Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Inquiry.xla.xlsx

Overview

General Information

Sample name:Purchase Inquiry.xla.xlsx
Analysis ID:1635383
MD5:276274b804683f9b015af1af8d4fcd68
SHA1:82c4589b4714ba3682733ca3fc260fdc80ae2465
SHA256:700b86b936426ac3bb8ab4d38d84e3019f7840cdd6340b22f4dd3e358e1a122d
Tags:xlsxuser-lowmal3
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Excel sheet contains many unusual embedded objects
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 7148 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 8012 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 6888 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Purchase Inquiry.xla.xlsx" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 5.161.200.29, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 7148, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49701
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.8, DestinationIsIpv6: false, DestinationPort: 49701, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 7148, Protocol: tcp, SourceIp: 5.161.200.29, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-11T16:20:11.206516+010020283713Unknown Traffic192.168.2.84970413.107.246.67443TCP
2025-03-11T16:20:19.161423+010020283713Unknown Traffic192.168.2.84970713.107.246.67443TCP
2025-03-11T16:20:19.193562+010020283713Unknown Traffic192.168.2.84970613.107.246.67443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Purchase Inquiry.xla.xlsxAvira: detected
Multi AV Scanner detection for submitted file
Source: Purchase Inquiry.xla.xlsxVirustotal: Detection: 24%Perma Link
Source: Purchase Inquiry.xla.xlsxReversingLabs: Detection: 28%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 5.161.200.29:443 -> 192.168.2.8:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.39.153.44:443 -> 192.168.2.8:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.8:49704 version: TLS 1.2
Source: global trafficDNS query: name: st3.pro
Source: global trafficDNS query: name: link.saja.market
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49701
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49701
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49701
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49701
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49701
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49701
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49701
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49701
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49701
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.8:49701 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.8:49701
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49702 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49702
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.8:49703
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.8:49703 -> 3.39.153.44:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49704 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49704
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49707
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49707
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49707
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49707
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49707
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49706
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49707
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49707
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49707
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficTCP traffic: 13.107.246.67:443 -> 192.168.2.8:49707
Source: Joe Sandbox ViewIP Address: 13.107.246.67 13.107.246.67
Source: Joe Sandbox ViewIP Address: 3.39.153.44 3.39.153.44
Source: Joe Sandbox ViewIP Address: 5.161.200.29 5.161.200.29
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49704 -> 13.107.246.67:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49706 -> 13.107.246.67:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49707 -> 13.107.246.67:443
Source: global trafficHTTP traffic detected: GET /hNjKTUf?&kale=noxious&step-grandfather=large&monsoon HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: st3.proConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /iAA8YJYDlh?&specific=verdant&pants=pastoral&stinger=fast&zoology HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: link.saja.market
Source: global trafficHTTP traffic detected: GET /404 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: link.saja.market
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /hNjKTUf?&kale=noxious&step-grandfather=large&monsoon HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: st3.proConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /iAA8YJYDlh?&specific=verdant&pants=pastoral&stinger=fast&zoology HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: link.saja.market
Source: global trafficHTTP traffic detected: GET /404 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: link.saja.market
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficDNS traffic detected: DNS query: st3.pro
Source: global trafficDNS traffic detected: DNS query: link.saja.market
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 15:20:10 GMTContent-Type: text/html; charset=utf-8Content-Length: 4645Connection: closex-dns-prefetch-control: offx-frame-options: SAMEORIGINstrict-transport-security: max-age=15552000; includeSubDomainsx-download-options: noopenx-content-type-options: nosniffx-xss-protection: 1; mode=blockx-powered-by: Next.jsetag: "1225-W2Ao8CtLz4X2brSH9KxQ4GHunnc"vary: Accept-Encodingx-envoy-upstream-service-time: 20server: istio-envoy
Source: Purchase Inquiry.xla.xlsx, 37E20000.0.drString found in binary or memory: https://st3.pro/hNjKTUf?&kale=noxious&step-grandfather=large&monsoonj
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 5.161.200.29:443 -> 192.168.2.8:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.39.153.44:443 -> 192.168.2.8:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.8:49704 version: TLS 1.2

System Summary

barindex
Excel sheet contains many unusual embedded objects
Source: Purchase Inquiry.xla.xlsxOLE: Microsoft Excel 2007+
Source: Purchase Inquiry.xla.xlsxOLE: Microsoft Excel 2007+
Source: 37E20000.0.drOLE: Microsoft Excel 2007+
Source: 37E20000.0.drOLE: Microsoft Excel 2007+
Source: Purchase Inquiry.xla.xlsxStream path 'MBD00938692/\x1Ole' : https://st3.pro/hNjKTUf?&kale=noxious&step-grandfather=large&monsoonjmT*cIkfDn$)L?qy9gF~Ck{2-lzwHnQ7rwWkLkm29Vd95SFUayEnuvv2MDi4jprgcg9DAjuc6J8aAgAMJI34VzyIA4hip0jYefPLI53pmk7Enmmv4BbN7pcVELwB3gAqz62rzsr0CAyeLdTlnPAEGV5wyY1KSMdroRyH09VWOLN5V9LliLRxz2bC5ehhfPjyEmPhkp67NVGRb9BstZ9StL8vuD3XcyhsVRtu4pQNEErDaHmJhFYK47MxGrSj6Gd8pBDEFr8K6cedmDPQIt1oD)#eem$ry\V~|vBv
Source: 37E20000.0.drStream path 'MBD00938692/\x1Ole' : https://st3.pro/hNjKTUf?&kale=noxious&step-grandfather=large&monsoonjmT*cIkfDn$)L?qy9gF~Ck{2-lzwHnQ7rwWkLkm29Vd95SFUayEnuvv2MDi4jprgcg9DAjuc6J8aAgAMJI34VzyIA4hip0jYefPLI53pmk7Enmmv4BbN7pcVELwB3gAqz62rzsr0CAyeLdTlnPAEGV5wyY1KSMdroRyH09VWOLN5V9LliLRxz2bC5ehhfPjyEmPhkp67NVGRb9BstZ9StL8vuD3XcyhsVRtu4pQNEErDaHmJhFYK47MxGrSj6Gd8pBDEFr8K6cedmDPQIt1oD)#eem$ry\V~|vBv
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEWindow title found: microsoft excel okexcel cannot open the file 'purchase inquiry.xla.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.
Source: classification engineClassification label: mal60.winXLSX@4/8@3/3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Purchase Inquiry.xla.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{E8B1B4B0-F877-43C5-89A6-1F70CE6C702B} - OProcSessId.datJump to behavior
Source: Purchase Inquiry.xla.xlsxOLE indicator, Workbook stream: true
Source: 37E20000.0.drOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: Purchase Inquiry.xla.xlsxVirustotal: Detection: 24%
Source: Purchase Inquiry.xla.xlsxReversingLabs: Detection: 28%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Purchase Inquiry.xla.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: Purchase Inquiry.xla.xlsxStatic file information: File size 1443840 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: Purchase Inquiry.xla.xlsxInitial sample: OLE indicators vbamacros = False
Source: Purchase Inquiry.xla.xlsxInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: Purchase Inquiry.xla.xlsxStream path 'Workbook' entropy: 7.97958568577 (max. 8.0)
Source: 37E20000.0.drStream path 'Workbook' entropy: 7.97405446625 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 806Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Purchase Inquiry.xla.xlsx24%VirustotalBrowse
Purchase Inquiry.xla.xlsx29%ReversingLabsWin32.Exploit.CVE-2017-0199
Purchase Inquiry.xla.xlsx100%AviraEXP/CVE-2017-0199.vvvnm

