Windows
Analysis Report
11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls
Overview
General Information
Detection
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- EXCEL.EXE (PID: 808 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\EXCEL. EXE" /auto mation -Em bedding MD5: D53B85E21886D2AF9815C377537BCAC3) - AcroRd32.exe (PID: 848 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroR d32.exe" - Embedding MD5: 2F8D93826B8CBF9290BC57535C7A6817) - RdrCEF.exe (PID: 3268 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroC EF\RdrCEF. exe" --bac kgroundcol or=1651404 3 MD5: 326A645391A97C760B60C558A35BB068)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_MalDoc_4 | Yara detected MalDoc | Joe Security |
System Summary |
---|
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Source: | Author: frack113: |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Software Vulnerabilities |
---|
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Networking |
---|
Source: | File source: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Source: | OLE: | ||
Source: | OLE: | ||
Source: | OLE: |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, VBA macros: |
Source: | Stream path 'MBD0004D5A8/\x1Ole' : | ||
Source: | Stream path 'MBD0004D5A8/\x1Ole' : |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'MBD0004D5A5/CONTENTS' entropy: | ||
Source: | Stream path 'Workbook' entropy: | ||
Source: | Stream path 'MBD0004D5A5/CONTENTS' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 23 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | ReversingLabs | Document-Excel.Exploit.CVE-2017-0199 | ||
23% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.pop.tg | 172.67.206.230 | true | false |
| unknown |
pop.tg | 172.67.206.230 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false |
| unknown | |
false | unknown | ||
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.206.230 | www.pop.tg | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1427894 |
Start date and time: | 2024-04-18 10:16:52 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls |
Detection: | MAL |
Classification: | mal88.troj.expl.winXLS@10/28@2/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 64.233.185.95, 142.251.15.94
- Excluded domains from analysis (whitelisted): fonts.googleapis.com, fonts.gstatic.com
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
10:18:05 | API Interceptor | |
10:18:21 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
172.67.206.230 | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
pop.tg | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | RisePro Stealer | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Havoc | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Havoc | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Hidden Macro 4.0 | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 270336 |
Entropy (8bit): | 0.0018811398465979306 |
Encrypted: | false |
SSDEEP: | 3:MsEllllkEthXllkl2zE+/TY/l:/M/xT02zLYt |
MD5: | 6E2A737C14F919D2BE333FB90C1A82E9 |
SHA1: | 88864F93AFBFC9E8CA24A07096019E973BD944A2 |
SHA-256: | 49A0E50E9A772AED83DCE1A89A06757CA279FF99013B73D1FF97149D1F33DFBE |
SHA-512: | C002D68484D0C8BF92D7A56A220E66BC9A63A5F24419F779FCB6FEC7B991E0DDA7AF8BECEF588CAE88C4C930914ED3E18EC70C3284C6912EC574D442ED091A82 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.220870716759954 |
Encrypted: | false |
SSDEEP: | 6:sm2oN+q2PP2nKuAl9OmbnIFUt8zm2mxZZmw+zm2mxNVkwOP2nKuAl9OmbjLJ:ZivWHAahFUt8STxZ/+STxz57HAaSJ |
MD5: | 5B509FC62858D2C47DF43BFE05234F4E |
SHA1: | 5ECEA9C9779B46C32AF46058ECF7185560AF2968 |
SHA-256: | B9BCB0D6A8299BE2AE89371A9FF9C3037552CEB1B33A184182F69A76B07EE98E |
SHA-512: | 859DC316BD353AE89BA9254B8E2CE145A853685FAEA75203FA3DD58B45B19F537CD1720A5B59446B28B3A24D8E8A314BEEDE11026B901BFEBBD949AD8200E1AC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.220870716759954 |
Encrypted: | false |
SSDEEP: | 6:sm2oN+q2PP2nKuAl9OmbnIFUt8zm2mxZZmw+zm2mxNVkwOP2nKuAl9OmbjLJ:ZivWHAahFUt8STxZ/+STxz57HAaSJ |
MD5: | 5B509FC62858D2C47DF43BFE05234F4E |
SHA1: | 5ECEA9C9779B46C32AF46058ECF7185560AF2968 |
SHA-256: | B9BCB0D6A8299BE2AE89371A9FF9C3037552CEB1B33A184182F69A76B07EE98E |
SHA-512: | 859DC316BD353AE89BA9254B8E2CE145A853685FAEA75203FA3DD58B45B19F537CD1720A5B59446B28B3A24D8E8A314BEEDE11026B901BFEBBD949AD8200E1AC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF6beb59.TMP (copy)
Download File
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.220870716759954 |
Encrypted: | false |
SSDEEP: | 6:sm2oN+q2PP2nKuAl9OmbnIFUt8zm2mxZZmw+zm2mxNVkwOP2nKuAl9OmbjLJ:ZivWHAahFUt8STxZ/+STxz57HAaSJ |
MD5: | 5B509FC62858D2C47DF43BFE05234F4E |
SHA1: | 5ECEA9C9779B46C32AF46058ECF7185560AF2968 |
SHA-256: | B9BCB0D6A8299BE2AE89371A9FF9C3037552CEB1B33A184182F69A76B07EE98E |
SHA-512: | 859DC316BD353AE89BA9254B8E2CE145A853685FAEA75203FA3DD58B45B19F537CD1720A5B59446B28B3A24D8E8A314BEEDE11026B901BFEBBD949AD8200E1AC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.005597679101775777 |
Encrypted: | false |
SSDEEP: | 3:ImtVOM1xVlt/XSxdltIt/l:IiVfxlKxdXI1l |
MD5: | FD55D575475A6BD81B055F46FA34BA8B |
SHA1: | 289A6344929F221E19D2F9097A5907FE42C03855 |
SHA-256: | 261CE45767DBF1E61AAF67C5EC1D75C2FF5C02681DF96897D5B0EC56A0F8C2AB |
SHA-512: | F2247D89C3268E838AE6F4BCDC1C4BB9C60E4F2E05B1763CD152811661A00B8BFC467F71009894676E38CE31229DF35F6FC9F2F19C2911698012D0594697F098 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 128373 |
Entropy (8bit): | 1.984352562880039 |
Encrypted: | false |
SSDEEP: | 384:hNzyk+spBXiosQUYuoB7OdnGbLq+ACtKzZQ9w/fQ1D+v+W2gnHwvAgIEyXG1oJ/J:nUwvgnHwvAP |
MD5: | B4621E956E08FFC84D8E099B27014FEE |
SHA1: | CB4604EED70C03ABADD11C5EF15E566B8A9802E4 |
SHA-256: | 0C42B243A4C3673436D22F0C51033E2306005CDB0CFCB82A849452BD3E741CF7 |
SHA-512: | A99A6769B42241891C83EDD62CD4E4027BBF2F5BC716B4ED01CFDBE7312526C5DA8A3D37EB2D471C0A707952A6D8C9143A921FA7428B9F46105583549540DC47 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\font[1].eot
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 26041 |
Entropy (8bit): | 7.968188917443119 |
Encrypted: | false |
SSDEEP: | 768:q10iLiDY00+I1R3X34AlzaJ+AczW1joln:qeiLeI1R3XLoJ+7D |
MD5: | 0DDA638FA7AC576E073516E7DF51B4F0 |
SHA1: | 9D954764CB8B7D39B7A4C0F2752DDFBDEEAF2E02 |
SHA-256: | 16F4B5331B220F76A91EFA43B7DB0D495E156B3A9618CD7635C24128046611B7 |
SHA-512: | E7D931378C13FBF2B345EFA016DF24E93F997FB555F92914E3ABE706E0DE1005F2F1BD5C34358F3D3EFF46A0D6A7DBC62690E6BB948480428EA83D9063CD41BA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\global[1].css
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2265 |
Entropy (8bit): | 5.199586737356704 |
Encrypted: | false |
SSDEEP: | 48:s/vavbYvOAGocZXO6PPCaRm9CiBwUDR8G/sZuDMP+:X+5iXOAm91BsG6P+ |
MD5: | 0475FF16EFBDEFBDC4DD45C7A5216C3B |
SHA1: | D956619256FD9FBDCF8E9257CFBFA6096805AAC6 |
SHA-256: | E0F86E323975A3B20BBE1BBF604A6FA7821ECE79FF13756B61328FEF05FDC5DD |
SHA-512: | 056E388C3CE24C52BE37D7F22CD8F293D7D715F65095626BB9CF515B54DFEC82BD1B73BB7B08DE018EA903C3971F86D46C5620C78CDA4BE6FECAF3956AEAD3A5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\index[1].html
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1670 |
Entropy (8bit): | 4.824629434797592 |
Encrypted: | false |
SSDEEP: | 48:COu/IehmrkCDe83GkjepDYNiNL/BQRNDD:i/IehKkGexkjepDhqRN3 |
MD5: | DBD98101E573BD765570E031127930D9 |
SHA1: | 76D129F7640C58520E1F609421F133343C024990 |
SHA-256: | C51BBC71C359CAD610A6894A4FEAAAA4C9F18F4127EFAE14015E3D93D4FF731D |
SHA-512: | 51462F372954E692E015C6FA7CEE06E6251A0FDA0CEEAB695B9E34F93D217F1B7F59CC06A56426C989FC83344AE162B862964F06477F01C49A6A67807A42037C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\main[1].css
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8981 |
Entropy (8bit): | 5.019574921061423 |
Encrypted: | false |
SSDEEP: | 96:s432LIkMJ5B03kqZFh6O/hmSZNZ1B0knoVYf:F32LG5O3kYkO/hfZNZXNomf |
MD5: | 85255D668AE5ECF1AC0F930CEF1C014A |
SHA1: | 6908CB68C3BBBD1604FBE091AA22F42C33936391 |
SHA-256: | 724F927DCD7FD9358C0C3F902D4D445656FACAA314106A440F4740E0514C7BAF |
SHA-512: | BB20D01C4C2F23C84707C269C97DF52CDBA6276C5A8CC2BF503250C399360095510CEDC6E52C23D4C0B44B9194949230A2FECA3E7B215AC7885F115259D5E254 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\index[1].html
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1670 |
Entropy (8bit): | 4.824629434797592 |
Encrypted: | false |
SSDEEP: | 48:COu/IehmrkCDe83GkjepDYNiNL/BQRNDD:i/IehKkGexkjepDhqRN3 |
MD5: | DBD98101E573BD765570E031127930D9 |
SHA1: | 76D129F7640C58520E1F609421F133343C024990 |
SHA-256: | C51BBC71C359CAD610A6894A4FEAAAA4C9F18F4127EFAE14015E3D93D4FF731D |
SHA-512: | 51462F372954E692E015C6FA7CEE06E6251A0FDA0CEEAB695B9E34F93D217F1B7F59CC06A56426C989FC83344AE162B862964F06477F01C49A6A67807A42037C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\main[1].js
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 90914 |
Entropy (8bit): | 5.54992294596034 |
Encrypted: | false |
SSDEEP: | 1536:YQmXkyQLhyzI6KwW8i55n1/2WOCnTFHcdl7/O+f0Ul73gfJ3RnoHp77:YQm4yhsOyFHqOWl73oJ3Rnkp77 |
MD5: | EDDF68C225DDE7CACA03FA12CE216673 |
SHA1: | 698D5B34F85A8363267D378268495BEDB98BFD42 |
SHA-256: | DF9A8EF3B98B5F3CE8B27360FDCA59BBE04CBE59574401E66FB6FD7E9E1322A9 |
SHA-512: | 6CF14E87D6C0405176E17E522F3B8F9A1522914BE88243D92F81953B2F294FF47006BAB4CAE6C62EAD8F5381767967CF036AD37BA38238AB80E19D70C3960602 |
Malicious: | true |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\css2[1].css
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 236 |
Entropy (8bit): | 5.4929898271214315 |
Encrypted: | false |
SSDEEP: | 6:0IFFDrvCwS+56ZRWHMqh7izlpdUDFho4Kxtm:jFlrawSO6ZRoMqt6pSdKfm |
MD5: | FC06007A6AC7050EF289F35DA39CC89D |
SHA1: | E8CC4520DF6DE89E35F4472917C893FF3931E82C |
SHA-256: | 9E2F5834238FD68E7FDFD94207A8028C06088E48D33AEF647682A98DE548AE56 |
SHA-512: | 7F1060A8AD4323A7770D5A67EC2F29B37FD1FE54294766248BA25817E46EE9EC62EAB41956B82DB4245A0C459477E73042F0EB7CB5B85AE2A158F7399DEB778D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\99E1BAC8.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4056 |
Entropy (8bit): | 1.929653848333741 |
Encrypted: | false |
SSDEEP: | 12:YB1uOUvJqRENEtEtEdEdEdEO6Mcs/vs9/09v89fE9vM9/U9Lzlm97z9m9Lz1m9bO:Y7uTvJqRiGGWWWRKqurbkdBvae |
MD5: | 4A103FC1809C8EA381D2ACB5380EF4F6 |
SHA1: | 6C81D37798C4D78C64E7D3EF7EB2ACB317C9FF67 |
SHA-256: | 1AB8F5ABD845FFD0C61A61BB09BFCF20569B80B4496BCCB58C623753CF40485C |
SHA-512: | 77DA8AB022505D77F89749E97628CAF4DD8414251CB673598ACBA8F7D30D1889037FAB30094A6CE7DC47293697A6BEF28B92364D00129B59D2FC3711C82650F5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BFAAF593.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 433328 |
Entropy (8bit): | 5.820352131070705 |
Encrypted: | false |
SSDEEP: | 6144:9ifm7kwvqU4iyCbPUV7gdaI6z0R/sjBx2:9l7kwvqULUVS |
MD5: | 55D0E293DF03EC273C41698E78A89B8C |
SHA1: | 402593798904BDA8C20E2D9E85D995830CBD19A2 |
SHA-256: | DD8986D9061C1F75BD550D307403B3647F2A35D9002C7FD728B8AD07C216B016 |
SHA-512: | 4C7717B5ACF724BA436381B880968E89BA5274EFE39D258B8FBBD8AD8CB2ED31F59F3DE5BEE5DBFECB8CB5F1279AEF25A64784DC27B958651674834DE5E9C5E1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D4E20A78.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4056 |
Entropy (8bit): | 1.9017483361098562 |
Encrypted: | false |
SSDEEP: | 24:YOu6PJqRixxBBBQAAJnHbG/KD3ql/mfzG/S6ATn9eDIb6eD/qLvae:9u6IRixxBBBQlJatF6n8g/wae |
MD5: | 8F636083CE616F8EB610556C57CC3CAA |
SHA1: | 4291DA8874EF4A60300F4BAAEC84F5A4A425E31E |
SHA-256: | 62E41677B9A6F9B0139BB4D5EAA890F1423F707383A960FFA261A7C4A677F3EB |
SHA-512: | 78FF54528C73E9E52C67FC8536BDA2628F4177ACDC9E749F4EAF69639F82E468B3766AEACD4F24BABCB30227572B2F522FDDF2FBD8B790C474ACF313BD32C84A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E3092323.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330948 |
Entropy (8bit): | 4.972456048494713 |
Encrypted: | false |
SSDEEP: | 3072:P0Bd8yCKdQW2222222Igccz3/qSmV1XITSuaZgOTARfMDc1ji:P0Bd8yCKdQRzw4muaZ9TARfMDcFi |
MD5: | ACDB960007E7F15079613062ED043743 |
SHA1: | DEA775DBF9E83B85EEA5B1D8191C7C0EAA78B0E5 |
SHA-256: | 8098245EF66A1EE02FB6289256C4167B1EE7110BA29D772DC4861AB762981DAC |
SHA-512: | A92A082540AD2F0C0958A06E17144C0CB5944D31CAACC99CD3E73F5BDEA6DF5D7581D12046A1C1612369D01398208A8DAEB5E2733AAD115745184C7E4243C6A2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FE6A2C29.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 884312 |
Entropy (8bit): | 1.2944965349348616 |
Encrypted: | false |
SSDEEP: | 1536:W3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:Hux/ZiOE85e+8J2dvRcvMyw |
MD5: | 9ABE7EB352E0DB96B52C99AC2FDEA85F |
SHA1: | 8DC45D02308275BA32B7FFB320A3042256D40C8B |
SHA-256: | EC022DFF1CC8251BA9D849C16431914635473FC5457AE73AA277651B47948869 |
SHA-512: | E43325B927F5365F16118B67E1830B2A0E8CC051D9AEAB144DA6A75751CA39CC1831158270A50ED31BCCBA29C98A56769E516F36C45CB5FAA1BB6ED92CC0A5EB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FEB9295A.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 884312 |
Entropy (8bit): | 1.2944875740888722 |
Encrypted: | false |
SSDEEP: | 1536:k3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:5ux/ZiOE85e+8J2dvRcvMyw |
MD5: | B6DFB3AA7AC4A1A52336C30FA821857B |
SHA1: | 66ECB808A516AC5B07A01CDFCAD65FD7B9907619 |
SHA-256: | E22202331F689D7568E674B0DCD895DF66FAC5980498F05A846DE244AB3394C4 |
SHA-512: | A13562F976BCBEEF7D4B4926C37E39BFD4C588EF6E746792B806E6737C91604175395021D4884493D764CE7F0EE2ACC6C7D03A6045A5B4ED6616E5D7E4C9FE94 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.844406371380569 |
Encrypted: | false |
SSDEEP: | 192:MIuQTYZwtFEBP6pIMkrlzDDgH8zG5yLo:MATYOIBP+kBHkMGgs |
MD5: | 165889CDD24007F98909222E5DB9AD12 |
SHA1: | 37C465138461B31459BD07190FD76AF210C5340F |
SHA-256: | 1B6DAC9D44AFA0038B30B74958BA4FF4DA94D07CC3E14416F1BA2069C597950C |
SHA-512: | E7F38D690D527EB28186F9199276EC8FA5D89FEF3DD33FB7C130EACCC0F40D5136980F517DAF7B910FC4851ED97BF9C929517422AE834D2D5EE6F0B7CE8860F5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 172032 |
Entropy (8bit): | 6.443259947613745 |
Encrypted: | false |
SSDEEP: | 3072:BZkJAg15YEbTKWIHmppIYYFxEtjPOtioVjDGUU1qfDlaGGx+cugLX0d6ZwE/zDid:BZunrTqGWxEtjPOtioVjDGUU1qfDlavM |
MD5: | C644AC7BB893E6E872B3F73673D681A7 |
SHA1: | B19CBA4DB7DA46FA33416DC249536A1FDA68210C |
SHA-256: | 0C091606058F651DF27A87318A202557B9CBC193635C6AC44365CEC1935445BD |
SHA-512: | FDBF8A807C001B5A6D223F717DF0678FF93649DD043094FCC6B1D189849784A390054C7BD041DBEB7DDFD095ED8058AD7D97F8A2D3BBD2CBE97207C03A154496 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10240 |
Entropy (8bit): | 0.6739662216458647 |
Encrypted: | false |
SSDEEP: | 12:Ppb0slZp69PO9tauZ7nH2AaYSQ81v0t4TreIBUxFj87+k/R:RbG4WuZfKZ1c+reIAon/R |
MD5: | C61F99FE7BEE945FC31B62121BE075CD |
SHA1: | 083BBD0568633FECB8984002EB4FE8FA08E17DD9 |
SHA-256: | 1E0973F4EDEF345D1EA8E90E447B9801FABDE63A2A1751E63B91A8467E130732 |
SHA-512: | 46D743C564A290EDFF307F8D0EF012BB01ED4AA6D9667E87A53976B8F3E87D78BEBE763121A91BA8FB5B0CF5A8C9FDE313D7FBD144FB929D98D7D39F4C9602C9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24152 |
Entropy (8bit): | 0.7532185028349225 |
Encrypted: | false |
SSDEEP: | 48:CMnfnO4FGtsFqN6t8nlztZKR6axR6uiozVb:ZnfO4kWKpZKdxR35 |
MD5: | 520FE964934AF1AB0CEBA2366830D0FA |
SHA1: | B90310ACA870261CB619FDFD1E54E1B1A25074FF |
SHA-256: | DBD45EEA386D364B30BA189E079BFA05C2C40D9E5E83722C39A171998ED079C1 |
SHA-512: | A4839A6AB8DB522D9121A590B8C711E8C4F172D9CB71C918860F8048472920F3341B7BA624DFF514BE397809149E4471B2DF981DC81FE77C26B2DDF342A42F8C |
Malicious: | false |
Preview: |
C:\Users\user\Desktop\11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls (copy)
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 366592 |
Entropy (8bit): | 7.807329094672133 |
Encrypted: | false |
SSDEEP: | 6144:xPun1TqGsxEtjPOtioVjDGUU1qfDlavx+fgLX0d6liv3bV2BDl30tjl6U7a7Ie4+:xq1TFPabVaJ0Zl62OIew4BuJj |
MD5: | 1521E82FED40C9966EAADE3DCF89C16B |
SHA1: | 251674B52C8F7499F465BBB0CC64CA72615DC38B |
SHA-256: | 81F506B8FE8D4046F712F237A0043619FF5F746AC8C275919566E6B1C5572CA7 |
SHA-512: | EA0E25F5B34404876E6C2159823B3F69D3339E6B6A4E8A2BDF2E600AFD8AC3800EF5BE308BEFA5DE4CC778FA2353C656FEC6F961CEE62FA7FBD9A1245A06B6E8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 366592 |
Entropy (8bit): | 7.807329094672133 |
Encrypted: | false |
SSDEEP: | 6144:xPun1TqGsxEtjPOtioVjDGUU1qfDlavx+fgLX0d6liv3bV2BDl30tjl6U7a7Ie4+:xq1TFPabVaJ0Zl62OIew4BuJj |
MD5: | 1521E82FED40C9966EAADE3DCF89C16B |
SHA1: | 251674B52C8F7499F465BBB0CC64CA72615DC38B |
SHA-256: | 81F506B8FE8D4046F712F237A0043619FF5F746AC8C275919566E6B1C5572CA7 |
SHA-512: | EA0E25F5B34404876E6C2159823B3F69D3339E6B6A4E8A2BDF2E600AFD8AC3800EF5BE308BEFA5DE4CC778FA2353C656FEC6F961CEE62FA7FBD9A1245A06B6E8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.4492673585803955 |
TrID: |
|
File name: | 11587 DUBAI BURJ KHALIFA LLC SUPPLIES & SERVICES CO LLC 6000083650.xls |
File size: | 327'168 bytes |
MD5: | 1b73adcb8a81f3c16c93d068ef96e71c |
SHA1: | 51a531d12af8a4146a1986c81062b52d97d39f3d |
SHA256: | d54c6022fce79e44ae05bba1f148fe83b3991c7c6bd8a8efd19f4d615bf15a96 |
SHA512: | 0bd6dbc118976d7b7526bce8568ba61a9a4807471fb52110e14afc74647e6641facb9b475d6ed791b9062e746d6aab27d935fef3ef7ae92deef2c5ae3c70ab08 |
SSDEEP: | 6144:1nunJTGY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVZWMICQVgtxNQic6b/As4:1yJTf3bVZWMICmgtMKbA3PR/yHU9 |
TLSH: | 1064D011FF81875AE089573549F74AAB6225FC415F924B0F325CF72E3DB03A45E2BA22 |
File Content Preview: | ........................>.......................................................G...H...{...................................................................................................................................................................... |
Icon Hash: | 276ea3a6a6b7bfbf |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2024-04-17 01:34:47 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 45 c1 9e 15 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E ^ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 45 c1 5e da 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E N ! . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 45 c1 4e 21 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 45 c1 a5 f0 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.282068105701866 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . U t n g . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD0004D5A5/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD0004D5A5/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 62 |
Entropy: | 2.7788384466112834 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 3 . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 33 00 |
Stream Path: MBD0004D5A5/CONTENTS, File Type: PDF document, version 1.7, 1 pages, Stream Size: 20909
General | |
Stream Path: | MBD0004D5A5/CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.7, 1 pages |
Stream Size: | 20909 |
Entropy: | 7.967116806702583 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 7 . % . 1 0 o b j . < < . / T y p e / C a t a l o g . / P a g e s 2 0 R . / A c r o F o r m 3 0 R . > > . e n d o b j . 4 0 o b j . < < . / P r o d u c e r ( 3 . 0 . 4 \\ ( 5 . 0 . 8 \\ ) ) . / M o d D a t e ( D : 2 0 2 3 0 9 2 2 0 3 2 2 4 8 + 0 2 ' 0 0 ' ) . > > . e n d o b j . 2 0 o b j . < < . / T y p e / P a g e s . / K i d s [ 5 0 R ] . / C o u n t 1 . > > . e n d o b j . 3 0 o b j . < < . / F i e l d s [ ] . / D R 6 0 R . > > . e n d |
Data Raw: | 25 50 44 46 2d 31 2e 37 0a 25 f6 e4 fc df 0a 31 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 50 61 67 65 73 20 32 20 30 20 52 0a 2f 41 63 72 6f 46 6f 72 6d 20 33 20 30 20 52 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 34 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 72 6f 64 75 63 65 72 20 28 33 2e 30 2e 34 20 5c 28 35 2e 30 2e 38 5c 29 20 29 0a 2f 4d 6f 64 44 61 74 65 |
General | |
Stream Path: | MBD0004D5A6/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 99 |
Entropy: | 3.631242196770981 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD0004D5A6/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 11582 |
Entropy: | 7.131182866704616 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . . o . . . L . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 a2 c8 b4 f4 6f 01 00 00 4c 05 00 00 13 00 cb 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c7 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD0004D5A7/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD0004D5A7/\x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 708 |
Entropy: | 3.6235698530352805 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 20 02 00 00 dc 01 00 00 14 00 00 00 01 00 00 00 a8 00 00 00 02 00 00 00 b0 00 00 00 03 00 00 00 bc 00 00 00 0e 00 00 00 c8 00 00 00 0f 00 00 00 d4 00 00 00 04 00 00 00 e0 00 00 00 05 00 00 00 |
General | |
Stream Path: | MBD0004D5A7/\x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 23248 |
Entropy: | 3.0209455576978392 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . 4 . . . . . . . < . . . . . . . D . . . . . . . L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v i v i e n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 5a 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 e4 00 00 00 09 00 00 00 f4 00 00 00 |
General | |
Stream Path: | MBD0004D5A7/Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 97808 |
Entropy: | 7.365046767513021 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . P . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c9 00 02 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
General | |
Stream Path: | MBD0004D5A8/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 654 |
Entropy: | 5.97034304939504 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . y y { . . . . . . . . . . . . . . . . y . . . K . . . . . h . t . t . p . : . / . / . p . o . p . . . t . g . / . I . G . W . Y . r . . . m b . . [ m . + J M k i . . . 1 . . < v o ] . u . l + @ . . i 1 ` . . N s 4 ! . Z . 6 6 7 H : j R . 5 . 9 ? 5 W A N a c m g . . ] . X " g Q A . , + e 6 . n . . H | - J . . ' ! y Q q . . . c t R 5 5 k d = w ) K w % # 3 . | . L x n U * & M E t a w ) b 3 f M ] . j . 4 r . . . . . . . . . . . . . . . . . . . . 0 . u . S . u . q . R . q . B . B . 2 . V . c . r . B |
Data Raw: | 01 00 00 02 13 11 79 79 aa 87 f6 7b 00 00 00 00 00 00 00 00 00 00 00 00 1e 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 1a 01 00 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 70 00 6f 00 70 00 2e 00 74 00 67 00 2f 00 49 00 47 00 57 00 59 00 72 00 00 00 93 6d 62 a9 a1 c4 83 98 99 09 5b 6d 8d 84 f6 87 de bd df 2b 86 c3 4a c0 4d 6b 69 13 15 87 99 94 0f 31 b2 99 04 0d 3c 98 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 153327 |
Entropy: | 7.995468680670329 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . K # | . Y ^ n v . H v * : " Z . ^ 2 u . . . D . I G . . . . . . . 2 . . . \\ . p . . j 8 . l o ? N 5 C . H , T I h T b . ; C 4 . . . . ! L . Z ; { y 7 5 . z U . + . R \\ h ` B . I D Y . z . H % . L 8 B . . . K a . . . . . . . = . . . . \\ . . . . n 8 J . . . . . A . . . . < . . . . . . . . . . 3 . . . K . . . Y = . . . ~ . . . H . . b . y W @ . . . . . . . ( 1 " . . . / . . . . s . . . $ . . . . 1 . . . d b < [ k . S . t Q b . * Y w % 1 . . . v } . ^ 0 |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 4b b4 23 7c 00 ee 59 5e 6e e5 76 7f 48 b0 76 2a a8 9f 3a d4 22 eb 5a 83 0d b3 5e ce 32 75 0c d0 a3 a8 cc d4 0a 44 1a a4 8d b0 d1 49 a2 fd c5 47 e1 00 02 00 b0 04 c1 00 02 00 32 d8 e2 00 00 00 5c 00 70 00 0d cd 6a 38 8c b7 9c 07 6c 6f 3f 4e 35 fb 43 ab b3 bd 9c 20 03 ec ee 48 2c 8c 54 ff c6 ee |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 529 |
Entropy: | 5.199103071093012 |
Base64 Encoded: | True |
Data ASCII: | I D = " { E D F 4 5 5 D F - 6 F 4 1 - 4 C 9 5 - A 2 4 0 - A C 3 8 2 7 8 C 5 5 6 C } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " D C D E 2 A 2 C D A 2 0 D E 2 0 D |
Data Raw: | 49 44 3d 22 7b 45 44 46 34 35 35 44 46 2d 36 46 34 31 2d 34 43 39 35 2d 41 32 34 30 2d 41 43 33 38 32 37 38 43 35 35 36 43 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2644 |
Entropy: | 3.9857273007538683 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.372466510213557 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . z - h . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 a9 7a 2d 68 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 18, 2024 10:17:58.958702087 CEST | 49161 | 80 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:17:59.062649012 CEST | 80 | 49161 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:17:59.062763929 CEST | 49161 | 80 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:17:59.062948942 CEST | 49161 | 80 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:17:59.166666031 CEST | 80 | 49161 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:17:59.302259922 CEST | 80 | 49161 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:17:59.302369118 CEST | 49161 | 80 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:17:59.673002005 CEST | 49162 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:17:59.673115969 CEST | 443 | 49162 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:17:59.673291922 CEST | 49162 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:17:59.678493023 CEST | 49162 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:17:59.678529978 CEST | 443 | 49162 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:17:59.910660982 CEST | 443 | 49162 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:17:59.910789013 CEST | 49162 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:17:59.916112900 CEST | 49162 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:17:59.916145086 CEST | 443 | 49162 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:17:59.916456938 CEST | 443 | 49162 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:17:59.916511059 CEST | 49162 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:17:59.984956980 CEST | 49162 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:00.028125048 CEST | 443 | 49162 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:00.226596117 CEST | 443 | 49162 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:00.226708889 CEST | 49162 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:00.226743937 CEST | 443 | 49162 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:00.226787090 CEST | 49162 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:00.226794004 CEST | 443 | 49162 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:00.226846933 CEST | 49162 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:00.226855040 CEST | 443 | 49162 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:00.226898909 CEST | 49162 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:00.226943016 CEST | 443 | 49162 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:00.227025032 CEST | 49162 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:00.228945017 CEST | 49162 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:00.228971004 CEST | 443 | 49162 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.002264977 CEST | 49161 | 80 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.106307030 CEST | 80 | 49161 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.125278950 CEST | 80 | 49161 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.125447035 CEST | 49161 | 80 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.126827002 CEST | 49163 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.126919031 CEST | 443 | 49163 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.127038002 CEST | 49163 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.127465963 CEST | 49163 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.127496004 CEST | 443 | 49163 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.345757008 CEST | 443 | 49163 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.345849037 CEST | 49163 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.347780943 CEST | 49163 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.347809076 CEST | 443 | 49163 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.354965925 CEST | 49163 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.354979038 CEST | 443 | 49163 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.667049885 CEST | 443 | 49163 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.667162895 CEST | 49163 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.667227983 CEST | 443 | 49163 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.667290926 CEST | 49163 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.667308092 CEST | 443 | 49163 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.667367935 CEST | 49163 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.667381048 CEST | 443 | 49163 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.667434931 CEST | 49163 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.667447090 CEST | 443 | 49163 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.667490959 CEST | 443 | 49163 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.667500019 CEST | 49163 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.667555094 CEST | 49163 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.668521881 CEST | 49163 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.668554068 CEST | 443 | 49163 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.724805117 CEST | 49164 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.724828959 CEST | 443 | 49164 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.724900961 CEST | 49164 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.725229025 CEST | 49164 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.725239992 CEST | 443 | 49164 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.726511002 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.726548910 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.726618052 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.727150917 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.727165937 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.944412947 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.944508076 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.945857048 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.945868969 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.947081089 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.947086096 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.947269917 CEST | 443 | 49164 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.947349072 CEST | 49164 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.993105888 CEST | 49164 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.993124008 CEST | 443 | 49164 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:20.994339943 CEST | 49164 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:20.994345903 CEST | 443 | 49164 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.256129026 CEST | 443 | 49164 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.256217003 CEST | 49164 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.256227970 CEST | 443 | 49164 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.256290913 CEST | 49164 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.256325006 CEST | 443 | 49164 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.256483078 CEST | 49164 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.256488085 CEST | 443 | 49164 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.256597996 CEST | 49164 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.256602049 CEST | 443 | 49164 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.256644011 CEST | 443 | 49164 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.256697893 CEST | 49164 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.256697893 CEST | 49164 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.256944895 CEST | 49164 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.256958008 CEST | 443 | 49164 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.258174896 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.258225918 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.258287907 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.258758068 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.258778095 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.263204098 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.263258934 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.263292074 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.263312101 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.263324022 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.263333082 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.263334036 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.263367891 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.263376951 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.263401031 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.263422966 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.263422966 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.263430119 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.263441086 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.263467073 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.263472080 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.263492107 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.263514042 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.263536930 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.264039040 CEST | 49165 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.264054060 CEST | 443 | 49165 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.477853060 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.479231119 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.482845068 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.482858896 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.485562086 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.485569954 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.789832115 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.790011883 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.790081024 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.790112019 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.790164948 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.790175915 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.790338039 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.790410042 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.790419102 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.790465117 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.790473938 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.790513992 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.790528059 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.790581942 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.790641069 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.790692091 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.790743113 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.790790081 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.790854931 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.790900946 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.790958881 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.791003942 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.791079044 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.791121960 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.791179895 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.791265965 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.791273117 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.791309118 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.791346073 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.791398048 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.791439056 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.791630030 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.791676998 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.791685104 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.791723013 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.791733980 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.791784048 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.792001009 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.792048931 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.792082071 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.792121887 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.792148113 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.792188883 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.792196035 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.792234898 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.792241096 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.792275906 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.792299032 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.792705059 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.792767048 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.792774916 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.792829990 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.792870045 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.792876005 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.792912960 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.792917967 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.792953968 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.792958975 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.792994022 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.793539047 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.793589115 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.793622971 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.793659925 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.793673038 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.793713093 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.793721914 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.793760061 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.793767929 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.793807030 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.794405937 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.794450998 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.794473886 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.794511080 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.794519901 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.794564009 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.794570923 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.794606924 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.794612885 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.794647932 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.794652939 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.794687986 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.795422077 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.795475006 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.893589973 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.893682003 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.894898891 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.894968033 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.894980907 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.894999981 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.895054102 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.895107031 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.895327091 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.895400047 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.895406961 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.895436049 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.895473957 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.895490885 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.896223068 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.896300077 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.896318913 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.896332026 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.896363974 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.896456003 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.897068977 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.897126913 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.897141933 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.897200108 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.897211075 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.897258043 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Apr 18, 2024 10:18:21.897310972 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.897371054 CEST | 49167 | 443 | 192.168.2.22 | 172.67.206.230 |
Apr 18, 2024 10:18:21.897401094 CEST | 443 | 49167 | 172.67.206.230 | 192.168.2.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 18, 2024 10:17:58.743761063 CEST | 54562 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 18, 2024 10:17:58.952975035 CEST | 53 | 54562 | 8.8.8.8 | 192.168.2.22 |
Apr 18, 2024 10:17:59.309333086 CEST | 52917 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 18, 2024 10:17:59.672473907 CEST | 53 | 52917 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 18, 2024 10:17:58.743761063 CEST | 192.168.2.22 | 8.8.8.8 | 0xaa6a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 18, 2024 10:17:59.309333086 CEST | 192.168.2.22 | 8.8.8.8 | 0x7e31 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 18, 2024 10:17:58.952975035 CEST | 8.8.8.8 | 192.168.2.22 | 0xaa6a | No error (0) | 172.67.206.230 | A (IP address) | IN (0x0001) | false | ||
Apr 18, 2024 10:17:58.952975035 CEST | 8.8.8.8 | 192.168.2.22 | 0xaa6a | No error (0) | 104.21.15.201 | A (IP address) | IN (0x0001) | false | ||
Apr 18, 2024 10:17:59.672473907 CEST | 8.8.8.8 | 192.168.2.22 | 0x7e31 | No error (0) | 172.67.206.230 | A (IP address) | IN (0x0001) | false | ||
Apr 18, 2024 10:17:59.672473907 CEST | 8.8.8.8 | 192.168.2.22 | 0x7e31 | No error (0) | 104.21.15.201 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49161 | 172.67.206.230 | 80 | 808 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 18, 2024 10:17:59.062948942 CEST | 318 | OUT | |
Apr 18, 2024 10:17:59.302259922 CEST | 951 | IN | |
Apr 18, 2024 10:18:20.002264977 CEST | 318 | OUT | |
Apr 18, 2024 10:18:20.125278950 CEST | 939 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49162 | 172.67.206.230 | 443 | 808 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-18 08:17:59 UTC | 317 | OUT | |
2024-04-18 08:18:00 UTC | 830 | IN | |
2024-04-18 08:18:00 UTC | 539 | IN | |
2024-04-18 08:18:00 UTC | 1138 | IN | |
2024-04-18 08:18:00 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.22 | 49163 | 172.67.206.230 | 443 | 808 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-18 08:18:20 UTC | 317 | OUT | |
2024-04-18 08:18:20 UTC | 830 | IN | |
2024-04-18 08:18:20 UTC | 539 | IN | |
2024-04-18 08:18:20 UTC | 1138 | IN | |
2024-04-18 08:18:20 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.22 | 49165 | 172.67.206.230 | 443 | 808 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-18 08:18:20 UTC | 384 | OUT | |
2024-04-18 08:18:21 UTC | 943 | IN | |
2024-04-18 08:18:21 UTC | 426 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 349 | IN | |
2024-04-18 08:18:21 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.22 | 49164 | 172.67.206.230 | 443 | 808 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-18 08:18:20 UTC | 381 | OUT | |
2024-04-18 08:18:21 UTC | 941 | IN | |
2024-04-18 08:18:21 UTC | 428 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 475 | IN | |
2024-04-18 08:18:21 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.22 | 49167 | 172.67.206.230 | 443 | 808 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-18 08:18:21 UTC | 383 | OUT | |
2024-04-18 08:18:21 UTC | 957 | IN | |
2024-04-18 08:18:21 UTC | 412 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN | |
2024-04-18 08:18:21 UTC | 1369 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:17:36 |
Start date: | 18/04/2024 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f630000 |
File size: | 28'253'536 bytes |
MD5 hash: | D53B85E21886D2AF9815C377537BCAC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 4 |
Start time: | 10:18:05 |
Start date: | 18/04/2024 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8e0000 |
File size: | 2'525'680 bytes |
MD5 hash: | 2F8D93826B8CBF9290BC57535C7A6817 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 10:18:20 |
Start date: | 18/04/2024 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1220000 |
File size: | 9'805'808 bytes |
MD5 hash: | 326A645391A97C760B60C558A35BB068 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet1" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet2" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet3" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "ThisWorkbook" |
2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |