Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Doc9078786968795776764567.xla.xlsx

Overview

General Information

Sample name:Doc9078786968795776764567.xla.xlsx
Analysis ID:1632078
MD5:e5e8f7c4e8638793cfde2342e03480dc
SHA1:56e2dee858992aa8498a1a1935aad525fb2198fd
SHA256:5b5ba0157979fe96f31b72f27860e79ef396543e1ebc6e03679d2239830a7226
Tags:CVE-2017-0199xlaxlsxuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Excel sheet contains many unusual embedded objects
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 7608 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 7240 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 5112 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Doc9078786968795776764567.xla.xlsx" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 104.26.0.139, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 7608, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49727
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.4, DestinationIsIpv6: false, DestinationPort: 49727, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 7608, Protocol: tcp, SourceIp: 104.26.0.139, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-07T19:32:25.360866+010020283713Unknown Traffic192.168.2.44972913.107.246.60443TCP
2025-03-07T19:32:34.602522+010020283713Unknown Traffic192.168.2.44973113.107.246.60443TCP
2025-03-07T19:32:34.697993+010020283713Unknown Traffic192.168.2.44973013.107.246.60443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Doc9078786968795776764567.xla.xlsxAvira: detected
Multi AV Scanner detection for submitted file
Source: Doc9078786968795776764567.xla.xlsxVirustotal: Detection: 46%Perma Link
Source: Doc9078786968795776764567.xla.xlsxReversingLabs: Detection: 39%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 104.26.0.139:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.161.200.29:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: global trafficDNS query: name: link.orai.io
Source: global trafficDNS query: name: st3.pro
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49709 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49709 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.4:49727
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.4:49727
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.4:49727
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.4:49727
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.4:49727
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.4:49727
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.4:49727
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.4:49727
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.4:49727 -> 104.26.0.139:443
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.4:49727
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.4:49728
Source: global trafficTCP traffic: 192.168.2.4:49728 -> 5.161.200.29:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49709
Source: global trafficTCP traffic: 192.168.2.4:49709 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49709
Source: global trafficTCP traffic: 192.168.2.4:49709 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49729 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49729
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49730
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.4:49731
Source: Joe Sandbox ViewIP Address: 104.26.0.139 104.26.0.139
Source: Joe Sandbox ViewIP Address: 5.161.200.29 5.161.200.29
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49729 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 13.107.246.60:443
Source: global trafficHTTP traffic detected: GET /HuK0L2?&belfry=bawdy&language=righteous&gale HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: link.orai.ioConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /HuK0L2?&belfry=bawdy&language=righteous&gale HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: link.orai.ioConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficDNS traffic detected: DNS query: link.orai.io
Source: global trafficDNS traffic detected: DNS query: st3.pro
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: Doc9078786968795776764567.xla.xlsx, 96630000.0.drString found in binary or memory: https://link.orai.io/HuK0L2?&belfry=bawdy&language=righteous&gale
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownHTTPS traffic detected: 104.26.0.139:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.161.200.29:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49729 version: TLS 1.2

System Summary

barindex
Excel sheet contains many unusual embedded objects
Source: Doc9078786968795776764567.xla.xlsxOLE: Microsoft Excel 2007+
Source: ~DFA295EF34946D887C.TMP.0.drOLE: Microsoft Excel 2007+
Source: 96630000.0.drOLE: Microsoft Excel 2007+
Source: Doc9078786968795776764567.xla.xlsxOLE indicator, VBA macros: true
Source: Doc9078786968795776764567.xla.xlsxStream path 'MBD0004E8E2/\x1Ole' : https://link.orai.io/HuK0L2?&belfry=bawdy&language=righteous&galeLD8hI;E5hJR%2`D8xhop(I'*/aBww`&#u)EoPeQ3vaF1wIzYIVVL4stkxE8iR7X1wqyxddNCk7TQ0HOwYP0Zxl1DX4GmNIHyJBjUwJrBGnlIwH1JckzqjwiugdOvwFMDJXNyzgnARB5oVr3tdMSGYcCG8wwts4EoSUpWHFWvco5WQoVcHoCtVRnYzywywUuQagfHYla6m7H5aY4unZh3mNDa2YJAzOOSGZOhZSonSRwGhjN7s4SGawTqYUlzvHC1XUIF00JrcrCzkTV8mgTybzmr\q=\3O)g
Source: 96630000.0.drStream path 'MBD0004E8E2/\x1Ole' : https://link.orai.io/HuK0L2?&belfry=bawdy&language=righteous&galeLD8hI;E5hJR%2`D8xhop(I'*/aBww`&#u)EoPeQ3vaF1wIzYIVVL4stkxE8iR7X1wqyxddNCk7TQ0HOwYP0Zxl1DX4GmNIHyJBjUwJrBGnlIwH1JckzqjwiugdOvwFMDJXNyzgnARB5oVr3tdMSGYcCG8wwts4EoSUpWHFWvco5WQoVcHoCtVRnYzywywUuQagfHYla6m7H5aY4unZh3mNDa2YJAzOOSGZOhZSonSRwGhjN7s4SGawTqYUlzvHC1XUIF00JrcrCzkTV8mgTybzmr\q=\3O)g
Source: ~DFA295EF34946D887C.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEWindow title found: microsoft excel okexcel cannot open the file 'doc9078786968795776764567.xla.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.
Source: classification engineClassification label: mal60.winXLSX@4/9@3/3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Doc9078786968795776764567.xla.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{46761600-33E4-4129-8266-69EA527AC254} - OProcSessId.datJump to behavior
Source: Doc9078786968795776764567.xla.xlsxOLE indicator, Workbook stream: true
Source: 96630000.0.drOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: Doc9078786968795776764567.xla.xlsxVirustotal: Detection: 46%
Source: Doc9078786968795776764567.xla.xlsxReversingLabs: Detection: 39%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Doc9078786968795776764567.xla.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: Doc9078786968795776764567.xla.xlsxStatic file information: File size 1236480 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: ~DFA295EF34946D887C.TMP.0.drInitial sample: OLE indicators vbamacros = False
Source: Doc9078786968795776764567.xla.xlsxInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: Doc9078786968795776764567.xla.xlsxStream path 'MBD0004E8E1/Package' entropy: 7.99274071651 (max. 8.0)
Source: Doc9078786968795776764567.xla.xlsxStream path 'Workbook' entropy: 7.99848253318 (max. 8.0)
Source: ~DFA295EF34946D887C.TMP.0.drStream path 'Package' entropy: 7.99527691181 (max. 8.0)
Source: 96630000.0.drStream path 'MBD0004E8E1/Package' entropy: 7.99527691181 (max. 8.0)
Source: 96630000.0.drStream path 'Workbook' entropy: 7.99827947728 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 785Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts3
Exploitation for Client Execution		1
Scripting		1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Doc9078786968795776764567.xla.xlsx46%VirustotalBrowse
Doc9078786968795776764567.xla.xlsx39%ReversingLabsDocument-Excel.Exploit.CVE-2017-0199
Doc9078786968795776764567.xla.xlsx100%AviraW97M/AVI.Agent.yntrz

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://link.orai.io/HuK0L2?&belfry=bawdy&language=righteous&gale0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
link.orai.io
104.26.0.139
truefalse
    		high
    st3.pro
    		5.161.200.29
    		truefalse
      		high
      s-0005.dual-s-msedge.net
      		52.123.128.14
      		truefalse
        		high
        s-part-0032.t-0009.t-msedge.net
        		13.107.246.60
        		truefalse
          		high
          otelrules.svc.static.microsoft
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
              		high
              https://link.orai.io/HuK0L2?&belfry=bawdy&language=righteous&galefalse
              • Avira URL Cloud: safe
              		unknown
              https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
                		high
                https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  104.26.0.139
                  		link.orai.ioUnited States
                  		13335CLOUDFLARENETUSfalse
                  5.161.200.29
                  		st3.proGermany
                  		24940HETZNER-ASDEfalse
                  13.107.246.60
                  		s-part-0032.t-0009.t-msedge.netUnited States
                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                  General Information

                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1632078
                  Start date and time:2025-03-07 19:29:56 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 41s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsofficecookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Run name:Without Instrumentation
                  Number of analysed new started processes analysed:18
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:Doc9078786968795776764567.xla.xlsx
                  Detection:MAL
                  Classification:mal60.winXLSX@4/9@3/3
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  Cookbook Comments:
                  • Found application associated with file extension: .xlsx
                  • Found Word or Excel or PowerPoint or XPS Viewer
                  • Attach to Office via COM
                  • Active ActiveX Object
                  • Active ActiveX Object
                  • Scroll down
                  • Close Viewer

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 52.109.28.46, 23.199.214.10, 52.109.89.19, 20.42.65.84, 52.109.89.18, 51.104.15.253, 52.123.128.14, 20.190.159.4
                  • Excluded domains from analysis (whitelisted): weu-azsc-000.roaming.officeapps.live.com, weu-azsc-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, dual-s-0005-office.config.skype.com, login.live.com, onedscolprdeus02.eastus.cloudapp.azure.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprduks04.uksouth.cloudapp.azure.com, prod.roaming1.live.com.akadns.net, config.officeapps.live.com, e16604.f.akamaiedge.net, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, uks-azsc-config.officeapps.live.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtCreateKey calls found.
                  • Report size getting too big, too many NtOpenFile calls found.
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadFile calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                  • Report size getting too big, too many NtSetInformationFile calls found.
                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  13:32:18API Interceptor840x Sleep call for process: splwow64.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  104.26.0.139NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                    Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                      Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                        VALPESA7809034mex_2025.xlsGet hashmaliciousUnknownBrowse
                          SWIFT COPY.xlsGet hashmaliciousUnknownBrowse
                            Confirmation number 0001592289.xlsGet hashmaliciousUnknownBrowse
                              SWIFT COPY.xlsGet hashmaliciousUnknownBrowse
                                05 BOIRON F 240700457 ORDEN 05 MAR 2025.xlsGet hashmaliciousUnknownBrowse
                                  5.161.200.29NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                      Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                        Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                          NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                            New Order.xlsGet hashmaliciousUnknownBrowse
                                              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
                                                  • www.mimecast.com/Customers/Support/Contact-support/
                                                  http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
                                                  • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

                                                  Domains

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  s-part-0032.t-0009.t-msedge.netNEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                  • 13.107.246.60
                                                  s-0005.dual-s-msedge.netNEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 52.123.128.14
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 52.123.128.14
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 52.123.128.14
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 52.123.128.14
                                                  (No subject).emlGet hashmaliciousUnknownBrowse
                                                  • 52.123.129.14
                                                  NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 52.123.128.14
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 52.123.128.14
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 52.123.128.14
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 52.123.129.14
                                                  link.orai.ioNEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 104.26.0.139
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 104.26.1.139
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 104.26.1.139
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 104.26.0.139
                                                  NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 104.26.1.139
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 104.26.1.139
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 172.67.68.60
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 104.26.0.139
                                                  st3.proNEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29

                                                  ASNs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  HETZNER-ASDENEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  CLOUDFLARENETUSNEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 104.26.0.139
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 104.26.1.139
                                                  JqGBbm7.exeGet hashmaliciousLummaC StealerBrowse
                                                  • 188.114.97.3
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 104.26.1.139
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 104.26.0.139
                                                  NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 104.26.1.139
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 104.26.1.139
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 172.67.68.60
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 104.26.0.139
                                                  MICROSOFT-CORP-MSN-AS-BLOCKUSNEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 13.107.253.72
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60

                                                  JA3 Fingerprints

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  6271f898ce5be7dd52b0fc260d0662b3NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  • 104.26.0.139
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  • 104.26.0.139
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  • 104.26.0.139
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  • 104.26.0.139
                                                  VALPESA7809034mex_2025.xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  • 104.26.0.139
                                                  Confirmation number 0001592289.xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  • 104.26.0.139
                                                  SWIFT COPY.xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  • 104.26.0.139
                                                  Confirmation number 0001592289.xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  • 104.26.0.139
                                                  VALPESA7809034mex_2025.xlsGet hashmaliciousUnknownBrowse
                                                  • 5.161.200.29
                                                  • 104.26.0.139
                                                  a0e9f5d64349fb13191bc781f81f42e1JqGBbm7.exeGet hashmaliciousLummaC StealerBrowse
                                                  • 13.107.246.60
                                                  NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  New Order.xlsGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  Royal Mail Inland Claim Form V1.3.xlsmGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.60
                                                  alex122121.exeGet hashmaliciousLummaC StealerBrowse
                                                  • 13.107.246.60
                                                  alex12312.exeGet hashmaliciousLummaC Stealer, PureLog StealerBrowse
                                                  • 13.107.246.60
                                                  fuck122112.exeGet hashmaliciousLummaC StealerBrowse
                                                  • 13.107.246.60

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):118
                                                  Entropy (8bit):3.5700810731231707
                                                  Encrypted:false
                                                  SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                  MD5:573220372DA4ED487441611079B623CD
                                                  SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                  SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                  SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                  C:\Users\user\AppData\Local\Temp\140D459E.tmp

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):836
                                                  Entropy (8bit):2.7151910322565733
                                                  Encrypted:false
                                                  SSDEEP:24:J3fIxk+vpKAk6ScvoGA8xpiOnAvJ5yoIHWK:h3+RfkpcvoGAYcvJ5LIHD
                                                  MD5:92A7E6E963E0E668F6585E8694F68380
                                                  SHA1:9CFB8F0EA9A80C54FEBF664E2E8DA3A20C6F5DAE
                                                  SHA-256:F09EE04026948847263A11CC3D3276A676246EF074A985681DBEF03D76801482
                                                  SHA-512:F3E94DC16458B4CE76A18D44360256A233CDF918A34FDB0AB3A85AF5FA3ADEB8B0BBB173CE658D8344939FE77AEB467C04D111A887424A65BA2833897DE3F4E2
                                                  Malicious:false
                                                  Reputation:moderate, very likely benign file
                                                  Preview:1.1.9.,.1.2.5.,.2.5.5.0.5.0.8.8.,.1.1.9.6.3.7.8.,.3.7.4.6.3.7.6.,.1.7.8.8.6.5.8.,.7.0.0.9.9.8.4.,.3.0.0.4.9.2.6.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.2.3.7.1.6.5.1.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.1.1.1.1.,.6.3.6.4.3.3.7.,.1.0.0.1.,.6.5.4.0.2.1.5.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.2.4.6.0.9.2.5.8.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.6.3.7.1.6.9.4.,.2.7.1.5.3.4.9.7.,.5.9.2.2.3.4.2.3.,.1.5.6.1.9.5.8.,.5.7.9.9.9.6.6.1.,.5.8.4.2.5.8.6.0.,.2.7.3.6.0.0.9.5.,.6.3.0.6.3.0.9.9.,.6.3.6.4.3.3.0.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.1.6.5.7.4.5.3.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.2.,.1.0.6.9.5.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.7.7.1.6.5.7.,.1.3.5.2.5.8.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.3.2.0.5.9.2.7.6.7.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.1.1.9.6.2.9.3.,.

                                                  C:\Users\user\AppData\Local\Temp\~DF4EDF6D85053BD543.TMP

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\~DFA295EF34946D887C.TMP

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):1181696
                                                  Entropy (8bit):7.944718032779258
                                                  Encrypted:false
                                                  SSDEEP:24576:VdvGt1l7z4cIcNEulvdzHjdfAxbXSud/QyqamuJIwg:PI1pz3DvdTWpiulPqaVzg
                                                  MD5:4126A43D52645B8D0AFECCE7F7FA773C
                                                  SHA1:D475A62C050D3EDC450FDC7C8A777052706863AF
                                                  SHA-256:56CE32B6A84BD552BB751339333C2D6DCAAAD600789ACF54904F17C6293B4484
                                                  SHA-512:142CDD897742894D6C5E3045BF44277D9991A2F7EB8F7B69627B83114343C8CE4F891347FED8252D4593972DB1AE347C46157BE4874E8F398BAFB812548ECF6B
                                                  Malicious:false
                                                  Preview:......................>...................I........................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...........................................................................................................................................................................................................................................................................................................................................................................................................................................................K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                  C:\Users\user\AppData\Local\Temp\~DFC69409DCE3448FCF.TMP

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):1163264
                                                  Entropy (8bit):7.9630940769189635
                                                  Encrypted:false
                                                  SSDEEP:24576:DdvGt1l7z4cIcNEulvdzHjdfAxbXSud/QyqamuJIwg:lI1pz3DvdTWpiulPqaVzg
                                                  MD5:9F6214A77E2078F32299CA4E49E4369B
                                                  SHA1:A506025AB87A2C9415B49B59C37CE9F5E046F584
                                                  SHA-256:AE41BA7F3104B89EDE68E043DA1C714F576F2D4C1F4D7CA1FBCCC430B9FB1CC7
                                                  SHA-512:9B92BB8192418F3F79A9F1CE02C93855A5A6F8D7A0E3642AAFCD10949DAED8174755DAEA13D295C73A96876C62A355BCD6ABC950B7CACEDC4723CA926A3A61BC
                                                  Malicious:false
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\Desktop\96630000

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Mar 7 18:32:43 2025, Security: 1
                                                  Category:dropped
                                                  Size (bytes):1435136
                                                  Entropy (8bit):7.988539809116455
                                                  Encrypted:false
                                                  SSDEEP:24576:PdvGt1l7z4cIcNEulvdzHjdfAxbXSud/QyqamuJIwgbsr2gyOb7Jmm:hI1pz3DvdTWpiulPqaVzgArt
                                                  MD5:BDAB006705DD2FBC961D23D405A8A1EF
                                                  SHA1:DE5643A2240BC54C0023F06DC40EE013239D4EB3
                                                  SHA-256:D50354EEB31365335132AF042273DC5E90288B98052D1504670B0B46840745BE
                                                  SHA-512:B605C597087F3ABC85A14EAF44F8F42F3276048AD94E6075B28576C3A20FE6CFB2BC80DCF9B0FC5E0305A133054967140F4B4ACFFAA1F16D3C73A136CF5D16C7
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................q.......s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                  C:\Users\user\Desktop\96630000:Zone.Identifier

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:modified
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:false
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  C:\Users\user\Desktop\Doc9078786968795776764567.xla.xls (copy)

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Mar 7 18:32:43 2025, Security: 1
                                                  Category:dropped
                                                  Size (bytes):1435136
                                                  Entropy (8bit):7.988539809116455
                                                  Encrypted:false
                                                  SSDEEP:24576:PdvGt1l7z4cIcNEulvdzHjdfAxbXSud/QyqamuJIwgbsr2gyOb7Jmm:hI1pz3DvdTWpiulPqaVzgArt
                                                  MD5:BDAB006705DD2FBC961D23D405A8A1EF
                                                  SHA1:DE5643A2240BC54C0023F06DC40EE013239D4EB3
                                                  SHA-256:D50354EEB31365335132AF042273DC5E90288B98052D1504670B0B46840745BE
                                                  SHA-512:B605C597087F3ABC85A14EAF44F8F42F3276048AD94E6075B28576C3A20FE6CFB2BC80DCF9B0FC5E0305A133054967140F4B4ACFFAA1F16D3C73A136CF5D16C7
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................q.......s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                  C:\Users\user\Desktop\~$Doc9078786968795776764567.xla.xlsx

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):165
                                                  Entropy (8bit):1.4377382811115937
                                                  Encrypted:false
                                                  SSDEEP:3:KVC+cAmltV:KVC+cR
                                                  MD5:9C7132B2A8CABF27097749F4D8447635
                                                  SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                  SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                  SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                  Malicious:true
                                                  Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                  Static File Info

                                                  General

                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Mar 5 17:04:45 2025, Security: 1
                                                  Entropy (8bit):7.9806836434250945
                                                  TrID:
                                                  • Microsoft Excel sheet (30009/1) 47.99%
                                                  • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                  • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                  File name:Doc9078786968795776764567.xla.xlsx
                                                  File size:1'236'480 bytes
                                                  MD5:e5e8f7c4e8638793cfde2342e03480dc
                                                  SHA1:56e2dee858992aa8498a1a1935aad525fb2198fd
                                                  SHA256:5b5ba0157979fe96f31b72f27860e79ef396543e1ebc6e03679d2239830a7226
                                                  SHA512:51c1f73d314f2888f71dd847533b3d4496a5c027ea5471766bcd45ab050b99b2838d172fab1e6aea50a4578da3da5babf502bd03c8ce94269a8cfaa80786d41b
                                                  SSDEEP:24576:IJIwgbtTgdAnIOXR8YhbBWvdp8tLUWBMDcaPhU3Vjz6r9FnqDe4Kx8:IzgZTcM8YkpwLUwhauzOFqtKx
                                                  TLSH:F74522D4EDD4BE02CF43457A0F96C46D940ABE4EB259D40B3234B71A1A3BA3D46F281A
                                                  File Content Preview:........................>...............................................................................................................x.......z..............................................................................................................

                                                  File Icon

                                                  Icon Hash:35e58a8c0c8a85b9

                                                  Static OLE Info

                                                  General

                                                  Document Type:OLE
                                                  Number of OLE Files:1

                                                  OLE File "Doc9078786968795776764567.xla.xlsx"

                                                  Indicators
                                                  Has Summary Info:
                                                  Application Name:Microsoft Excel
                                                  Encrypted Document:True
                                                  Contains Word Document Stream:False
                                                  Contains Workbook/Book Stream:True
                                                  Contains PowerPoint Document Stream:False
                                                  Contains Visio Document Stream:False
                                                  Contains ObjectPool Stream:False
                                                  Flash Objects Count:0
                                                  Contains VBA Macros:True
                                                  Summary
                                                  Code Page:1252
                                                  Author:
                                                  Last Saved By:
                                                  Create Time:2006-09-16 00:00:00
                                                  Last Saved Time:2025-03-05 17:04:45
                                                  Creating Application:Microsoft Excel
                                                  Security:1
                                                  Document Summary
                                                  Document Code Page:1252
                                                  Thumbnail Scaling Desired:False
                                                  Contains Dirty Links:False
                                                  Shared Document:False
                                                  Changed Hyperlinks:False
                                                  Application Version:786432

                                                  Streams with VBA

                                                  VBA File Name: Sheet1.cls, Stream Size: 977
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                                  VBA File Name:Sheet1.cls
                                                  Stream Size:977
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + h . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a4 2b 68 03 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  VBA Code
                                                  Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                  VBA File Name: Sheet2.cls, Stream Size: 977
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                                  VBA File Name:Sheet2.cls
                                                  Stream Size:977
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + c . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a4 2b c3 63 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  VBA Code
                                                  Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                  VBA File Name: Sheet3.cls, Stream Size: 977
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                                  VBA File Name:Sheet3.cls
                                                  Stream Size:977
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + H . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a4 2b 48 98 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  VBA Code
                                                  Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                  VBA File Name: ThisWorkbook.cls, Stream Size: 985
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                  VBA File Name:ThisWorkbook.cls
                                                  Stream Size:985
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - .
                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a4 2b ce 08 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  VBA Code
                                                  Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                  Streams

                                                  Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                  General
                                                  Stream Path:\x1CompObj
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:114
                                                  Entropy:4.25248375192737
                                                  Base64 Encoded:True
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                  General
                                                  Stream Path:\x5DocumentSummaryInformation
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:244
                                                  Entropy:2.889430592781307
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                  Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                                  Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
                                                  General
                                                  Stream Path:\x5SummaryInformation
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:200
                                                  Entropy:3.3020681057018666
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . . . . . . . .
                                                  Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                  Stream Path: MBD0004E8E1/\x1CompObj, File Type: data, Stream Size: 99
                                                  General
                                                  Stream Path:MBD0004E8E1/\x1CompObj
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:99
                                                  Entropy:3.631242196770981
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Stream Path: MBD0004E8E1/Package, File Type: Microsoft Excel 2007+, Stream Size: 919249
                                                  General
                                                  Stream Path:MBD0004E8E1/Package
                                                  CLSID:
                                                  File Type:Microsoft Excel 2007+
                                                  Stream Size:919249
                                                  Entropy:7.9927407165072255
                                                  Base64 Encoded:True
                                                  Data ASCII:P K . . . . . . . . . . ! . h . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                  Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 d5 68 cd d7 f9 01 00 00 da 08 00 00 13 00 c4 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c0 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Stream Path: MBD0004E8E2/\x1Ole, File Type: data, Stream Size: 806
                                                  General
                                                  Stream Path:MBD0004E8E2/\x1Ole
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:806
                                                  Entropy:4.842271720864075
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . w > y V . . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . l . i . n . k . . . o . r . a . i . . . i . o . / . H . u . K . 0 . L . 2 . ? . & . b . e . l . f . r . y . = . b . a . w . d . y . & . l . a . n . g . u . a . g . e . = . r . i . g . h . t . e . o . u . s . & . g . a . l . e . . . . L . D . 8 . h I ; E 5 . h J R % 2 ` . D . 8 . x h o p ( . I ' . * / a B w w ` & # u ) . E . o . . . . . . . . . . . . . . . . . . . P . e . Q . 3 . v . a . F . 1 . w . I . z . Y .
                                                  Data Raw:01 00 00 02 77 c3 3e 79 93 cf 56 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b e4 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6c 00 69 00 6e 00 6b 00 2e 00 6f 00 72 00 61 00 69 00 2e 00 69 00 6f 00 2f 00 48 00 75 00 4b 00 30 00 4c 00 32 00 3f 00 26 00 62 00 65 00 6c 00 66 00 72 00 79 00 3d 00 62 00 61 00 77 00 64 00
                                                  Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 293108
                                                  General
                                                  Stream Path:Workbook
                                                  CLSID:
                                                  File Type:Applesoft BASIC program data, first line number 16
                                                  Stream Size:293108
                                                  Entropy:7.998482533182839
                                                  Base64 Encoded:True
                                                  Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . Q r + . . r . r n g . 5 v . + # Q i E . . 4 . ) . . h K . . . . . . . . . . 1 . . . \\ . p . . b ' Y . . . Q . . : 5 % i p v R J I > . . ) . W s { 1 k " 3 . . . , . Z . . < J $ c ? O T 0 1 ] . . H A . V * ] T . ' r B . . . ! a . . . . . . = . . . q F F C . . . D B . C . { 2 . . . . . . . . . o . . . . . . . . . . . . l . . . . = . . . ~ . - O P z . . 8 n w @ . . . . . . . . " . . . . . . . _ . . . . k . . . 2 . 1 . . . c | $ . . . > . m ; 3 . F ] 5 :
                                                  Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 bf f4 e5 51 a2 72 2b 1a d8 86 8f 72 0e c8 e5 72 6e 67 08 35 e5 bf 76 15 ff 2b 23 ed 88 51 69 45 d4 e6 03 9e a7 0b 34 e6 0f 29 c3 0a 1c 68 e7 4b 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 99 31 e2 00 00 00 5c 00 70 00 ca 8d 62 27 59 ef cd 15 ad fd 0f 1f 51 1a c6 b6 3a b5 99 99 fb 35 25 69 70 76
                                                  Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 525
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                  CLSID:
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Stream Size:525
                                                  Entropy:5.172412904274722
                                                  Base64 Encoded:True
                                                  Data ASCII:I D = " { 8 D 4 4 B B 5 F - C 9 5 D - 4 7 0 0 - A 9 4 B - 3 B 9 4 C B 5 D C 8 D C } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 5 F 5 D 7 E 3 C 8 2 3 C C 0 4 0 C
                                                  Data Raw:49 44 3d 22 7b 38 44 34 34 42 42 35 46 2d 43 39 35 44 2d 34 37 30 30 2d 41 39 34 42 2d 33 42 39 34 43 42 35 44 43 38 44 43 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                                  Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:104
                                                  Entropy:3.0488640812019017
                                                  Base64 Encoded:False
                                                  Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                                  Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                                  Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:2644
                                                  Entropy:3.9830170565388197
                                                  Base64 Encoded:False
                                                  Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                                  Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                                  Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:553
                                                  Entropy:6.34327716220257
                                                  Base64 Encoded:True
                                                  Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . 6 . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2
                                                  Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 36 12 e0 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                                  Network Behavior

                                                  Suricata IDS Alerts

                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                  2025-03-07T19:32:25.360866+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44972913.107.246.60443TCP
                                                  2025-03-07T19:32:34.602522+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973113.107.246.60443TCP
                                                  2025-03-07T19:32:34.697993+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973013.107.246.60443TCP

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Mar 7, 2025 19:32:07.290807962 CET49727443192.168.2.4104.26.0.139
                                                  Mar 7, 2025 19:32:07.290863037 CET44349727104.26.0.139192.168.2.4
                                                  Mar 7, 2025 19:32:07.290956974 CET49727443192.168.2.4104.26.0.139
                                                  Mar 7, 2025 19:32:07.291192055 CET49727443192.168.2.4104.26.0.139
                                                  Mar 7, 2025 19:32:07.291207075 CET44349727104.26.0.139192.168.2.4
                                                  Mar 7, 2025 19:32:09.316725969 CET44349727104.26.0.139192.168.2.4
                                                  Mar 7, 2025 19:32:09.316926956 CET49727443192.168.2.4104.26.0.139
                                                  Mar 7, 2025 19:32:09.328016043 CET49727443192.168.2.4104.26.0.139
                                                  Mar 7, 2025 19:32:09.328048944 CET44349727104.26.0.139192.168.2.4
                                                  Mar 7, 2025 19:32:09.328388929 CET44349727104.26.0.139192.168.2.4
                                                  Mar 7, 2025 19:32:09.328458071 CET49727443192.168.2.4104.26.0.139
                                                  Mar 7, 2025 19:32:09.329003096 CET49727443192.168.2.4104.26.0.139
                                                  Mar 7, 2025 19:32:09.372322083 CET44349727104.26.0.139192.168.2.4
                                                  Mar 7, 2025 19:32:10.149842024 CET44349727104.26.0.139192.168.2.4
                                                  Mar 7, 2025 19:32:10.149914026 CET44349727104.26.0.139192.168.2.4
                                                  Mar 7, 2025 19:32:10.150125980 CET49727443192.168.2.4104.26.0.139
                                                  Mar 7, 2025 19:32:10.150125980 CET49727443192.168.2.4104.26.0.139
                                                  Mar 7, 2025 19:32:10.154710054 CET49727443192.168.2.4104.26.0.139
                                                  Mar 7, 2025 19:32:10.154761076 CET44349727104.26.0.139192.168.2.4
                                                  Mar 7, 2025 19:32:10.171017885 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:10.171051025 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:10.171164989 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:10.171510935 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:10.171525002 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:16.399915934 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:16.400067091 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:16.427984953 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:16.428003073 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:17.066289902 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:17.066389084 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:17.067430973 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:17.067444086 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:17.067460060 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:17.067465067 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:17.067490101 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:17.067493916 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:17.741951942 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:17.742132902 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:17.992836952 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:17.992961884 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:18.083024979 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:18.083302975 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:18.092963934 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:18.092978001 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:18.662422895 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:18.662611961 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:18.664227962 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:18.664237022 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:18.826453924 CET443497285.161.200.29192.168.2.4
                                                  Mar 7, 2025 19:32:18.826569080 CET49728443192.168.2.45.161.200.29
                                                  Mar 7, 2025 19:32:18.998334885 CET4434970913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:18.998522043 CET49709443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:18.998756886 CET4434970913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:18.998809099 CET49709443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:22.617923975 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:22.617983103 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:22.618103027 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:22.618383884 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:22.618403912 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:25.360790014 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:25.360866070 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:25.368717909 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:25.368763924 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:25.369039059 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:25.386395931 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:25.432342052 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.005434990 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.005462885 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.005480051 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.005530119 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.005583048 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.005604029 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.005778074 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.139561892 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.139586926 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.139668941 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.139708996 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.140747070 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.156243086 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.156263113 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.156315088 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.156327009 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.156361103 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.156387091 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.218211889 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.218231916 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.218338966 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.218358994 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.219327927 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.254323006 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.254340887 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.254399061 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.254415035 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.254456043 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.283297062 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.283314943 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.283394098 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.283411026 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.283463955 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.313488007 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.313543081 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.313589096 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.313612938 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.313635111 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.313657999 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.333802938 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.333821058 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.333884001 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.333899021 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.333964109 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.357628107 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.357656956 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.357705116 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.357717037 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.357758045 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.357781887 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.381274939 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.381300926 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.381407976 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.381438971 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.381484032 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.399503946 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.399524927 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.399566889 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.399580002 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.399610043 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.399632931 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.415069103 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.415088892 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.415137053 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.415163040 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.415182114 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.415215969 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.424491882 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.424510956 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.424599886 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.424617052 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.424678087 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.435559034 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.435580969 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.435641050 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.435652018 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.435710907 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.445369959 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.445391893 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.445456028 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.445468903 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.445523024 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.453548908 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.453564882 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.453622103 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.453632116 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.453701973 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.463546991 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.463563919 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.463619947 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.463629961 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.463761091 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.473206997 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.473222017 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.473284960 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.473294020 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.473339081 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.484277964 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.484299898 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.484383106 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.484392881 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.484467030 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.501311064 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.501327038 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.501416922 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.501432896 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.501482964 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.520338058 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.520354986 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.520441055 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.520463943 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.520720005 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.536526918 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.536549091 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.536628962 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.536664963 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.536832094 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.540702105 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.540716887 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.540782928 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.540792942 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.540882111 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.550096035 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.550112963 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.550189018 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.550201893 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.550251007 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.559679031 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.559696913 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.559762955 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.559773922 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.559865952 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.575663090 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.575684071 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.575747967 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.575761080 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.575834990 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.607533932 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.607557058 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.607646942 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.607673883 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.607829094 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.646219969 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.646243095 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.646338940 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.646364927 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.646497965 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.683825016 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.683846951 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.683923006 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.683944941 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.683993101 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.710390091 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.710414886 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.710493088 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.710525036 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.710712910 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.716636896 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.716661930 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.716696978 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.716738939 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.716749907 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.716826916 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.731125116 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.731146097 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.731213093 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.731235981 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.731282949 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.743479967 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.743500948 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.743570089 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.743590117 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.743813038 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.763344049 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.763361931 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.763453960 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.763480902 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.765625000 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.826365948 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.826395035 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.826491117 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.826517105 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.826571941 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.826610088 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.861629009 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.861653090 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.861958027 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.861987114 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.862098932 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.923945904 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.923970938 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.924060106 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.924086094 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.924127102 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.924145937 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.971494913 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.971520901 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.971601009 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.971628904 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.971807957 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.980580091 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.980597973 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.980675936 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.980684042 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.980726004 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.993335962 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.993350983 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.993422031 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:26.993431091 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:26.993485928 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.016287088 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.016311884 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.016366959 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.016375065 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.016433954 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.026609898 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.026631117 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.026705980 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.026711941 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.026752949 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.077562094 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.077583075 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.077641010 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.077663898 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.077699900 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.077699900 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.110718012 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.110738039 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.110809088 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.110819101 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.110872030 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.172287941 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.172327995 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.172365904 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.172374010 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.172410011 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.172432899 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.231219053 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.231242895 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.231298923 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.231304884 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.231337070 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.231368065 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.240055084 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.240077972 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.240122080 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.240128040 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.240164995 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.240189075 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.252800941 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.252821922 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.252866030 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.252871990 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.252906084 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.252928019 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.278985023 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.279002905 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.279093981 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.279115915 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.279174089 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.288794041 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.288808107 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.288889885 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.288918972 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.288979053 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.339138985 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.339159012 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.339225054 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.339251041 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.339399099 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.363954067 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.363979101 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.364064932 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.364089966 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.364141941 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.416214943 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.416238070 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.416507959 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.416534901 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.416764021 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.480654001 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.480704069 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.480751991 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.480767965 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.480812073 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.480830908 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.496373892 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.496436119 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.496471882 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.496488094 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.496551037 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.496558905 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.515300035 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.515367985 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.515410900 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.515425920 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.515450001 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.515467882 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.540880919 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.540899992 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.540967941 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.540982962 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.541028976 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.585164070 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.585185051 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.585272074 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.585289955 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.585304976 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.585370064 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.586460114 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.586477041 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.586539984 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.586558104 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.586643934 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.603646040 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.603693962 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.603725910 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.603740931 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.603780985 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.603801966 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.678761959 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.678776979 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.678859949 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.678879976 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.678941011 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.757463932 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.757486105 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.757615089 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.757615089 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.757632017 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.757886887 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.758523941 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.758538961 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.758651972 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.758658886 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.758764982 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.776341915 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.776420116 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.776458979 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.776469946 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.776532888 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.776534081 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.798738956 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.798787117 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.798976898 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.798976898 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.798986912 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.799400091 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.825634956 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.825656891 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.825762033 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.825778961 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.825845957 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.847871065 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.847888947 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.847980976 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.847996950 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.848136902 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.849327087 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.849343061 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.849453926 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.849463940 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.849575043 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.912384033 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.912456989 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.912592888 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.912592888 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.912625074 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:27.912636995 CET49729443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:27.912643909 CET4434972913.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:32.042716026 CET49731443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:32.042757988 CET4434973113.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:32.042793036 CET49730443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:32.042829037 CET49731443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:32.042844057 CET4434973013.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:32.043018103 CET49731443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:32.043030977 CET4434973113.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:32.043050051 CET49730443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:32.043204069 CET49730443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:32.043215036 CET4434973013.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:34.601738930 CET4434973113.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:34.602521896 CET49731443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:34.602547884 CET4434973113.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:34.603543997 CET49731443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:34.603552103 CET4434973113.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:34.697137117 CET4434973013.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:34.697993040 CET49730443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:34.698014975 CET4434973013.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:34.698932886 CET49730443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:34.698947906 CET4434973013.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:35.439301014 CET4434973013.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:35.439363003 CET4434973013.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:35.439502001 CET4434973013.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:35.439779043 CET49730443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:35.440272093 CET49730443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:35.440272093 CET49730443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:35.440320015 CET49730443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:35.440335989 CET4434973013.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:35.509888887 CET4434973113.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:35.509973049 CET4434973113.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:35.510221004 CET49731443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:35.510469913 CET49731443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:35.510498047 CET4434973113.107.246.60192.168.2.4
                                                  Mar 7, 2025 19:32:35.510510921 CET49731443192.168.2.413.107.246.60
                                                  Mar 7, 2025 19:32:35.510518074 CET4434973113.107.246.60192.168.2.4

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Mar 7, 2025 19:32:07.278244972 CET4985953192.168.2.41.1.1.1
                                                  Mar 7, 2025 19:32:07.288652897 CET53498591.1.1.1192.168.2.4
                                                  Mar 7, 2025 19:32:10.157248974 CET6453753192.168.2.41.1.1.1
                                                  Mar 7, 2025 19:32:10.170098066 CET53645371.1.1.1192.168.2.4
                                                  Mar 7, 2025 19:32:22.539778948 CET5381753192.168.2.41.1.1.1
                                                  Mar 7, 2025 19:32:22.617120028 CET53538171.1.1.1192.168.2.4

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Mar 7, 2025 19:32:07.278244972 CET192.168.2.41.1.1.10xd2bStandard query (0)link.orai.ioA (IP address)IN (0x0001)false
                                                  Mar 7, 2025 19:32:10.157248974 CET192.168.2.41.1.1.10xaa3cStandard query (0)st3.proA (IP address)IN (0x0001)false
                                                  Mar 7, 2025 19:32:22.539778948 CET192.168.2.41.1.1.10xdae4Standard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Mar 7, 2025 19:31:20.945939064 CET1.1.1.1192.168.2.40x55b1No error (0)ecs-office.s-0005.dual-s-msedge.nets-0005.dual-s-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                  Mar 7, 2025 19:31:20.945939064 CET1.1.1.1192.168.2.40x55b1No error (0)s-0005.dual-s-msedge.net52.123.128.14A (IP address)IN (0x0001)false
                                                  Mar 7, 2025 19:31:20.945939064 CET1.1.1.1192.168.2.40x55b1No error (0)s-0005.dual-s-msedge.net52.123.129.14A (IP address)IN (0x0001)false
                                                  Mar 7, 2025 19:32:07.288652897 CET1.1.1.1192.168.2.40xd2bNo error (0)link.orai.io104.26.0.139A (IP address)IN (0x0001)false
                                                  Mar 7, 2025 19:32:07.288652897 CET1.1.1.1192.168.2.40xd2bNo error (0)link.orai.io104.26.1.139A (IP address)IN (0x0001)false
                                                  Mar 7, 2025 19:32:07.288652897 CET1.1.1.1192.168.2.40xd2bNo error (0)link.orai.io172.67.68.60A (IP address)IN (0x0001)false
                                                  Mar 7, 2025 19:32:10.170098066 CET1.1.1.1192.168.2.40xaa3cNo error (0)st3.pro5.161.200.29A (IP address)IN (0x0001)false
                                                  Mar 7, 2025 19:32:22.617120028 CET1.1.1.1192.168.2.40xdae4No error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                  Mar 7, 2025 19:32:22.617120028 CET1.1.1.1192.168.2.40xdae4No error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                  Mar 7, 2025 19:32:22.617120028 CET1.1.1.1192.168.2.40xdae4No error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                  Mar 7, 2025 19:32:22.617120028 CET1.1.1.1192.168.2.40xdae4No error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                  Mar 7, 2025 19:32:22.617120028 CET1.1.1.1192.168.2.40xdae4No error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false

                                                  HTTP Request Dependency Graph

                                                  • link.orai.io
                                                  • otelrules.svc.static.microsoft

                                                  HTTPS Connections

                                                  TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                  Mar 7, 2025 19:32:16.399915934 CET5.161.200.29443192.168.2.449728CN=st3.pro CN=R11, O=Let's Encrypt, C=USCN=R11, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USMon Jan 13 16:48:51 CET 2025 Wed Mar 13 01:00:00 CET 2024Sun Apr 13 17:48:50 CEST 2025 Sat Mar 13 00:59:59 CET 2027771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-65281,29-23-24,06271f898ce5be7dd52b0fc260d0662b3
                                                  CN=R11, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USWed Mar 13 01:00:00 CET 2024Sat Mar 13 00:59:59 CET 2027

                                                  HTTPS Proxied Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.449727104.26.0.1394437608C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  TimestampBytes transferredDirectionData
                                                  2025-03-07 18:32:09 UTC234OUTGET /HuK0L2?&belfry=bawdy&language=righteous&gale HTTP/1.1
                                                  Accept: */*
                                                  Accept-Encoding: gzip, deflate
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                  Host: link.orai.io
                                                  Connection: Keep-Alive
                                                  2025-03-07 18:32:10 UTC1044INHTTP/1.1 302 Found
                                                  Date: Fri, 07 Mar 2025 18:32:09 GMT
                                                  Content-Type: text/plain; charset=utf-8
                                                  Content-Length: 45
                                                  Connection: close
                                                  X-DNS-Prefetch-Control: off
                                                  X-Frame-Options: SAMEORIGIN
                                                  Strict-Transport-Security: max-age=15552000
                                                  X-Download-Options: noopen
                                                  X-Content-Type-Options: nosniff
                                                  X-XSS-Protection: 1; mode=block
                                                  Location: https://st3.pro/lGGvy78
                                                  Vary: Accept
                                                  tech: orai-aws-swarm
                                                  Host-Loaded: swarm
                                                  cf-cache-status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x4QKuNWg6jdY8%2FxYOxA%2B5BIz5KaYIoiXMY3E0lFJBzCZ3ZmpQqCvrhuB4D369pJV5GTxUWffFK%2FLbJ5Gq%2F7Gs7cmfSpdblCy4qtemfPd8v2ySPSwx1Lrr9espCwYaw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 91cc2c84cf853b26-IAD
                                                  server-timing: cfL4;desc="?proto=TCP&rtt=36032&min_rtt=27689&rtt_var=13524&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2811&recv_bytes=816&delivery_rate=126886&cwnd=211&unsent_bytes=0&cid=a148dffa06ecdef2&ts=796&x=0"
                                                  2025-03-07 18:32:10 UTC45INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 73 74 33 2e 70 72 6f 2f 6c 47 47 76 79 37 38
                                                  Data Ascii: Found. Redirecting to https://st3.pro/lGGvy78


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.44972913.107.246.604437608C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  TimestampBytes transferredDirectionData
                                                  2025-03-07 18:32:25 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Accept-Encoding: gzip
                                                  User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                                  Host: otelrules.svc.static.microsoft
                                                  2025-03-07 18:32:26 UTC493INHTTP/1.1 200 OK
                                                  Date: Fri, 07 Mar 2025 18:32:25 GMT
                                                  Content-Type: text/plain
                                                  Content-Length: 1114783
                                                  Connection: close
                                                  Vary: Accept-Encoding
                                                  Cache-Control: public
                                                  Last-Modified: Thu, 06 Mar 2025 06:05:34 GMT
                                                  ETag: "0x8DD5C74E888C29E"
                                                  x-ms-request-id: 998ec1a9-a01e-000d-650b-8fd1ea000000
                                                  x-ms-version: 2018-03-28
                                                  x-azure-ref: 20250307T183225Z-168dc45644c6wlwnhC1BL10gd00000000vcg000000014gqy
                                                  x-fd-int-roxy-purgeid: 0
                                                  X-Cache: TCP_HIT
                                                  X-Cache-Info: L1_T2
                                                  Accept-Ranges: bytes
                                                  2025-03-07 18:32:26 UTC15891INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
                                                  Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
                                                  2025-03-07 18:32:26 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32
                                                  Data Ascii: /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C T="U32
                                                  2025-03-07 18:32:26 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 49 33 32
                                                  Data Ascii: </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C T="I32
                                                  2025-03-07 18:32:26 UTC16384INData Raw: 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                  Data Ascii: <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE"> <
                                                  2025-03-07 18:32:26 UTC16384INData Raw: 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54
                                                  Data Ascii: I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C> <S T
                                                  2025-03-07 18:32:26 UTC16384INData Raw: 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32 33 2d 30 61 66 39 2d
                                                  Data Ascii: coding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e23-0af9-
                                                  2025-03-07 18:32:26 UTC16384INData Raw: 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55
                                                  Data Ascii: "TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S> <C T="U
                                                  2025-03-07 18:32:26 UTC16384INData Raw: 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20
                                                  Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R> <V
                                                  2025-03-07 18:32:26 UTC16384INData Raw: 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70 74 69 6f 6e 22 3e 0d
                                                  Data Ascii: <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownException">
                                                  2025-03-07 18:32:26 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20
                                                  Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  2192.168.2.44973113.107.246.604437608C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  TimestampBytes transferredDirectionData
                                                  2025-03-07 18:32:34 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Accept-Encoding: gzip
                                                  User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                                  Host: otelrules.svc.static.microsoft
                                                  2025-03-07 18:32:35 UTC491INHTTP/1.1 200 OK
                                                  Date: Fri, 07 Mar 2025 18:32:35 GMT
                                                  Content-Type: text/xml
                                                  Content-Length: 204
                                                  Connection: close
                                                  Cache-Control: public, max-age=604800, immutable
                                                  Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                  ETag: "0x8DC582BB6C8527A"
                                                  x-ms-request-id: e0ebd78a-201e-000c-5ded-8c79c4000000
                                                  x-ms-version: 2018-03-28
                                                  x-azure-ref: 20250307T183235Z-r16856dc858zbtxhhC1BL14s5c0000000vtg00000000s5ap
                                                  x-fd-int-roxy-purgeid: 0
                                                  X-Cache: TCP_HIT
                                                  X-Cache-Info: L1_T2
                                                  Accept-Ranges: bytes
                                                  2025-03-07 18:32:35 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  3192.168.2.44973013.107.246.604437608C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  TimestampBytes transferredDirectionData
                                                  2025-03-07 18:32:34 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Accept-Encoding: gzip
                                                  User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                                  Host: otelrules.svc.static.microsoft
                                                  2025-03-07 18:32:35 UTC515INHTTP/1.1 200 OK
                                                  Date: Fri, 07 Mar 2025 18:32:35 GMT
                                                  Content-Type: text/xml
                                                  Content-Length: 2128
                                                  Connection: close
                                                  Vary: Accept-Encoding
                                                  Cache-Control: public, max-age=604800, immutable
                                                  Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                  ETag: "0x8DC582BA41F3C62"
                                                  x-ms-request-id: 723ff88d-401e-002a-2e1e-8dc62e000000
                                                  x-ms-version: 2018-03-28
                                                  x-azure-ref: 20250307T183235Z-r16856dc858mf6prhC1BL1asz400000009rg00000001esd7
                                                  x-fd-int-roxy-purgeid: 0
                                                  X-Cache: TCP_HIT
                                                  X-Cache-Info: L1_T2
                                                  Accept-Ranges: bytes
                                                  2025-03-07 18:32:35 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:13:31:12
                                                  Start date:07/03/2025
                                                  Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                  Imagebase:0x40000
                                                  File size:53'161'064 bytes
                                                  MD5 hash:4A871771235598812032C822E6F68F19
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:12
                                                  Start time:13:32:18
                                                  Start date:07/03/2025
                                                  Path:C:\Windows\splwow64.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\splwow64.exe 12288
                                                  Imagebase:0x7ff7e3730000
                                                  File size:163'840 bytes
                                                  MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:15
                                                  Start time:13:32:44
                                                  Start date:07/03/2025
                                                  Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Doc9078786968795776764567.xla.xlsx"
                                                  Imagebase:0x40000
                                                  File size:53'161'064 bytes
                                                  MD5 hash:4A871771235598812032C822E6F68F19
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  Disassembly

                                                  No disassembly