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://link.saja.market/4040%Avira URL Cloudsafe
https://st3.pro/hNjKTUf?&kale=noxious&step-grandfather=large&monsoon0%Avira URL Cloudsafe
https://link.saja.market/iAA8YJYDlh?&specific=verdant&pants=pastoral&stinger=fast&zoology0%Avira URL Cloudsafe
https://st3.pro/hNjKTUf?&kale=noxious&step-grandfather=large&monsoonj0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    st3.pro
    		5.161.200.29
    		truefalse
      		high
      s-0005.dual-s-dc-msedge.net
      		52.123.131.14
      		truefalse
        		high
        s-part-0039.t-0009.t-msedge.net
        		13.107.246.67
        		truefalse
          		high
          service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com
          		3.39.153.44
          		truefalse
            		high
            otelrules.svc.static.microsoft
            		unknown
            		unknownfalse
              		high
              link.saja.market
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
                  		high
                  https://link.saja.market/404false
                  • Avira URL Cloud: safe
                  		unknown
                  https://st3.pro/hNjKTUf?&kale=noxious&step-grandfather=large&monsoonfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://link.saja.market/iAA8YJYDlh?&specific=verdant&pants=pastoral&stinger=fast&zoologyfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
                    		high
                    https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://st3.pro/hNjKTUf?&kale=noxious&step-grandfather=large&monsoonjPurchase Inquiry.xla.xlsx, 37E20000.0.drfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      13.107.246.67
                      		s-part-0039.t-0009.t-msedge.netUnited States
                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      3.39.153.44
                      		service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.comUnited States
                      		8987AMAZONEXPANSIONGBfalse
                      5.161.200.29
                      		st3.proGermany
                      		24940HETZNER-ASDEfalse

                      General Information

                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1635383
                      Start date and time:2025-03-11 16:17:51 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 5m 28s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsofficecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:19
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:Purchase Inquiry.xla.xlsx
                      Detection:MAL
                      Classification:mal60.winXLSX@4/8@3/3
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      Cookbook Comments:
                      • Found application associated with file extension: .xlsx
                      • Found Word or Excel or PowerPoint or XPS Viewer
                      • Attach to Office via COM
                      • Active ActiveX Object
                      • Active ActiveX Object
                      • Scroll down
                      • Close Viewer

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 52.109.32.97, 23.60.203.209, 52.109.89.19, 20.189.173.3, 199.232.214.172, 52.109.76.240, 13.89.179.13, 52.123.131.14, 20.109.210.53, 40.126.31.67
                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, weu-azsc-000.roaming.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, dual-s-0005-office.config.skype.com, onedscolprdcus21.centralus.cloudapp.azure.com, login.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprdwus02.westus.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, fe3cr.delivery.mp.microsoft.com, neu-azsc-config.officeapps.live.com, config.officeapps.live.
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtCreateKey calls found.
                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      11:20:12API Interceptor850x Sleep call for process: splwow64.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      13.107.246.67https://surveymars.com/q/78graAmKoGet hashmaliciousUnknownBrowse
                        COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                          Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                            840.xlsGet hashmaliciousUnknownBrowse
                              Royal Mail Inland Claim Form V1.3.xlsmGet hashmaliciousUnknownBrowse
                                phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                  desaremix.exeGet hashmaliciousKillMBRBrowse
                                    AccountFactuur8472.xlsmGet hashmaliciousKnowBe4Browse
                                      RFQ-JC25-#595837.xlsxGet hashmaliciousUnknownBrowse
                                        https://onedrive.live.com/redir?resid=5BFC62F3074C4120%21116&authkey=%21AOd_yBhC51KgUHc&page=View&wd=target%28Quick%20Notes.one%7C3c69d085-3af0-472e-a78d-4a68e797d5be%2FLOEB%7C8799eb25-cf12-4e70-a243-200cc3374b83%2F%29&wdorigin=NavigationUrlGet hashmaliciousUnknownBrowse
                                          3.39.153.44Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                            840.xlsGet hashmaliciousUnknownBrowse
                                              840.xlsGet hashmaliciousUnknownBrowse
                                                POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  Purchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                                      POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                                        Purchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                          5.161.200.29Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                            Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                              Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                                COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                  Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                    COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                      Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                        COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                          Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                            POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse

                                                                              Domains

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              s-part-0039.t-0009.t-msedge.nethttps://surveymars.com/q/78graAmKoGet hashmaliciousUnknownBrowse
                                                                              • 13.107.246.67
                                                                              f468369488.exeGet hashmaliciousUnknownBrowse
                                                                              • 13.107.246.67
                                                                              COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                              • 13.107.246.67
                                                                              Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                              • 13.107.246.67
                                                                              Royal Mail Inland Claim Form V1.3.xlsmGet hashmaliciousUnknownBrowse
                                                                              • 13.107.246.67
                                                                              phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                              • 13.107.246.67
                                                                              b.ps1Get hashmaliciousXWormBrowse
                                                                              • 13.107.246.67
                                                                              desaremix.exeGet hashmaliciousKillMBRBrowse
                                                                              • 13.107.246.67
                                                                              MasonRootkit.exeGet hashmaliciousUnknownBrowse
                                                                              • 13.107.246.67
                                                                              AccountFactuur8472.xlsmGet hashmaliciousKnowBe4Browse
                                                                              • 13.107.246.67
                                                                              s-0005.dual-s-dc-msedge.net20250304_150220_TA6NsGnFKBQP6WuMJfIAtA3XK3ok9HgQ.emlGet hashmaliciousUnknownBrowse
                                                                              • 52.123.130.14
                                                                              phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                              • 52.123.131.14
                                                                              phish_alert_sp2_2.0.0.0.emlGet hashmaliciousKnowBe4Browse
                                                                              • 52.123.130.14
                                                                              phish_alert_sp2_2.0.0.0 (2).emlGet hashmaliciousUnknownBrowse
                                                                              • 52.123.131.14
                                                                              Quote 09052022_1.xlsxGet hashmaliciousUnknownBrowse
                                                                              • 52.123.130.14
                                                                              Denise Salvano shared _Kerry Ingredients Flooring Standards_ with you.emlGet hashmaliciousUnknownBrowse
                                                                              • 52.123.131.14
                                                                              https://xegan4.site/nD4M/dW5.xlsGet hashmaliciousPureLog StealerBrowse
                                                                              • 52.123.130.14
                                                                              VirusShare_661c60ba6e4e5e7864714aed6cda9d55.zipGet hashmaliciousUnknownBrowse
                                                                              • 52.123.130.14
                                                                              PO202503S.xlsmGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                              • 52.123.130.14
                                                                              Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                                              • 52.123.130.14
                                                                              bg.microsoft.map.fastly.net32c560c4.msgGet hashmaliciousUnknownBrowse
                                                                              • 199.232.210.172
                                                                              Message.emlGet hashmaliciousUnknownBrowse
                                                                              • 199.232.210.172
                                                                              Quote 09052022_1.xlsxGet hashmaliciousUnknownBrowse
                                                                              • 199.232.214.172
                                                                              FW 2025 Employee Retention Agreement e-Sign Memo Reff No0883XFDTX6373KVUQ.msgGet hashmaliciousUnknownBrowse
                                                                              • 199.232.210.172
                                                                              #rfq=O250116 - #U304a#U3088#U3073#U8cfc#U5165#U5951#U7d04- Offer Z01G-00008D SUPPLY - H64PO.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                              • 199.232.214.172
                                                                              Hrwqqnw.exeGet hashmaliciousPureCrypter, AsyncRATBrowse
                                                                              • 199.232.210.172
                                                                              Factuur.pdfGet hashmaliciousUnknownBrowse
                                                                              • 199.232.210.172
                                                                              PO202503D.xlsmGet hashmaliciousDarkVision RatBrowse
                                                                              • 199.232.214.172
                                                                              U00b7pdf.vbsGet hashmaliciousUnknownBrowse
                                                                              • 199.232.214.172
                                                                              Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                                              • 199.232.214.172
                                                                              st3.proRef PO24777.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              221036299-043825-sanlccjavap0004-6531.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              MICROSOFT-CORP-MSN-AS-BLOCKUSBozza nuovo ordine 0010979742.xlsGet hashmaliciousUnknownBrowse
                                                                              • 13.107.253.72
                                                                              20250304_150220_TA6NsGnFKBQP6WuMJfIAtA3XK3ok9HgQ.emlGet hashmaliciousUnknownBrowse
                                                                              • 52.123.128.14
                                                                              20250304_150220_TA6NsGnFKBQP6WuMJfIAtA3XK3ok9HgQ.emlGet hashmaliciousUnknownBrowse
                                                                              • 52.123.130.14
                                                                              Non-Disclosure Agreement Contract.docxGet hashmaliciousUnknownBrowse
                                                                              • 52.109.28.48
                                                                              Non-Disclosure Agreement Contract.docxGet hashmaliciousUnknownBrowse
                                                                              • 13.89.178.27
                                                                              Acct# 427094 _ Plateautel Payment_ XEPOOFUCKD.emlGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                                              • 52.109.76.240
                                                                              phish_alert_sp2_2.0.0.0 (2).emlGet hashmaliciousUnknownBrowse
                                                                              • 52.123.131.14
                                                                              Message.emlGet hashmaliciousUnknownBrowse
                                                                              • 52.109.76.243
                                                                              Quote 09052022_1.xlsxGet hashmaliciousUnknownBrowse
                                                                              • 13.107.246.76
                                                                              Quote 09052022_1.xlsxGet hashmaliciousUnknownBrowse
                                                                              • 13.107.253.72
                                                                              HETZNER-ASDESoftwareIdeasProffesionalSetup.msiGet hashmaliciousDanaBotBrowse
                                                                              • 94.130.53.50
                                                                              NetworkVoxControllerSetup.msiGet hashmaliciousDanaBotBrowse
                                                                              • 94.130.53.50
                                                                              AdvancedVovMusicPlayerCommunitySetup.msiGet hashmaliciousDanaBotBrowse
                                                                              • 94.130.53.50
                                                                              na.elfGet hashmaliciousPrometeiBrowse
                                                                              • 88.198.246.242
                                                                              https://tfeweb.co.ukGet hashmaliciousUnknownBrowse
                                                                              • 144.76.9.200
                                                                              https://www.pdfskillsapp.com/?campaign_id=21646771397&adgroup_id=161873772890&placement_id=www.calcularareas.com&creative_id=714556735618&utm_source=google_b2c&gad_source=5&gclid=EAIaIQobChMIpeK-juOAjAMVMC5oCB1UKx2YEAEYASAAEgIxqPD_BwEGet hashmaliciousUnknownBrowse
                                                                              • 5.161.255.1
                                                                              na.elfGet hashmaliciousPrometeiBrowse
                                                                              • 88.198.246.242
                                                                              na.elfGet hashmaliciousPrometeiBrowse
                                                                              • 88.198.246.242
                                                                              na.elfGet hashmaliciousPrometeiBrowse
                                                                              • 88.198.246.242
                                                                              na.elfGet hashmaliciousPrometeiBrowse
                                                                              • 88.198.246.242
                                                                              AMAZONEXPANSIONGBBozza nuovo ordine 0010979742.xlsGet hashmaliciousUnknownBrowse
                                                                              • 3.39.89.152
                                                                              https://rebrand.ly/8fca12Get hashmaliciousHTMLPhisherBrowse
                                                                              • 3.33.143.57
                                                                              lisontek2.1.exeGet hashmaliciousFormBookBrowse
                                                                              • 3.33.130.190
                                                                              proforma invoice.exeGet hashmaliciousFormBookBrowse
                                                                              • 3.33.130.190
                                                                              http://account.hrblock.comGet hashmaliciousUnknownBrowse
                                                                              • 3.33.235.18
                                                                              https://studiosquicciarini.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                              • 3.33.155.121
                                                                              emotet.docGet hashmaliciousUnknownBrowse
                                                                              • 3.33.130.190
                                                                              PAYMENT COPY.exeGet hashmaliciousFormBookBrowse
                                                                              • 3.33.130.190
                                                                              Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                                              • 3.39.89.152
                                                                              Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                                              • 3.39.153.44

                                                                              JA3 Fingerprints

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              6271f898ce5be7dd52b0fc260d0662b3Bozza nuovo ordine 0010979742.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              • 3.39.153.44
                                                                              PO202503D.xlsmGet hashmaliciousDarkVision RatBrowse
                                                                              • 5.161.200.29
                                                                              • 3.39.153.44
                                                                              PO202503S.xlsmGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                              • 5.161.200.29
                                                                              • 3.39.153.44
                                                                              Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              • 3.39.153.44
                                                                              Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              • 3.39.153.44
                                                                              https://ai.omeclk.com/portal/wts/ug%5Ecmsb8As6bbOewDczQAzqeq-sjswaGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                              • 5.161.200.29
                                                                              • 3.39.153.44
                                                                              f468369488.exeGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              • 3.39.153.44
                                                                              COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              • 3.39.153.44
                                                                              Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              • 3.39.153.44
                                                                              COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                              • 5.161.200.29
                                                                              • 3.39.153.44
                                                                              a0e9f5d64349fb13191bc781f81f42e1Bozza nuovo ordine 0010979742.xlsGet hashmaliciousUnknownBrowse
                                                                              • 13.107.246.67
                                                                              publicpublicpublic.xll.ps1Get hashmaliciousLummaC StealerBrowse
                                                                              • 13.107.246.67
                                                                              Quote 09052022_1.xlsxGet hashmaliciousUnknownBrowse
                                                                              • 13.107.246.67
                                                                              SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeGet hashmaliciousPrivateLoaderBrowse
                                                                              • 13.107.246.67
                                                                              SecuriteInfo.com.Win32.MalwareX-gen.1567.5483.exeGet hashmaliciousLummaC StealerBrowse
                                                                              • 13.107.246.67
                                                                              SecuriteInfo.com.Trojan.PWS.Lumma.1819.32357.4325.exeGet hashmaliciousLummaC StealerBrowse
                                                                              • 13.107.246.67
                                                                              PO202503D.xlsmGet hashmaliciousDarkVision RatBrowse
                                                                              • 13.107.246.67
                                                                              PO202503S.xlsmGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                              • 13.107.246.67
                                                                              Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                                              • 13.107.246.67
                                                                              kcDXTU4FJm.exeGet hashmaliciousLummaC StealerBrowse
                                                                              • 13.107.246.67

                                                                              Dropped Files

                                                                              No context

                                                                              Created / dropped Files

                                                                              C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):118
                                                                              Entropy (8bit):3.5700810731231707
                                                                              Encrypted:false
                                                                              SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                              MD5:573220372DA4ED487441611079B623CD
                                                                              SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                              SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                              SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                              Malicious:false
                                                                              Reputation:high, very likely benign file
                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                              C:\Users\user\AppData\Local\Temp\96E6EB79.tmp

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):784
                                                                              Entropy (8bit):2.7137690747287806
                                                                              Encrypted:false
                                                                              SSDEEP:24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV
                                                                              MD5:09F73B3902CD3D88E04312787956B654
                                                                              SHA1:A6C275F1A65DB02D8A752C614C27E88326447C41
                                                                              SHA-256:72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26
                                                                              SHA-512:6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9
                                                                              Malicious:false
                                                                              Reputation:moderate, very likely benign file
                                                                              Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.3.0.0.4.9.2.6.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.

                                                                              C:\Users\user\AppData\Local\Temp\~DF09C7987194C8D97F.TMP

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):675840
                                                                              Entropy (8bit):0.658948567426688
                                                                              Encrypted:false
                                                                              SSDEEP:1536:7CCCh/88zeJPtV8S1Qv8sbckzQoegOya/WW/9BZ7VU:mOyrW/9BZS
                                                                              MD5:08B646E1AA3C4D67F4CA43D4502F5027
                                                                              SHA1:CAECE924A4145F7F778BD5D496C878E3A9187EB8
                                                                              SHA-256:F5980432AD64AB271D3BED9364B91FB695788FA34849DE854E536B5C3CE41095
                                                                              SHA-512:5B14319B55DF59E78B20A8CD2B4DA020CDF92BD0B3D7042FEC9D664C6DC6C7F6DD4C43064B6CBF6C1B84E2E3FCD1148537EB17F00A5A226964EA306C9F65868C
                                                                              Malicious:false
                                                                              Reputation:low
                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\~DFE3A6AF492158A37B.TMP

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):512
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:3::
                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                              Malicious:false
                                                                              Reputation:high, very likely benign file
                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\Desktop\37E20000

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Mar 11 15:20:32 2025, Security: 1
                                                                              Category:dropped
                                                                              Size (bytes):1272832
                                                                              Entropy (8bit):7.872217778705129
                                                                              Encrypted:false
                                                                              SSDEEP:24576:jLDfEc/yraCIhIFly2G7qXHFBkb82yjaQIaPYWFDh1RJAV8ySrxI:bjyGdhIFdGcFB682yjaQImLJhNI
                                                                              MD5:6C29420999C8912D2981B5305ED6C603
                                                                              SHA1:1BA913D0239B21E1258C0550E97DEE18B24982E7
                                                                              SHA-256:90C69DDCB06EEB40053296176D7F3CA6E121471F61624A79992D576FF480C8A0
                                                                              SHA-512:878875FCFAF84B16460182E5F0821CE13792CD366CB290A980FC11CC87784158EC2CF47761747AC38CC1CA81BF690F2188039DD2675A6A9A7DAB4287C0FA965D
                                                                              Malicious:false
                                                                              Preview:......................>.......................................................Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...s...............................................................................................................................................................................................................................................................................................................................................................................&.......O........................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...............................................................................d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                              C:\Users\user\Desktop\37E20000:Zone.Identifier

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):26
                                                                              Entropy (8bit):3.95006375643621
                                                                              Encrypted:false
                                                                              SSDEEP:3:ggPYV:rPYV
                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                              Malicious:false
                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                              C:\Users\user\Desktop\Purchase Inquiry.xla.xls (copy)

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Mar 11 15:20:32 2025, Security: 1
                                                                              Category:dropped
                                                                              Size (bytes):1272832
                                                                              Entropy (8bit):7.872217778705129
                                                                              Encrypted:false
                                                                              SSDEEP:24576:jLDfEc/yraCIhIFly2G7qXHFBkb82yjaQIaPYWFDh1RJAV8ySrxI:bjyGdhIFdGcFB682yjaQImLJhNI
                                                                              MD5:6C29420999C8912D2981B5305ED6C603
                                                                              SHA1:1BA913D0239B21E1258C0550E97DEE18B24982E7
                                                                              SHA-256:90C69DDCB06EEB40053296176D7F3CA6E121471F61624A79992D576FF480C8A0
                                                                              SHA-512:878875FCFAF84B16460182E5F0821CE13792CD366CB290A980FC11CC87784158EC2CF47761747AC38CC1CA81BF690F2188039DD2675A6A9A7DAB4287C0FA965D
                                                                              Malicious:false
                                                                              Preview:......................>.......................................................Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...s...............................................................................................................................................................................................................................................................................................................................................................................&.......O........................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...............................................................................d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                              C:\Users\user\Desktop\~$Purchase Inquiry.xla.xlsx

                                                                              Download File
                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):165
                                                                              Entropy (8bit):1.5231029153786204
                                                                              Encrypted:false
                                                                              SSDEEP:3:WH25nJFV:WH2/
                                                                              MD5:FB5ABAA34A0BB284B640327B9745AAAC
                                                                              SHA1:7E1063A0F1DE0E83424399F104C1D3752BFAECDE
                                                                              SHA-256:12464C713EE2E0CBBDCF98FACF8AC034D34A9F4D221D7BB7A5C7D458AAEC0AF9
                                                                              SHA-512:0FB235A4475D72D9BB6A195F6DFE471152B91F6DE0967D4174298D0A3C228BFF0ED57F0A5F388833A7793BD90F6CA0D5A974D21D795938D8D96C079AB5D99294
                                                                              Malicious:true
                                                                              Preview:.user ..h.u.b.e.r.t. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                              Static File Info

                                                                              General

                                                                              File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Mar 11 01:22:06 2025, Security: 1
                                                                              Entropy (8bit):7.606440722640607
                                                                              TrID:
                                                                              • Microsoft Excel sheet (30009/1) 78.94%
                                                                              • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                              File name:Purchase Inquiry.xla.xlsx
                                                                              File size:1'443'840 bytes
                                                                              MD5:276274b804683f9b015af1af8d4fcd68
                                                                              SHA1:82c4589b4714ba3682733ca3fc260fdc80ae2465
                                                                              SHA256:700b86b936426ac3bb8ab4d38d84e3019f7840cdd6340b22f4dd3e358e1a122d
                                                                              SHA512:15dde9280e040866476bd0b45549b12b20f1f6cc2e40642b055ba88d04ba3ebc2445c73ef328b16f33fa4d13a68d9025fcbfda688b565c31b56793678947f149
                                                                              SSDEEP:24576:aLDfEc/yraCIhIFly2G7qXHFBkb82yjaQIaPYWFDh1RJAV8L:UjyGdhIFdGcFB682yjaQImLJh
                                                                              TLSH:5565E105BF809B17E4A455B049E78EAD0668EC44EF544E1F325CF32D3DB23742E6BA68
                                                                              File Content Preview:........................>.......................................................I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...G...H...I..............................................................................................

                                                                              File Icon

                                                                              Icon Hash:35e58a8c0c8a85b9

                                                                              Static OLE Info

                                                                              General

                                                                              Document Type:OLE
                                                                              Number of OLE Files:1

                                                                              OLE File "Purchase Inquiry.xla.xlsx"

                                                                              Indicators
                                                                              Has Summary Info:
                                                                              Application Name:Microsoft Excel
                                                                              Encrypted Document:True
                                                                              Contains Word Document Stream:False
                                                                              Contains Workbook/Book Stream:True
                                                                              Contains PowerPoint Document Stream:False
                                                                              Contains Visio Document Stream:False
                                                                              Contains ObjectPool Stream:False
                                                                              Flash Objects Count:0
                                                                              Contains VBA Macros:False
                                                                              Summary
                                                                              Code Page:1252
                                                                              Author:
                                                                              Last Saved By:
                                                                              Create Time:2006-09-16 00:00:00
                                                                              Last Saved Time:2025-03-11 01:22:06
                                                                              Creating Application:Microsoft Excel
                                                                              Security:1
                                                                              Document Summary
                                                                              Document Code Page:1252
                                                                              Thumbnail Scaling Desired:False
                                                                              Contains Dirty Links:False
                                                                              Shared Document:False
                                                                              Changed Hyperlinks:False
                                                                              Application Version:786432

                                                                              Streams

                                                                              Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                                              General
                                                                              Stream Path:\x1CompObj
                                                                              CLSID:
                                                                              File Type:data
                                                                              Stream Size:114
                                                                              Entropy:4.25248375192737
                                                                              Base64 Encoded:True
                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                                              General
                                                                              Stream Path:\x5DocumentSummaryInformation
                                                                              CLSID:
                                                                              File Type:data
                                                                              Stream Size:244
                                                                              Entropy:2.889430592781307
                                                                              Base64 Encoded:False
                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                                                              Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
                                                                              General
                                                                              Stream Path:\x5SummaryInformation
                                                                              CLSID:
                                                                              File Type:data
                                                                              Stream Size:200
                                                                              Entropy:3.2185724163189633
                                                                              Base64 Encoded:False
                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . Z . $ . . . . . . . . .
                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                                              Stream Path: MBD00938691/\x1CompObj, File Type: data, Stream Size: 114
                                                                              General
                                                                              Stream Path:MBD00938691/\x1CompObj
                                                                              CLSID:
                                                                              File Type:data
                                                                              Stream Size:114
                                                                              Entropy:4.25248375192737
                                                                              Base64 Encoded:True
                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Stream Path: MBD00938691/\x5DocumentSummaryInformation, File Type: data, Stream Size: 560
                                                                              General
                                                                              Stream Path:MBD00938691/\x5DocumentSummaryInformation
                                                                              CLSID:
                                                                              File Type:data
                                                                              Stream Size:560
                                                                              Entropy:3.3879366798911743
                                                                              Base64 Encoded:True
                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 8c 01 00 00 48 01 00 00 10 00 00 00 01 00 00 00 88 00 00 00 03 00 00 00 90 00 00 00 05 00 00 00 9c 00 00 00 06 00 00 00 a4 00 00 00 07 00 00 00 ac 00 00 00 08 00 00 00 b4 00 00 00 09 00 00 00
                                                                              Stream Path: MBD00938691/\x5SummaryInformation, File Type: data, Stream Size: 169088
                                                                              General
                                                                              Stream Path:MBD00938691/\x5SummaryInformation
                                                                              CLSID:
                                                                              File Type:data
                                                                              Stream Size:169088
                                                                              Entropy:3.242943699085938
                                                                              Base64 Encoded:True
                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . P . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . 1 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . . g . @ . . . . . . Q < . . @ . . . .
                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 50 94 02 00 0e 00 00 00 01 00 00 00 78 00 00 00 04 00 00 00 80 00 00 00 07 00 00 00 94 00 00 00 08 00 00 00 a0 00 00 00 09 00 00 00 b0 00 00 00 12 00 00 00 bc 00 00 00 0b 00 00 00 d4 00 00 00 0c 00 00 00 e0 00 00 00 0d 00 00 00 ec 00 00 00
                                                                              Stream Path: MBD00938691/MBD009374CA/\x1CompObj, File Type: data, Stream Size: 114
                                                                              General
                                                                              Stream Path:MBD00938691/MBD009374CA/\x1CompObj
                                                                              CLSID:
                                                                              File Type:data
                                                                              Stream Size:114
                                                                              Entropy:4.219515110876372
                                                                              Base64 Encoded:False
                                                                              Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Stream Path: MBD00938691/MBD009374CA/Package, File Type: Microsoft Excel 2007+, Stream Size: 1147991
                                                                              General
                                                                              Stream Path:MBD00938691/MBD009374CA/Package
                                                                              CLSID:
                                                                              File Type:Microsoft Excel 2007+
                                                                              Stream Size:1147991
                                                                              Entropy:7.8858098387040725
                                                                              Base64 Encoded:True
                                                                              Data ASCII:P K . . . . . . . . . . ! . b ( ( . . . l . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                              Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 62 89 28 28 aa 01 00 00 6c 06 00 00 13 00 d5 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 d1 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Stream Path: MBD00938691/MBD00937B55/\x1CompObj, File Type: data, Stream Size: 114
                                                                              General
                                                                              Stream Path:MBD00938691/MBD00937B55/\x1CompObj
                                                                              CLSID:
                                                                              File Type:data
                                                                              Stream Size:114
                                                                              Entropy:4.219515110876372
                                                                              Base64 Encoded:False
                                                                              Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Stream Path: MBD00938691/MBD00937B55/Package, File Type: Microsoft Excel 2007+, Stream Size: 19563
                                                                              General
                                                                              Stream Path:MBD00938691/MBD00937B55/Package
                                                                              CLSID:
                                                                              File Type:Microsoft Excel 2007+
                                                                              Stream Size:19563
                                                                              Entropy:7.559019050311009
                                                                              Base64 Encoded:True
                                                                              Data ASCII:P K . . . . . . . . . . ! . . z > . . . 8 . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                              Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 c1 0c 7a 3e 86 01 00 00 38 05 00 00 13 00 cd 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c9 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Stream Path: MBD00938691/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 34717
                                                                              General
                                                                              Stream Path:MBD00938691/Workbook
                                                                              CLSID:
                                                                              File Type:Applesoft BASIC program data, first line number 16
                                                                              Stream Size:34717
                                                                              Entropy:5.594043806360197
                                                                              Base64 Encoded:True
                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . Z T 0 8 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . .
                                                                              Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                              Stream Path: MBD00938692/\x1Ole, File Type: data, Stream Size: 826
                                                                              General
                                                                              Stream Path:MBD00938692/\x1Ole
                                                                              CLSID:
                                                                              File Type:data
                                                                              Stream Size:826
                                                                              Entropy:4.7890076969976
                                                                              Base64 Encoded:False
                                                                              Data ASCII:. . . . . p 6 . ! q . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . s . t . 3 . . . p . r . o . / . h . N . j . K . T . U . f . ? . & . k . a . l . e . = . n . o . x . i . o . u . s . & . s . t . e . p . - . g . r . a . n . d . f . a . t . h . e . r . = . l . a . r . g . e . & . m . o . n . s . o . o . n . . . j . . m T * . c . I . k f D . n . . $ . ) L . ? q . . y . 9 . . g F . ~ C k { 2 . - l z . . . . . . . . . . . . . . . . . . . w . H . n . Q . 7 . r . w . W . k . L . k
                                                                              Data Raw:01 00 00 02 03 70 ad 36 dd 92 21 71 00 00 00 00 00 00 00 00 00 00 00 00 e4 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b e0 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 73 00 74 00 33 00 2e 00 70 00 72 00 6f 00 2f 00 68 00 4e 00 6a 00 4b 00 54 00 55 00 66 00 3f 00 26 00 6b 00 61 00 6c 00 65 00 3d 00 6e 00 6f 00 78 00 69 00 6f 00 75 00 73 00 26 00 73 00 74 00
                                                                              Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 52823
                                                                              General
                                                                              Stream Path:Workbook
                                                                              CLSID:
                                                                              File Type:Applesoft BASIC program data, first line number 16
                                                                              Stream Size:52823
                                                                              Entropy:7.979585685771197
                                                                              Base64 Encoded:True
                                                                              Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . A { t . . \\ & . | . H s 8 [ z ! O ` . + . . . . . . . . . . . . ] . . . \\ . p . + 7 . % 9 ] . . T z a | A . K K \\ . Z 2 U . e 2 . % ' 7 F q . < . d . a o . } . . c { . ~ v m > . } u . . . S + o X . ! E ! . a B . . . . a . . . . . . . . = . . . g . . . . , . o F b 2 E B . . . . + . . . . . . . . . C . . . . / H . . . $ . . . . = . . . ^ . . . u } l b = @ . . . > . . . _ 5 " . . . 8 k . . . . g . . . 4 . . . 1 . . . S Z i . i X . . s . t . . } 1 . . . .
                                                                              Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 41 7b 20 b0 92 74 af d3 a9 b4 84 c9 f0 a4 dd a8 c9 5c de 26 a2 da a3 7c 0b 48 73 97 ac 38 5b d4 f5 f3 de 7a 21 f5 d2 4f 82 fa 60 cb 1c 2b f7 d5 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 18 5d e2 00 00 00 5c 00 70 00 2b 37 9e 18 95 25 ad b1 39 5d e2 ea e1 a9 83 0a b3 9f 54 7a 61 dc 7c ad 41 0c

                                                                              Network Behavior

                                                                              Suricata IDS Alerts

                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                              2025-03-11T16:20:11.206516+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84970413.107.246.67443TCP
                                                                              2025-03-11T16:20:19.161423+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84970713.107.246.67443TCP
                                                                              2025-03-11T16:20:19.193562+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84970613.107.246.67443TCP

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Mar 11, 2025 16:20:01.785345078 CET49701443192.168.2.85.161.200.29
                                                                              Mar 11, 2025 16:20:01.785397053 CET443497015.161.200.29192.168.2.8
                                                                              Mar 11, 2025 16:20:01.785468102 CET49701443192.168.2.85.161.200.29
                                                                              Mar 11, 2025 16:20:01.785753012 CET49701443192.168.2.85.161.200.29
                                                                              Mar 11, 2025 16:20:01.785764933 CET443497015.161.200.29192.168.2.8
                                                                              Mar 11, 2025 16:20:03.597927094 CET443497015.161.200.29192.168.2.8
                                                                              Mar 11, 2025 16:20:03.598059893 CET49701443192.168.2.85.161.200.29
                                                                              Mar 11, 2025 16:20:03.615900040 CET49701443192.168.2.85.161.200.29
                                                                              Mar 11, 2025 16:20:03.615920067 CET443497015.161.200.29192.168.2.8
                                                                              Mar 11, 2025 16:20:03.616240978 CET443497015.161.200.29192.168.2.8
                                                                              Mar 11, 2025 16:20:03.616296053 CET49701443192.168.2.85.161.200.29
                                                                              Mar 11, 2025 16:20:03.617120981 CET49701443192.168.2.85.161.200.29
                                                                              Mar 11, 2025 16:20:03.664329052 CET443497015.161.200.29192.168.2.8
                                                                              Mar 11, 2025 16:20:04.137221098 CET443497015.161.200.29192.168.2.8
                                                                              Mar 11, 2025 16:20:04.137281895 CET49701443192.168.2.85.161.200.29
                                                                              Mar 11, 2025 16:20:04.137291908 CET443497015.161.200.29192.168.2.8
                                                                              Mar 11, 2025 16:20:04.137303114 CET443497015.161.200.29192.168.2.8
                                                                              Mar 11, 2025 16:20:04.137331963 CET49701443192.168.2.85.161.200.29
                                                                              Mar 11, 2025 16:20:04.137357950 CET49701443192.168.2.85.161.200.29
                                                                              Mar 11, 2025 16:20:04.148514032 CET49701443192.168.2.85.161.200.29
                                                                              Mar 11, 2025 16:20:04.148528099 CET443497015.161.200.29192.168.2.8
                                                                              Mar 11, 2025 16:20:04.203588963 CET49702443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:04.203624964 CET443497023.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:04.204365969 CET49702443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:04.204365969 CET49702443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:04.204396009 CET443497023.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:07.032169104 CET443497023.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:07.032351971 CET49702443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:07.036195040 CET49702443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:07.036205053 CET443497023.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:07.036492109 CET443497023.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:07.037393093 CET49702443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:07.037394047 CET49702443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:07.080318928 CET443497023.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:07.711117029 CET443497023.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:07.711220026 CET443497023.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:07.711312056 CET49702443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:07.711415052 CET49702443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:07.720429897 CET49702443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:07.720448971 CET443497023.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:07.721329927 CET49703443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:07.721364021 CET443497033.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:07.721438885 CET49703443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:07.721647978 CET49703443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:07.721661091 CET443497033.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:09.099214077 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:09.099276066 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:09.099350929 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:09.099647999 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:09.099663019 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:10.047039032 CET443497033.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:10.047179937 CET49703443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:10.047689915 CET49703443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:10.047705889 CET443497033.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:10.047898054 CET49703443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:10.047904015 CET443497033.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:10.936959982 CET443497033.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:10.936990976 CET443497033.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:10.937072039 CET443497033.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:10.937124968 CET49703443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:10.937153101 CET49703443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:10.937963009 CET49703443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:10.937982082 CET443497033.39.153.44192.168.2.8
                                                                              Mar 11, 2025 16:20:10.937995911 CET49703443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:10.938029051 CET49703443192.168.2.83.39.153.44
                                                                              Mar 11, 2025 16:20:11.206384897 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.206516027 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.208154917 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.208173037 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.208483934 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.209608078 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.252324104 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.762430906 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.762471914 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.762487888 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.762535095 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.762557983 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.762568951 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.762600899 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.848843098 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.848867893 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.848923922 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.848946095 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.848978043 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.848998070 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.905101061 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.905124903 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.905190945 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.905208111 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.905235052 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.905253887 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.930418968 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.930438995 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.930511951 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.930526018 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.930563927 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.981513023 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.981533051 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.981600046 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:11.981631041 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:11.981667995 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.010477066 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.010509014 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.010548115 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.010607004 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.010615110 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.010649920 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.046003103 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.046030998 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.046084881 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.046114922 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.046138048 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.046159029 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.064707994 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.064730883 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.064806938 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.064834118 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.064903021 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.068882942 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.068900108 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.068960905 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.068970919 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.069009066 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.079586029 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.079605103 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.079651117 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.079658985 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.079699993 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.096344948 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.096406937 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.096425056 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.096431971 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.096472979 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.111726046 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.111807108 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.113121986 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.113178968 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.122657061 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.122720003 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.122739077 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.122745991 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.122790098 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.137350082 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.137413979 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.137430906 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.137439966 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.137466908 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.137485981 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.151613951 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.151654005 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.151693106 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.151700974 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.151741028 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.151760101 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.163418055 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.163439035 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.163481951 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.163490057 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.163525105 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.185837984 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.185862064 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.185906887 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.185913086 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.185952902 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.186753988 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.186770916 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.186820030 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.186825991 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.186857939 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.191529036 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.191548109 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.191591024 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.191596985 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.191637993 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.206814051 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.206831932 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.206899881 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.206907988 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.206943035 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.224176884 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.224196911 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.224337101 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.224344969 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.224394083 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.231180906 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.231199980 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.231272936 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.231281042 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.231446981 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.236124992 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.236140966 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.236215115 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.236222982 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.236258984 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.248097897 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.248116016 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.248197079 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.248204947 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.248234987 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.259134054 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.259152889 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.259207964 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.259218931 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.259259939 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.268959045 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.268995047 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.269082069 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.269095898 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.269140005 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.277693033 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.277715921 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.277786970 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.277798891 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.277847052 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.288075924 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.288100958 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.288183928 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.288191080 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.288233042 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.311646938 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.311677933 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.311784983 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.311800957 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.311846018 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.318788052 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.318818092 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.318888903 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.318906069 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.318948030 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.324915886 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.324934959 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.325000048 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.325014114 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.325052023 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.343204021 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.343221903 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.343296051 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.343308926 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.343350887 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.357738972 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.357757092 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.357814074 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.357820988 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.357857943 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.370821953 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.370846987 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.370939016 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.370950937 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.371088982 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.387428045 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.387456894 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.387491941 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.387499094 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.387537003 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.396826029 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.396855116 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.396891117 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.396903038 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.396918058 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.396936893 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.401873112 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.401895046 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.401937008 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.401947975 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.401976109 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.401995897 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.405649900 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.405668974 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.405745029 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.405750990 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.405786991 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.411921024 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.411948919 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.412019014 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.412024021 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.412060976 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.430362940 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.430383921 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.430464029 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.430469990 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.430510998 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.444238901 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.444269896 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.444370031 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.444389105 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.444432974 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.457158089 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.457186937 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.457273960 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.457283020 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.457323074 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.474402905 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.474427938 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.474513054 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.474538088 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.474585056 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.483690977 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.483715057 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.483798981 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.483808041 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.483854055 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.488802910 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.488835096 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.488887072 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.488895893 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.488945007 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.489105940 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.492589951 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.492610931 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.492677927 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.492690086 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.492731094 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.503381014 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.503407955 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.503499031 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.503506899 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.503550053 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.547542095 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.547574043 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.547698021 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.547724009 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.547770977 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.565438986 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.565465927 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.565668106 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.565701008 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.565752029 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.587038994 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.587071896 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.587261915 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.587279081 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.587348938 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.610901117 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.610929966 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.611016989 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.611032009 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.611078978 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.623014927 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.623047113 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.623114109 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.623126030 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.623155117 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.623173952 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.624315977 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.624344110 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.624383926 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.624392986 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.624419928 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.624439955 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.625051975 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.625081062 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.625123978 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.625133038 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.625164032 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.625176907 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.628649950 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.628668070 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.628724098 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.628735065 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.628777981 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.645530939 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.645550966 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.645627975 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.645638943 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.645678997 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.652472973 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.652491093 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.652548075 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.652558088 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.652599096 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.673865080 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.673892975 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.673969984 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.673979044 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.674021006 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.697777987 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.697797060 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.697879076 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.697890043 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.697938919 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.709781885 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.709806919 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.709880114 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.709914923 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.710180044 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.711543083 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.711574078 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.711662054 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.711675882 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.711795092 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.712371111 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.712393999 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.712455034 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.712466955 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.712519884 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.715501070 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.715518951 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.715616941 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.715624094 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.715670109 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.732604980 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.732625961 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.732774973 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.732805014 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.732882023 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.739377022 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.739394903 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.739466906 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.739483118 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.739582062 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.761269093 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.761287928 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.761428118 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.761446953 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.761531115 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.787440062 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.787471056 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.787622929 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.787642002 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.787765026 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.802526951 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.802546024 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.802587032 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.802654982 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.802772045 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.803019047 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.803036928 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:12.803055048 CET49704443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:12.803060055 CET4434970413.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:17.006465912 CET49706443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:17.006546974 CET4434970613.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:17.006700993 CET49706443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:17.006920099 CET49706443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:17.006936073 CET4434970613.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:17.007436037 CET49707443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:17.007472992 CET4434970713.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:17.007785082 CET49707443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:17.007946968 CET49707443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:17.007958889 CET4434970713.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.160927057 CET4434970713.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.161422968 CET49707443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:19.161439896 CET4434970713.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.162405968 CET49707443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:19.162410975 CET4434970713.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.192965984 CET4434970613.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.193562031 CET49706443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:19.193587065 CET4434970613.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.194400072 CET49706443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:19.194406986 CET4434970613.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.761567116 CET4434970613.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.761598110 CET4434970613.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.761678934 CET4434970613.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.761679888 CET49706443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:19.761739016 CET49706443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:19.761982918 CET49706443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:19.762001038 CET4434970613.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.762016058 CET49706443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:19.762025118 CET4434970613.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.807084084 CET4434970713.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.807168961 CET4434970713.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.807220936 CET49707443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:19.807441950 CET49707443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:19.807456017 CET4434970713.107.246.67192.168.2.8
                                                                              Mar 11, 2025 16:20:19.807529926 CET49707443192.168.2.813.107.246.67
                                                                              Mar 11, 2025 16:20:19.807535887 CET4434970713.107.246.67192.168.2.8

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Mar 11, 2025 16:20:01.765172958 CET5606953192.168.2.81.1.1.1
                                                                              Mar 11, 2025 16:20:01.784583092 CET53560691.1.1.1192.168.2.8
                                                                              Mar 11, 2025 16:20:04.154896021 CET6300053192.168.2.81.1.1.1
                                                                              Mar 11, 2025 16:20:04.202733994 CET53630001.1.1.1192.168.2.8
                                                                              Mar 11, 2025 16:20:09.090856075 CET6378853192.168.2.81.1.1.1
                                                                              Mar 11, 2025 16:20:09.098372936 CET53637881.1.1.1192.168.2.8

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              Mar 11, 2025 16:20:01.765172958 CET192.168.2.81.1.1.10xd3ffStandard query (0)st3.proA (IP address)IN (0x0001)false
                                                                              Mar 11, 2025 16:20:04.154896021 CET192.168.2.81.1.1.10xd55dStandard query (0)link.saja.marketA (IP address)IN (0x0001)false
                                                                              Mar 11, 2025 16:20:09.090856075 CET192.168.2.81.1.1.10x4b8dStandard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              Mar 11, 2025 16:19:07.289474964 CET1.1.1.1192.168.2.80x4f4cNo error (0)ecs-office.s-0005.dual-s-msedge.netshed.s-0005.dual-s-dc-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                              Mar 11, 2025 16:19:07.289474964 CET1.1.1.1192.168.2.80x4f4cNo error (0)shed.s-0005.dual-s-dc-msedge.nets-0005.dual-s-dc-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                              Mar 11, 2025 16:19:07.289474964 CET1.1.1.1192.168.2.80x4f4cNo error (0)s-0005.dual-s-dc-msedge.net52.123.131.14A (IP address)IN (0x0001)false
                                                                              Mar 11, 2025 16:19:07.289474964 CET1.1.1.1192.168.2.80x4f4cNo error (0)s-0005.dual-s-dc-msedge.net52.123.130.14A (IP address)IN (0x0001)false
                                                                              Mar 11, 2025 16:19:14.899504900 CET1.1.1.1192.168.2.80x4257No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                              Mar 11, 2025 16:19:14.899504900 CET1.1.1.1192.168.2.80x4257No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                              Mar 11, 2025 16:20:01.784583092 CET1.1.1.1192.168.2.80xd3ffNo error (0)st3.pro5.161.200.29A (IP address)IN (0x0001)false
                                                                              Mar 11, 2025 16:20:04.202733994 CET1.1.1.1192.168.2.80xd55dNo error (0)link.saja.marketistio.saja.marketCNAME (Canonical name)IN (0x0001)false
                                                                              Mar 11, 2025 16:20:04.202733994 CET1.1.1.1192.168.2.80xd55dNo error (0)istio.saja.marketservice-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                              Mar 11, 2025 16:20:04.202733994 CET1.1.1.1192.168.2.80xd55dNo error (0)service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com3.39.153.44A (IP address)IN (0x0001)false
                                                                              Mar 11, 2025 16:20:04.202733994 CET1.1.1.1192.168.2.80xd55dNo error (0)service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com3.39.89.152A (IP address)IN (0x0001)false
                                                                              Mar 11, 2025 16:20:09.098372936 CET1.1.1.1192.168.2.80x4b8dNo error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                                              Mar 11, 2025 16:20:09.098372936 CET1.1.1.1192.168.2.80x4b8dNo error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                              Mar 11, 2025 16:20:09.098372936 CET1.1.1.1192.168.2.80x4b8dNo error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0039.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                              Mar 11, 2025 16:20:09.098372936 CET1.1.1.1192.168.2.80x4b8dNo error (0)shed.dual-low.s-part-0039.t-0009.t-msedge.nets-part-0039.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                              Mar 11, 2025 16:20:09.098372936 CET1.1.1.1192.168.2.80x4b8dNo error (0)s-part-0039.t-0009.t-msedge.net13.107.246.67A (IP address)IN (0x0001)false

                                                                              HTTP Request Dependency Graph

                                                                              • st3.pro
                                                                              • link.saja.market
                                                                              • otelrules.svc.static.microsoft

                                                                              HTTPS Proxied Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.8497015.161.200.294437148C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              TimestampBytes transferredDirectionData
                                                                              2025-03-11 15:20:03 UTC237OUTGET /hNjKTUf?&kale=noxious&step-grandfather=large&monsoon HTTP/1.1
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                              Host: st3.pro
                                                                              Connection: Keep-Alive
                                                                              2025-03-11 15:20:04 UTC471INHTTP/1.1 302 Found
                                                                              Content-Length: 111
                                                                              Content-Type: text/plain; charset=utf-8
                                                                              Date: Tue, 11 Mar 2025 15:20:03 GMT
                                                                              Location: https://link.saja.market/iAA8YJYDlh?&specific=verdant&pants=pastoral&stinger=fast&zoology
                                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                              Vary: Accept
                                                                              X-Content-Type-Options: nosniff
                                                                              X-Dns-Prefetch-Control: off
                                                                              X-Download-Options: noopen
                                                                              X-Frame-Options: SAMEORIGIN
                                                                              X-Xss-Protection: 1; mode=block
                                                                              Connection: close
                                                                              2025-03-11 15:20:04 UTC111INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 6c 69 6e 6b 2e 73 61 6a 61 2e 6d 61 72 6b 65 74 2f 69 41 41 38 59 4a 59 44 6c 68 3f 26 73 70 65 63 69 66 69 63 3d 76 65 72 64 61 6e 74 26 70 61 6e 74 73 3d 70 61 73 74 6f 72 61 6c 26 73 74 69 6e 67 65 72 3d 66 61 73 74 26 7a 6f 6f 6c 6f 67 79
                                                                              Data Ascii: Found. Redirecting to https://link.saja.market/iAA8YJYDlh?&specific=verdant&pants=pastoral&stinger=fast&zoology


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.8497023.39.153.444437148C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              TimestampBytes transferredDirectionData
                                                                              2025-03-11 15:20:07 UTC258OUTGET /iAA8YJYDlh?&specific=verdant&pants=pastoral&stinger=fast&zoology HTTP/1.1
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                              Connection: Keep-Alive
                                                                              Host: link.saja.market
                                                                              2025-03-11 15:20:07 UTC452INHTTP/1.1 301 Moved Permanently
                                                                              Date: Tue, 11 Mar 2025 15:20:07 GMT
                                                                              Content-Type: text/plain; charset=utf-8
                                                                              Content-Length: 38
                                                                              Connection: close
                                                                              x-dns-prefetch-control: off
                                                                              x-frame-options: SAMEORIGIN
                                                                              strict-transport-security: max-age=15552000; includeSubDomains
                                                                              x-download-options: noopen
                                                                              x-content-type-options: nosniff
                                                                              x-xss-protection: 1; mode=block
                                                                              location: /404
                                                                              vary: Accept
                                                                              x-envoy-upstream-service-time: 5
                                                                              server: istio-envoy
                                                                              2025-03-11 15:20:07 UTC38INData Raw: 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 34 30 34
                                                                              Data Ascii: Moved Permanently. Redirecting to /404


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              2192.168.2.8497033.39.153.444437148C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              TimestampBytes transferredDirectionData
                                                                              2025-03-11 15:20:10 UTC197OUTGET /404 HTTP/1.1
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                              Connection: Keep-Alive
                                                                              Host: link.saja.market
                                                                              2025-03-11 15:20:10 UTC504INHTTP/1.1 404 Not Found
                                                                              Date: Tue, 11 Mar 2025 15:20:10 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Content-Length: 4645
                                                                              Connection: close
                                                                              x-dns-prefetch-control: off
                                                                              x-frame-options: SAMEORIGIN
                                                                              strict-transport-security: max-age=15552000; includeSubDomains
                                                                              x-download-options: noopen
                                                                              x-content-type-options: nosniff
                                                                              x-xss-protection: 1; mode=block
                                                                              x-powered-by: Next.js
                                                                              etag: "1225-W2Ao8CtLz4X2brSH9KxQ4GHunnc"
                                                                              vary: Accept-Encoding
                                                                              x-envoy-upstream-service-time: 20
                                                                              server: istio-envoy
                                                                              2025-03-11 15:20:10 UTC4645INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 75 6e 64 65 66 69 6e 65 64 20 69 73 20 61 20 66 72 65 65 20 61 6e 64 20 6f 70 65 6e 20 73 6f 75 72 63 65 20 55 52 4c 20 73 68 6f 72 74 65 6e 65 72 20 77 69 74 68 20 63 75 73 74 6f 6d 20 64 6f 6d 61 69 6e 73 20 61 6e
                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/><meta name="description" content="undefined is a free and open source URL shortener with custom domains an


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              3192.168.2.84970413.107.246.674437148C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              TimestampBytes transferredDirectionData
                                                                              2025-03-11 15:20:11 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Accept-Encoding: gzip
                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                                                              Host: otelrules.svc.static.microsoft
                                                                              2025-03-11 15:20:11 UTC493INHTTP/1.1 200 OK
                                                                              Date: Tue, 11 Mar 2025 15:20:11 GMT
                                                                              Content-Type: text/plain
                                                                              Content-Length: 1114783
                                                                              Connection: close
                                                                              Vary: Accept-Encoding
                                                                              Cache-Control: public
                                                                              Last-Modified: Mon, 10 Mar 2025 13:15:17 GMT
                                                                              ETag: "0x8DD5FD59A686EBF"
                                                                              x-ms-request-id: 66fb9c54-901e-00ac-2679-92b69e000000
                                                                              x-ms-version: 2018-03-28
                                                                              x-azure-ref: 20250311T152011Z-178d6db7786z4lbrhC1MIA19tw00000003q000000000448k
                                                                              x-fd-int-roxy-purgeid: 0
                                                                              X-Cache-Info: L1_T2
                                                                              X-Cache: TCP_HIT
                                                                              Accept-Ranges: bytes
                                                                              2025-03-11 15:20:11 UTC15891INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
                                                                              Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
                                                                              2025-03-11 15:20:11 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32
                                                                              Data Ascii: /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C T="U32
                                                                              2025-03-11 15:20:11 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 49 33 32
                                                                              Data Ascii: </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C T="I32
                                                                              2025-03-11 15:20:11 UTC16384INData Raw: 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                              Data Ascii: <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE"> <
                                                                              2025-03-11 15:20:11 UTC16384INData Raw: 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54
                                                                              Data Ascii: I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C> <S T
                                                                              2025-03-11 15:20:12 UTC16384INData Raw: 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32 33 2d 30 61 66 39 2d
                                                                              Data Ascii: coding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e23-0af9-
                                                                              2025-03-11 15:20:12 UTC16384INData Raw: 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55
                                                                              Data Ascii: "TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S> <C T="U
                                                                              2025-03-11 15:20:12 UTC16384INData Raw: 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20
                                                                              Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R> <V
                                                                              2025-03-11 15:20:12 UTC16384INData Raw: 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70 74 69 6f 6e 22 3e 0d
                                                                              Data Ascii: <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownException">
                                                                              2025-03-11 15:20:12 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20
                                                                              Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              4192.168.2.84970713.107.246.674437148C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              TimestampBytes transferredDirectionData
                                                                              2025-03-11 15:20:19 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Accept-Encoding: gzip
                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                                                              Host: otelrules.svc.static.microsoft
                                                                              2025-03-11 15:20:19 UTC498INHTTP/1.1 200 OK
                                                                              Date: Tue, 11 Mar 2025 15:20:19 GMT
                                                                              Content-Type: text/xml
                                                                              Content-Length: 204
                                                                              Connection: close
                                                                              Cache-Control: public, max-age=604800, immutable
                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                              ETag: "0x8DC582BB6C8527A"
                                                                              x-ms-request-id: 15746ebb-501e-0029-4a07-92d0b8000000
                                                                              x-ms-version: 2018-03-28
                                                                              x-azure-ref: 20250311T152019Z-178d6db7786h4wrlhC1MIAzk800000000dsg00000000zbbw
                                                                              x-fd-int-roxy-purgeid: 0
                                                                              X-Cache-Info: L2_T2
                                                                              X-Cache: TCP_REMOTE_HIT
                                                                              Accept-Ranges: bytes
                                                                              2025-03-11 15:20:19 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              5192.168.2.84970613.107.246.674437148C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              TimestampBytes transferredDirectionData
                                                                              2025-03-11 15:20:19 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Accept-Encoding: gzip
                                                                              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                                                              Host: otelrules.svc.static.microsoft
                                                                              2025-03-11 15:20:19 UTC522INHTTP/1.1 200 OK
                                                                              Date: Tue, 11 Mar 2025 15:20:19 GMT
                                                                              Content-Type: text/xml
                                                                              Content-Length: 2128
                                                                              Connection: close
                                                                              Vary: Accept-Encoding
                                                                              Cache-Control: public, max-age=604800, immutable
                                                                              Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                                              ETag: "0x8DC582BA41F3C62"
                                                                              x-ms-request-id: 06700576-401e-00a3-4514-928b09000000
                                                                              x-ms-version: 2018-03-28
                                                                              x-azure-ref: 20250311T152019Z-178d6db77866gf7thC1MIAyt2g000000055g00000000f2fr
                                                                              x-fd-int-roxy-purgeid: 0
                                                                              X-Cache-Info: L2_T2
                                                                              X-Cache: TCP_REMOTE_HIT
                                                                              Accept-Ranges: bytes
                                                                              2025-03-11 15:20:19 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              General

                                                                              Target ID:0
                                                                              Start time:11:19:00
                                                                              Start date:11/03/2025
                                                                              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                              Imagebase:0x730000
                                                                              File size:53'161'064 bytes
                                                                              MD5 hash:4A871771235598812032C822E6F68F19
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:12
                                                                              Start time:11:20:12
                                                                              Start date:11/03/2025
                                                                              Path:C:\Windows\splwow64.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\splwow64.exe 12288
                                                                              Imagebase:0x7ff764580000
                                                                              File size:163'840 bytes
                                                                              MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:17
                                                                              Start time:11:20:33
                                                                              Start date:11/03/2025
                                                                              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Purchase Inquiry.xla.xlsx"
                                                                              Imagebase:0x730000
                                                                              File size:53'161'064 bytes
                                                                              MD5 hash:4A871771235598812032C822E6F68F19
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              Disassembly

                                                                              No disassembly