 07:00:47 UTC | 515 | IN | |
2025-04-02 07:00:47 UTC | 2128 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49731 | 13.107.246.40 | 443 | 7900 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 07:00:47 UTC | 214 | OUT | |
2025-04-02 07:00:48 UTC | 491 | IN | |
2025-04-02 07:00:48 UTC | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 02:59:24 |
Start date: | 02/04/2025 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x40000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 18 |
Start time: | 03:00:40 |
Start date: | 02/04/2025 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f45b0000 |
File size: | 163'840 bytes |
MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 23 |
Start time: | 03:00:51 |
Start date: | 02/04/2025 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x40000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |