Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Inquiry.xla.xlsx

Overview

General Information

Sample name:Purchase Inquiry.xla.xlsx
Analysis ID:1636038
MD5:0c37ce3722d5c40f455a85337c2755a0
SHA1:7d103a5ac1acc8b50a1a94330d012c42360ce9d2
SHA256:8a1fbda779334255e8bd64158f0fa7cb7e203921f8701e60f1c8ab7a8c2f1a54
Tags:xlsxuser-lowmal3
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Detected non-DNS traffic on DNS port
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 1008 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 3748 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 1460 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Purchase Inquiry.xla.xlsx" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 5.161.200.29, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 1008, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 58959
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.5, DestinationIsIpv6: false, DestinationPort: 58959, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 1008, Protocol: tcp, SourceIp: 5.161.200.29, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-12T10:34:24.695452+010020283713Unknown Traffic192.168.2.55896313.107.246.76443TCP
2025-03-12T10:34:32.015980+010020283713Unknown Traffic192.168.2.55896413.107.246.76443TCP
2025-03-12T10:34:32.121561+010020283713Unknown Traffic192.168.2.55896513.107.246.76443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Purchase Inquiry.xla.xlsxVirustotal: Detection: 26%Perma Link
Source: Purchase Inquiry.xla.xlsxReversingLabs: Detection: 23%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.5:58963 version: TLS 1.2
Source: global trafficDNS query: name: st3.pro
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58959 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58959 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58959 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58959 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58959 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58959 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58960 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58960 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58960 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58960 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58960 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58960 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58961 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58961 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58961 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58961 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58956 -> 162.159.36.2:53
Source: global trafficTCP traffic: 162.159.36.2:53 -> 192.168.2.5:58956
Source: global trafficTCP traffic: 192.168.2.5:58956 -> 162.159.36.2:53
Source: global trafficTCP traffic: 162.159.36.2:53 -> 192.168.2.5:58956
Source: global trafficTCP traffic: 192.168.2.5:58956 -> 162.159.36.2:53
Source: global trafficTCP traffic: 162.159.36.2:53 -> 192.168.2.5:58956
Source: global trafficTCP traffic: 192.168.2.5:58956 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.5:58959 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.5:58959
Source: global trafficTCP traffic: 192.168.2.5:58959 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58959 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.5:58959
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.5:58959
Source: global trafficTCP traffic: 192.168.2.5:58959 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58959 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.5:58959
Source: global trafficTCP traffic: 192.168.2.5:58959 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58960 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.5:58960
Source: global trafficTCP traffic: 192.168.2.5:58960 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58960 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.5:58960
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.5:58960
Source: global trafficTCP traffic: 192.168.2.5:58960 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58960 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.5:58960
Source: global trafficTCP traffic: 192.168.2.5:58960 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58961 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.5:58961
Source: global trafficTCP traffic: 192.168.2.5:58961 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58961 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.5:58961
Source: global trafficTCP traffic: 192.168.2.5:58961 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58963 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58963
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58964
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58964
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58965
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58965
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58964
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58964
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58964
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58965
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58965
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58965
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58964
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58964
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58964
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58964
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58964 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58964
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58965
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58965
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58965
Source: global trafficTCP traffic: 192.168.2.5:58965 -> 13.107.246.76:443
Source: global trafficTCP traffic: 13.107.246.76:443 -> 192.168.2.5:58965
Source: global trafficTCP traffic: 192.168.2.5:58956 -> 162.159.36.2:53
Source: Joe Sandbox ViewIP Address: 13.107.246.76 13.107.246.76
Source: Joe Sandbox ViewIP Address: 5.161.200.29 5.161.200.29
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:58963 -> 13.107.246.76:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:58965 -> 13.107.246.76:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:58964 -> 13.107.246.76:443
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficDNS traffic detected: DNS query: st3.pro
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: Purchase Inquiry.xla.xlsx, F3430000.0.drString found in binary or memory: https://st3.pro/s6zpy2l?&anatomy=rustic&buffet=resonant&copyright=imaginary&snail
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58959
Source: unknownNetwork traffic detected: HTTP traffic on port 58960 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58964
Source: unknownNetwork traffic detected: HTTP traffic on port 58961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58963
Source: unknownNetwork traffic detected: HTTP traffic on port 58964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58965 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58965
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58960
Source: unknownNetwork traffic detected: HTTP traffic on port 58963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58961
Source: unknownNetwork traffic detected: HTTP traffic on port 58959 -> 443
Source: unknownHTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.5:58963 version: TLS 1.2
Source: Purchase Inquiry.xla.xlsxOLE indicator, VBA macros: true
Source: Purchase Inquiry.xla.xlsxStream path 'MBD0028D785/\x1Ole' : https://st3.pro/s6zpy2l?&anatomy=rustic&buffet=resonant&copyright=imaginary&snailXB^[^AdSiloP~2[,EfDn&U~34r7.&ejF,cX+VZ4iTpc$PYm}sOo:0}$U@y5PjE]O@^4k^e78s"}iACnvH62aiRDgRKCZmd5pdCZhINJtaU2ymIE10hsK3moiY3MAh2mNziV1UptQCio7TcyMVaHXOUApAVNiyif6uKJ7rn86HgP81MHavNNOlVvGA01Xcm5tAAmgbsQ0xcj43sK8ukO4b5kyujxztqLZDQBYx62osq3aEooyWKz0z1lSGtWfofQS14peBqjwFRqI9NfsUSriKEOymXvFejIZ00k7btXVoO7yV3368a)h1JPX~NuO*a\
Source: F3430000.0.drStream path 'MBD0028D785/\x1Ole' : https://st3.pro/s6zpy2l?&anatomy=rustic&buffet=resonant&copyright=imaginary&snailXB^[^AdSiloP~2[,EfDn&U~34r7.&ejF,cX+VZ4iTpc$PYm}sOo:0}$U@y5PjE]O@^4k^e78s"}iACnvH62aiRDgRKCZmd5pdCZhINJtaU2ymIE10hsK3moiY3MAh2mNziV1UptQCio7TcyMVaHXOUApAVNiyif6uKJ7rn86HgP81MHavNNOlVvGA01Xcm5tAAmgbsQ0xcj43sK8ukO4b5kyujxztqLZDQBYx62osq3aEooyWKz0z1lSGtWfofQS14peBqjwFRqI9NfsUSriKEOymXvFejIZ00k7btXVoO7yV3368a)h1JPX~NuO*a\
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEWindow title found: microsoft excel okexcel cannot open the file 'purchase inquiry.xla.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.
Source: classification engineClassification label: mal48.winXLSX@4/8@2/2
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Purchase Inquiry.xla.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{B06120FB-4E16-4D5B-BC35-16625BD2380B} - OProcSessId.datJump to behavior
Source: Purchase Inquiry.xla.xlsxOLE indicator, Workbook stream: true
Source: F3430000.0.drOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: Purchase Inquiry.xla.xlsxVirustotal: Detection: 26%
Source: Purchase Inquiry.xla.xlsxReversingLabs: Detection: 23%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Purchase Inquiry.xla.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: Purchase Inquiry.xla.xlsxStatic file information: File size 1528320 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: F3430000.0.drInitial sample: OLE indicators vbamacros = False
Source: Purchase Inquiry.xla.xlsxInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: Purchase Inquiry.xla.xlsxStream path 'MBD0028D784/MBD0028CC1A/Workbook' entropy: 7.99807027604 (max. 8.0)
Source: Purchase Inquiry.xla.xlsxStream path 'Workbook' entropy: 7.99918830317 (max. 8.0)
Source: F3430000.0.drStream path 'MBD0028D784/MBD0028CC1A/Workbook' entropy: 7.99807027604 (max. 8.0)
Source: F3430000.0.drStream path 'Workbook' entropy: 7.99910235995 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 827Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts3
Exploitation for Client Execution		1
Scripting		1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Purchase Inquiry.xla.xlsx27%VirustotalBrowse
Purchase Inquiry.xla.xlsx24%ReversingLabsDocument-Excel.Exploit.CVE-2017-0199

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://st3.pro/s6zpy2l?&anatomy=rustic&buffet=resonant&copyright=imaginary&snail0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
st3.pro
5.161.200.29
truefalse
    		high
    s-0005.dual-s-dc-msedge.net
    		52.123.131.14
    		truefalse
      		high
      s-part-0048.t-0009.t-msedge.net
      		13.107.246.76
      		truefalse
        		high
        otelrules.svc.static.microsoft
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
            		high
            https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
              		high
              https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://st3.pro/s6zpy2l?&anatomy=rustic&buffet=resonant&copyright=imaginary&snailPurchase Inquiry.xla.xlsx, F3430000.0.drfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                13.107.246.76
                		s-part-0048.t-0009.t-msedge.netUnited States
                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                5.161.200.29
                		st3.proGermany
                		24940HETZNER-ASDEfalse

                General Information

                Joe Sandbox version:42.0.0 Malachite
                Analysis ID:1636038
                Start date and time:2025-03-12 10:32:13 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 4m 52s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsofficecookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:15
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • GSI enabled (VBA)
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:Purchase Inquiry.xla.xlsx
                Detection:MAL
                Classification:mal48.winXLSX@4/8@2/2
                Cookbook Comments:
                • Found application associated with file extension: .xlsx
                • Found Word or Excel or PowerPoint or XPS Viewer
                • Attach to Office via COM
                • Active ActiveX Object
                • Active ActiveX Object
                • Scroll down
                • Close Viewer

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, BackgroundTransferHost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 52.109.76.240, 52.109.89.19, 23.60.203.209, 52.168.117.170, 52.109.32.97, 20.52.64.200, 52.123.131.14, 20.190.159.73, 172.202.163.200, 150.171.27.10, 2.23.227.215
                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, weu-azsc-000.roaming.officeapps.live.com, g.bing.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, onedscolprdgwc02.germanywestcentral.cloudapp.azure.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, mobile.events.data.microsoft.com, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, dual-s-0005-office.config.skype.com, login.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ukw-azsc-config.officeapps.live.com, onedscolprdeus13.eastus.cloudapp.azure.com, www.bing.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, prod.roaming1.live.com.akadns.net, fe3cr.delivery.mp.microsoft.com, neu-azsc-config.officeapps.live.com, config.officeapps.live.com,
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtCreateKey calls found.
                • Report size getting too big, too many NtQueryAttributesFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtReadFile calls found.
                • Report size getting too big, too many NtReadVirtualMemory calls found.
                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                05:34:15API Interceptor880x Sleep call for process: splwow64.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                13.107.246.76Purchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                  https://site-xtxg5.powerappsportals.com/Get hashmaliciousHTMLPhisherBrowse
                    Bozza nuovo ordine 0010979742.xlsGet hashmaliciousUnknownBrowse
                      Quote 09052022_1.xlsxGet hashmaliciousUnknownBrowse
                        FK0OQMzPxN.exeGet hashmaliciousDBatLoader, PureLog StealerBrowse
                          COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                            http://www.fedex.com/officebillingonlineGet hashmaliciousUnknownBrowse
                              http://client.yg5sjx5kzy.comGet hashmaliciousUnknownBrowse
                                https://reader.egress.com/p/2e66c572fb5698b4fc4a0a80b10402d1Get hashmaliciousUnknownBrowse
                                  https://cut.sa.com/clr/redirect.php#LINXCODERSEMAILbmclane@burbankca.govGet hashmaliciousHtmlDropperBrowse
                                    5.161.200.29Purchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                      Purchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                        Purchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                          Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                            Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                              Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                  Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                    COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                      Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        s-part-0048.t-0009.t-msedge.netPurchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                        • 13.107.246.76
                                                        https://site-xtxg5.powerappsportals.com/Get hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.246.76
                                                        https://jkaurelieodinsarlfrjkf.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.246.76
                                                        Bozza nuovo ordine 0010979742.xlsGet hashmaliciousUnknownBrowse
                                                        • 13.107.246.76
                                                        Quote 09052022_1.xlsxGet hashmaliciousUnknownBrowse
                                                        • 13.107.246.76
                                                        FK0OQMzPxN.exeGet hashmaliciousDBatLoader, PureLog StealerBrowse
                                                        • 13.107.246.76
                                                        COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                        • 13.107.246.76
                                                        http://www.fedex.com/officebillingonlineGet hashmaliciousUnknownBrowse
                                                        • 13.107.246.76
                                                        https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.comGet hashmaliciousUnknownBrowse
                                                        • 13.107.246.76
                                                        buttocks.vbsGet hashmaliciousAgentTeslaBrowse
                                                        • 13.107.246.76
                                                        s-0005.dual-s-dc-msedge.netPurchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                        • 52.123.130.14
                                                        b5f1bbba.emlGet hashmaliciousUnknownBrowse
                                                        • 52.123.130.14
                                                        eml_2025-03-11_203751_01.emlGet hashmaliciousUnknownBrowse
                                                        • 52.123.130.14
                                                        Purchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                        • 52.123.131.14
                                                        20250304_150220_TA6NsGnFKBQP6WuMJfIAtA3XK3ok9HgQ.emlGet hashmaliciousUnknownBrowse
                                                        • 52.123.130.14
                                                        phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                        • 52.123.131.14
                                                        phish_alert_sp2_2.0.0.0.emlGet hashmaliciousKnowBe4Browse
                                                        • 52.123.130.14
                                                        phish_alert_sp2_2.0.0.0 (2).emlGet hashmaliciousUnknownBrowse
                                                        • 52.123.131.14
                                                        Quote 09052022_1.xlsxGet hashmaliciousUnknownBrowse
                                                        • 52.123.130.14
                                                        Denise Salvano shared _Kerry Ingredients Flooring Standards_ with you.emlGet hashmaliciousUnknownBrowse
                                                        • 52.123.131.14
                                                        st3.proPurchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                        • 5.161.200.29
                                                        Purchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                        • 5.161.200.29
                                                        Purchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                        • 5.161.200.29
                                                        Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                        • 5.161.200.29
                                                        Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                        • 5.161.200.29
                                                        Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                                        • 5.161.200.29
                                                        COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                        • 5.161.200.29
                                                        COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                        • 5.161.200.29
                                                        Nouvelle_commande9353834.xlsGet hashmaliciousUnknownBrowse
                                                        • 5.161.200.29
                                                        COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                        • 5.161.200.29

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        MICROSOFT-CORP-MSN-AS-BLOCKUSPurchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                        • 13.107.246.76
                                                        resgod.mpsl.elfGet hashmaliciousMiraiBrowse
                                                        • 20.62.103.71
                                                        https://mail.kb4.io/XVUFBTUdUVGF0Q2J1L0tCNTE2U2RMZGVqSDkyR244RFhYSFNPTFU0N3FJRHZ1Vmw5OVdITjQ0aFgvUENQQVF6Y0VWOHhnTnRKM3VHUktPL21ZZHdtcWRaV3EwYWhKd3hVOCtibzFaN2phbkVVQzMxY2xma3h3K2NKb3pWUnEyUXVDWWNsNmtxV0dKVWZjOExIcUFlNnlXUkpvcDlzTlBhNzNCaHNvRzBwZlF0M21CQmJhR2hVUEprN2JmeWtkNThkMVRMbVN3dGx4NWViNUZMejUxaVVjWlhCaWxuT1pBPT0tLVpQV0ZwSVl5K0dCSlpNNVctLWQ3aGk1dFRjMXBtUDJRQ09QakI3M1E9PQ==?cid=2440816513Get hashmaliciousKnowBe4Browse
                                                        • 13.107.246.60
                                                        https://inv18993383.cloudfaxservice.de/MSovS?e=amatuer_script_kiddys@pwned.comGet hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.246.60
                                                        TEDGRQXB.exeGet hashmaliciousVidarBrowse
                                                        • 204.79.197.203
                                                        pCFcu1ilGhGet hashmaliciousUnknownBrowse
                                                        • 40.69.147.202
                                                        phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                        • 13.89.179.8
                                                        #U25baPlay_VM-NowATTT0003.htmlGet hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.246.60
                                                        Brian Logie shared _Newfield Construction, Inc Shared a secured Documents_ with you.emlGet hashmaliciousUnknownBrowse
                                                        • 52.123.129.14
                                                        Play Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisherBrowse
                                                        • 13.107.246.60
                                                        HETZNER-ASDEPurchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                        • 5.161.200.29
                                                        Transferencia 6997900002017937.exeGet hashmaliciousFormBookBrowse
                                                        • 144.76.229.203
                                                        Quotation.exeGet hashmaliciousFormBookBrowse
                                                        • 144.76.229.203
                                                        resgod.arm.elfGet hashmaliciousMiraiBrowse
                                                        • 46.4.110.17
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 88.198.246.242
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 88.198.246.242
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 88.198.246.242
                                                        SecuriteInfo.com.Variant.Genie.8DN.315.18074.27911.exeGet hashmaliciousFormBookBrowse
                                                        • 144.76.229.203
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 88.198.246.242
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                        • 88.198.246.242

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        a0e9f5d64349fb13191bc781f81f42e1Purchase Inquiry.xla.xlsxGet hashmaliciousUnknownBrowse
                                                        • 13.107.246.76
                                                        ShadowLoader.exeGet hashmaliciousLummaC StealerBrowse
                                                        • 13.107.246.76
                                                        Setup.exeGet hashmaliciousUnknownBrowse
                                                        • 13.107.246.76
                                                        Nexol.exeGet hashmaliciousLummaC StealerBrowse
                                                        • 13.107.246.76
                                                        Setup.exeGet hashmaliciousUnknownBrowse
                                                        • 13.107.246.76
                                                        Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                        • 13.107.246.76
                                                        Acgpfgd.exeGet hashmaliciousLummaC StealerBrowse
                                                        • 13.107.246.76
                                                        MyProfessionalResume_Updated.exeGet hashmaliciousUnknownBrowse
                                                        • 13.107.246.76
                                                        Set-up.exeGet hashmaliciousGO Backdoor, LummaC StealerBrowse
                                                        • 13.107.246.76
                                                        expense-report.xlsxGet hashmaliciousKnowBe4Browse
                                                        • 13.107.246.76

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):118
                                                        Entropy (8bit):3.5700810731231707
                                                        Encrypted:false
                                                        SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                        MD5:573220372DA4ED487441611079B623CD
                                                        SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                        SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                        SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                        Malicious:false
                                                        Reputation:high, very likely benign file
                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                        C:\Users\user\AppData\Local\Temp\1E8F355A.tmp

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):784
                                                        Entropy (8bit):2.7137690747287806
                                                        Encrypted:false
                                                        SSDEEP:24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV
                                                        MD5:09F73B3902CD3D88E04312787956B654
                                                        SHA1:A6C275F1A65DB02D8A752C614C27E88326447C41
                                                        SHA-256:72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26
                                                        SHA-512:6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9
                                                        Malicious:false
                                                        Reputation:moderate, very likely benign file
                                                        Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.3.0.0.4.9.2.6.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.

                                                        C:\Users\user\AppData\Local\Temp\~DFB1EFDA2C1C99BA03.TMP

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):339968
                                                        Entropy (8bit):7.539372533200126
                                                        Encrypted:false
                                                        SSDEEP:6144:bk3hbdlylKsgwyzcTbWhZFVE+WaxHARnDiULPQF4AxrnyiaznE4FktxU21VJrVbk:xWa4uAxryiCnBOtxU21VJrVtdnZpzw
                                                        MD5:4D99434FB296BF67D05A0BD155F68AA2
                                                        SHA1:50D311FB87000BF5C249567602EA77F3C31F8028
                                                        SHA-256:B4C94A7B38BE80C6148E9B5FD17CAE1F9D6A6C7EF704BC15CCDC83A0D5B3BB40
                                                        SHA-512:7FC3FBFC6912A6F0CC7BFB12CEAA92B2111A374EED7A0549B69094341A89D895BCE3F4176E925A160B61387FE6DBE74EF797C7B75EB217E4302332163877DCBE
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\~DFEA34146AED051948.TMP

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):512
                                                        Entropy (8bit):0.0
                                                        Encrypted:false
                                                        SSDEEP:3::
                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                        Malicious:false
                                                        Reputation:high, very likely benign file
                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\Desktop\F3430000

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Mar 12 09:34:31 2025, Security: 1
                                                        Category:dropped
                                                        Size (bytes):1440768
                                                        Entropy (8bit):7.961086759072506
                                                        Encrypted:false
                                                        SSDEEP:24576:Z41dNCBYVJZ/NwLvFew8vatCtU4cJxRpcVnP/NICq0UgI3PZJSvMPbiBDu7Mb/HU:WdNKeJxNwLvFe92MYjRmVP/NtPI/ZMkj
                                                        MD5:4C29A1597CFE837BE7D71AF95DD86581
                                                        SHA1:32C2A0C782882C5E772D42C94EE12E662A58C9F9
                                                        SHA-256:A4833494B874C0A43D472FD86BA8038343D56C49B87FB9F96943BB810586D665
                                                        SHA-512:BF3DE510C0242341EB7CC113F7AD48824D83076787F86F4E6F2C3AE87F0F2707D8570C581362DDD74AACCE80F98A5C12552852C77BF68F3B605E8C59D460D5F8
                                                        Malicious:false
                                                        Preview:......................>.......................................................................r...s...t...u...v...w...x...y...z...{...|.......l.......n.......p.......................................................................................................................................................................................................................................................................................................................................................................q................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                        C:\Users\user\Desktop\F3430000:Zone.Identifier

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:modified
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:false
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        C:\Users\user\Desktop\Purchase Inquiry.xla.xls (copy)

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Mar 12 09:34:31 2025, Security: 1
                                                        Category:dropped
                                                        Size (bytes):1440768
                                                        Entropy (8bit):7.961086759072506
                                                        Encrypted:false
                                                        SSDEEP:24576:Z41dNCBYVJZ/NwLvFew8vatCtU4cJxRpcVnP/NICq0UgI3PZJSvMPbiBDu7Mb/HU:WdNKeJxNwLvFe92MYjRmVP/NtPI/ZMkj
                                                        MD5:4C29A1597CFE837BE7D71AF95DD86581
                                                        SHA1:32C2A0C782882C5E772D42C94EE12E662A58C9F9
                                                        SHA-256:A4833494B874C0A43D472FD86BA8038343D56C49B87FB9F96943BB810586D665
                                                        SHA-512:BF3DE510C0242341EB7CC113F7AD48824D83076787F86F4E6F2C3AE87F0F2707D8570C581362DDD74AACCE80F98A5C12552852C77BF68F3B605E8C59D460D5F8
                                                        Malicious:false
                                                        Preview:......................>.......................................................................r...s...t...u...v...w...x...y...z...{...|.......l.......n.......p.......................................................................................................................................................................................................................................................................................................................................................................q................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                        C:\Users\user\Desktop\~$Purchase Inquiry.xla.xlsx

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):165
                                                        Entropy (8bit):1.5231029153786204
                                                        Encrypted:false
                                                        SSDEEP:3:sYp5lFltt:sYp5Nv
                                                        MD5:B77267835A6BEAC785C351BDE8E1A61C
                                                        SHA1:FABD93A92989535D43233E3DB9C6579D8174740E
                                                        SHA-256:3B222E766EADC8BC9A8A90AC32FA591F313545B7E8C5D481D378AE307FA798C3
                                                        SHA-512:FFFCBA958E9BD56F284DA19592F124C48B013FCDA2FBE65B3EB38BB644C2B0C978E6DAE99EF213B054813C7212E119B09236A6FFF342D32E52C84DD26DE1E033
                                                        Malicious:true
                                                        Preview:.user ..a.l.f.o.n.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                        Static File Info

                                                        General

                                                        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Mar 12 03:48:39 2025, Security: 1
                                                        Entropy (8bit):7.9274991132918435
                                                        TrID:
                                                        • Microsoft Excel sheet (30009/1) 47.99%
                                                        • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                        • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                        File name:Purchase Inquiry.xla.xlsx
                                                        File size:1'528'320 bytes
                                                        MD5:0c37ce3722d5c40f455a85337c2755a0
                                                        SHA1:7d103a5ac1acc8b50a1a94330d012c42360ce9d2
                                                        SHA256:8a1fbda779334255e8bd64158f0fa7cb7e203921f8701e60f1c8ab7a8c2f1a54
                                                        SHA512:8f8bdcf910eec2a44fb8f5569218f2a5695be62320ed8ae76f1aeb91baed678602fbce52a0873250a607dd303d9fb991cab364a88abde4732c8b920bdee3d711
                                                        SSDEEP:24576:n41dNCBYVJZ/qwLvFew8vatCtU4cJxRpcVnP/NICq0UgI3PZJSvMPbiXQ0SMrD11:QdNKeJxqwLvFe92MYjRmVP/NtPI/ZMka
                                                        TLSH:D0652305FB168B12D41A13384DE78AA41736FC80ABB24B0B739CF3493E72EB45A57765
                                                        File Content Preview:........................>.......................................................................l...m...n...o...p...q...r...s...t...u...v.......o.......q.......s.......u......................................................................................

                                                        File Icon

                                                        Icon Hash:35e58a8c0c8a85b9

                                                        Static OLE Info

                                                        General

                                                        Document Type:OLE
                                                        Number of OLE Files:1

                                                        OLE File "Purchase Inquiry.xla.xlsx"

                                                        Indicators
                                                        Has Summary Info:
                                                        Application Name:Microsoft Excel
                                                        Encrypted Document:True
                                                        Contains Word Document Stream:False
                                                        Contains Workbook/Book Stream:True
                                                        Contains PowerPoint Document Stream:False
                                                        Contains Visio Document Stream:False
                                                        Contains ObjectPool Stream:False
                                                        Flash Objects Count:0
                                                        Contains VBA Macros:True
                                                        Summary
                                                        Code Page:1252
                                                        Author:
                                                        Last Saved By:
                                                        Create Time:2006-09-16 00:00:00
                                                        Last Saved Time:2025-03-12 03:48:39
                                                        Creating Application:Microsoft Excel
                                                        Security:1
                                                        Document Summary
                                                        Document Code Page:1252
                                                        Thumbnail Scaling Desired:False
                                                        Contains Dirty Links:False
                                                        Shared Document:False
                                                        Changed Hyperlinks:False
                                                        Application Version:786432

                                                        Streams with VBA

                                                        VBA File Name: Sheet1.cls, Stream Size: 977
                                                        General
                                                        Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                                        VBA File Name:Sheet1.cls
                                                        Stream Size:977
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0
                                                        Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1e a4 81 ad 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        VBA Code
                                                        Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                        VBA File Name: Sheet2.cls, Stream Size: 977
                                                        General
                                                        Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                                        VBA File Name:Sheet2.cls
                                                        Stream Size:977
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                        Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1e a4 35 ea 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        VBA Code
                                                        Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                        VBA File Name: Sheet3.cls, Stream Size: 977
                                                        General
                                                        Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                                        VBA File Name:Sheet3.cls
                                                        Stream Size:977
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                        Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1e a4 46 90 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        VBA Code
                                                        Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                        VBA File Name: ThisWorkbook.cls, Stream Size: 985
                                                        General
                                                        Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                        VBA File Name:ThisWorkbook.cls
                                                        Stream Size:985
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . N . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - .
                                                        Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1e a4 a4 4e 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        VBA Code
                                                        Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                        Streams

                                                        Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                        General
                                                        Stream Path:\x1CompObj
                                                        CLSID:
                                                        File Type:data
                                                        Stream Size:114
                                                        Entropy:4.25248375192737
                                                        Base64 Encoded:True
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                        Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                        General
                                                        Stream Path:\x5DocumentSummaryInformation
                                                        CLSID:
                                                        File Type:data
                                                        Stream Size:244
                                                        Entropy:2.889430592781307
                                                        Base64 Encoded:False
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                        Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                                        Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
                                                        General
                                                        Stream Path:\x5SummaryInformation
                                                        CLSID:
                                                        File Type:data
                                                        Stream Size:200
                                                        Entropy:3.282567433052416
                                                        Base64 Encoded:False
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . . . . . . . . . . .
                                                        Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                        Stream Path: MBD0028D784/\x1CompObj, File Type: data, Stream Size: 114
                                                        General
                                                        Stream Path:MBD0028D784/\x1CompObj
                                                        CLSID:
                                                        File Type:data
                                                        Stream Size:114
                                                        Entropy:4.25248375192737
                                                        Base64 Encoded:True
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                        Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Stream Path: MBD0028D784/\x5DocumentSummaryInformation, File Type: data, Stream Size: 472
                                                        General
                                                        Stream Path:MBD0028D784/\x5DocumentSummaryInformation
                                                        CLSID:
                                                        File Type:data
                                                        Stream Size:472
                                                        Entropy:4.0922508126371575
                                                        Base64 Encoded:True
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , 4 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D Y E I N G O R D E R . . . . . ' D Y E I N G O R D E R ' ! P r i n t _ A r e a . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . .
                                                        Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 34 01 00 00 f0 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00
                                                        Stream Path: MBD0028D784/\x5SummaryInformation, File Type: data, Stream Size: 21284
                                                        General
                                                        Stream Path:MBD0028D784/\x5SummaryInformation
                                                        CLSID:
                                                        File Type:data
                                                        Stream Size:21284
                                                        Entropy:3.0976303650699557
                                                        Base64 Encoded:True
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . R . . . . . . . . . . P . . . . . . . X . . . . . . . h . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . n a h i d . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . % . @ . . . . F * . 6 . @ . . . . , . . . . . . . . . . G . . . . R . . . . . . . . . . . . . . . . . . . ) . . . . . . . . . . . . . . & . . . " W M F C
                                                        Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 f4 52 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 68 00 00 00 12 00 00 00 78 00 00 00 0b 00 00 00 90 00 00 00 0c 00 00 00 9c 00 00 00 0d 00 00 00 a8 00 00 00 13 00 00 00 b4 00 00 00 11 00 00 00 bc 00 00 00
                                                        Stream Path: MBD0028D784/MBD0028CC1A/\x1CompObj, File Type: data, Stream Size: 114
                                                        General
                                                        Stream Path:MBD0028D784/MBD0028CC1A/\x1CompObj
                                                        CLSID:
                                                        File Type:data
                                                        Stream Size:114
                                                        Entropy:4.25248375192737
                                                        Base64 Encoded:True
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                        Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Stream Path: MBD0028D784/MBD0028CC1A/\x5DocumentSummaryInformation, File Type: data, Stream Size: 356
                                                        General
                                                        Stream Path:MBD0028D784/MBD0028CC1A/\x5DocumentSummaryInformation
                                                        CLSID:
                                                        File Type:data
                                                        Stream Size:356
                                                        Entropy:3.4189844832102483
                                                        Base64 Encoded:True
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P r o f o r m a . . . . . H o j a 2 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . d . . . . . . . . . . . . . . . . .
                                                        Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 00 01 00 00 bc 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00
                                                        Stream Path: MBD0028D784/MBD0028CC1A/\x5SummaryInformation, File Type: data, Stream Size: 216
                                                        General
                                                        Stream Path:MBD0028D784/MBD0028CC1A/\x5SummaryInformation
                                                        CLSID:
                                                        File Type:data
                                                        Stream Size:216
                                                        Entropy:3.560552135359314
                                                        Base64 Encoded:True
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t M a c i n t o s h E x c e l . . . @ . . . . | . # . @ . . . . d . . . . . . . . . . .
                                                        Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a8 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 64 00 00 00 0c 00 00 00 88 00 00 00 0d 00 00 00 94 00 00 00 13 00 00 00 a0 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                        Stream Path: MBD0028D784/MBD0028CC1A/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 691891
                                                        General
                                                        Stream Path:MBD0028D784/MBD0028CC1A/Workbook
                                                        CLSID:
                                                        File Type:Applesoft BASIC program data, first line number 16
                                                        Stream Size:691891
                                                        Entropy:7.998070276042251
                                                        Base64 Encoded:True
                                                        Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . . . P . ! D M A . : & . L x . T e 8 o F h v r 3 . . . . . . . . . . . . \\ . p . w \\ n . 6 i " ? @ . . . 3 D k & . S j < 1 1 . . 3 Q . . c d . H O P \\ ; o . ' > . e T B ; . . . j . A U . e . . I , . 3 . f 3 . B . . . . = a . . . ! . . . = . . . I . . . . a " @ L 6 . . . 8 S . . . G / . _ . . u . . . . d . . . . . ; . . . . ? . . . . p . . . C = . . . H E . . 3 0 . . . @ . . . o . . . . . " . . . 3 Y . . . . / . . . . . . . 1 . . . . M 8 . . - . . g , )
                                                        Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 a7 02 c3 1f d1 50 03 21 44 84 4d 41 ca de b1 d4 e1 3a 85 9f 26 ea e3 aa db e6 0d 4c 9b 78 ab 19 54 a7 65 d5 38 d1 6f 46 68 d1 76 f8 72 33 0e ac e1 00 02 00 b0 04 c1 00 02 00 ef 1c e2 00 00 00 5c 00 70 00 93 77 bf 5c f7 6e 1c e5 36 69 22 3f 40 9b a0 2e cb a5 02 86 b7 bf 33 8c b1 c7 44 d5 6b e3
                                                        Stream Path: MBD0028D784/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 311865
                                                        General
                                                        Stream Path:MBD0028D784/Workbook
                                                        CLSID:
                                                        File Type:Applesoft BASIC program data, first line number 16
                                                        Stream Size:311865
                                                        Entropy:7.82451108578391
                                                        Base64 Encoded:True
                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . Z % 8 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . . .
                                                        Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                        Stream Path: MBD0028D785/\x1Ole, File Type: data, Stream Size: 954
                                                        General
                                                        Stream Path:MBD0028D785/\x1Ole
                                                        CLSID:
                                                        File Type:data
                                                        Stream Size:954
                                                        Entropy:5.468470102348802
                                                        Base64 Encoded:False
                                                        Data ASCII:. . . . ` U . . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . s . t . 3 . . . p . r . o . / . s . 6 . z . p . y . 2 . l . ? . & . a . n . a . t . o . m . y . = . r . u . s . t . i . c . & . b . u . f . f . e . t . = . r . e . s . o . n . a . n . t . & . c . o . p . y . r . i . g . h . t . = . i . m . a . g . i . n . a . r . y . & . s . n . a . i . l . . . . X B . . ^ [ . . ^ . A d S i l o P ~ . . 2 [ , E f D n . U ~ 3 4 . . r 7 . & . . . . . e j F . , . c X + . . . V Z 4
                                                        Data Raw:01 00 00 02 df 60 e4 55 e4 87 0c 20 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 8c 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 73 00 74 00 33 00 2e 00 70 00 72 00 6f 00 2f 00 73 00 36 00 7a 00 70 00 79 00 32 00 6c 00 3f 00 26 00 61 00 6e 00 61 00 74 00 6f 00 6d 00 79 00 3d 00 72 00 75 00 73 00 74 00 69 00 63 00 26 00
                                                        Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 473269
                                                        General
                                                        Stream Path:Workbook
                                                        CLSID:
                                                        File Type:Applesoft BASIC program data, first line number 16
                                                        Stream Size:473269
                                                        Entropy:7.999188303168195
                                                        Base64 Encoded:True
                                                        Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . x " D H g ] / . O = v ' \\ 6 8 . . T . . . . ] . . . . . . . . . . d . . . \\ . p . l r ~ . ( . Q . . - n . e . Q 8 . l ] D Z k q . . . q 5 7 K b . . D . a y . > h . ~ . . n b ~ Y ? . * w = ; . G ! x B . . . = a . . . 5 < . . . = . . . y R } [ . . . } - @ . F ~ . . . . p . . . . ( . . . . . . . . . . . . . . . . * = . . . n 6 . z # O w @ . . . > u . . . 5 " . . . & . . . . . H . . . . . . . L 1 . . . i . . . [ . . O 8 . > f $ H I 1 . . . ) V p 5 D - g 9
                                                        Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 78 e0 22 44 bc 48 a1 67 5d 2f f8 8d 1d cf 4f e1 b5 3d 76 27 d3 5c a4 cb 36 38 bb be d6 be a5 cc 0b 54 c3 f0 1e 9c 0d db b6 a8 8e 95 eb 81 a8 5d 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 a2 64 e2 00 00 00 5c 00 70 00 6c 72 7e 04 28 0f 51 04 8d df 9b 9f 2d 98 b9 6e 83 0b 65 b1 88 88 7f d6 51 38
                                                        Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 525
                                                        General
                                                        Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                        CLSID:
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Stream Size:525
                                                        Entropy:5.238808297908672
                                                        Base64 Encoded:True
                                                        Data ASCII:I D = " { 0 8 D 7 4 1 3 3 - B F 9 D - 4 3 B 3 - 8 A 5 0 - 7 5 D F 4 4 9 E 8 D 0 D } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 0 C 0 E E 9 9 7 2 9 F F 2 D F F 2
                                                        Data Raw:49 44 3d 22 7b 30 38 44 37 34 31 33 33 2d 42 46 39 44 2d 34 33 42 33 2d 38 41 35 30 2d 37 35 44 46 34 34 39 45 38 44 30 44 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                                        Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104
                                                        General
                                                        Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                        CLSID:
                                                        File Type:data
                                                        Stream Size:104
                                                        Entropy:3.0488640812019017
                                                        Base64 Encoded:False
                                                        Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                                        Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                                        Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644
                                                        General
                                                        Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                        CLSID:
                                                        File Type:data
                                                        Stream Size:2644
                                                        Entropy:3.9950099557456626
                                                        Base64 Encoded:False
                                                        Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                                        Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                                        Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553
                                                        General
                                                        Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                                        CLSID:
                                                        File Type:data
                                                        Stream Size:553
                                                        Entropy:6.36714007967557
                                                        Base64 Encoded:True
                                                        Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E
                                                        Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 de 91 e8 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2025-03-12T10:34:24.695452+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.55896313.107.246.76443TCP
                                                        2025-03-12T10:34:32.015980+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.55896413.107.246.76443TCP
                                                        2025-03-12T10:34:32.121561+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.55896513.107.246.76443TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Mar 12, 2025 10:33:49.049772024 CET5895653192.168.2.5162.159.36.2
                                                        Mar 12, 2025 10:33:49.054594994 CET5358956162.159.36.2192.168.2.5
                                                        Mar 12, 2025 10:33:49.055063963 CET5895653192.168.2.5162.159.36.2
                                                        Mar 12, 2025 10:33:49.061824083 CET5358956162.159.36.2192.168.2.5
                                                        Mar 12, 2025 10:33:49.500761986 CET5895653192.168.2.5162.159.36.2
                                                        Mar 12, 2025 10:33:49.505795956 CET5358956162.159.36.2192.168.2.5
                                                        Mar 12, 2025 10:33:49.505867004 CET5895653192.168.2.5162.159.36.2
                                                        Mar 12, 2025 10:34:05.954735994 CET58959443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:05.954773903 CET443589595.161.200.29192.168.2.5
                                                        Mar 12, 2025 10:34:05.954891920 CET58959443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:05.955173016 CET58959443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:05.955182076 CET443589595.161.200.29192.168.2.5
                                                        Mar 12, 2025 10:34:09.253722906 CET443589595.161.200.29192.168.2.5
                                                        Mar 12, 2025 10:34:09.253895044 CET58959443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:09.254947901 CET58959443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:09.255084038 CET443589595.161.200.29192.168.2.5
                                                        Mar 12, 2025 10:34:09.255173922 CET58959443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:09.256151915 CET58960443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:09.256203890 CET443589605.161.200.29192.168.2.5
                                                        Mar 12, 2025 10:34:09.256279945 CET58960443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:09.256521940 CET58960443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:09.256532907 CET443589605.161.200.29192.168.2.5
                                                        Mar 12, 2025 10:34:12.365319967 CET443589605.161.200.29192.168.2.5
                                                        Mar 12, 2025 10:34:12.365673065 CET58960443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:12.365907907 CET58960443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:12.366044998 CET443589605.161.200.29192.168.2.5
                                                        Mar 12, 2025 10:34:12.366091967 CET58960443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:12.366511106 CET58961443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:12.366559029 CET443589615.161.200.29192.168.2.5
                                                        Mar 12, 2025 10:34:12.366640091 CET58961443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:12.366719961 CET58961443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:12.366744995 CET443589615.161.200.29192.168.2.5
                                                        Mar 12, 2025 10:34:12.366781950 CET58961443192.168.2.55.161.200.29
                                                        Mar 12, 2025 10:34:22.779764891 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:22.779795885 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:22.779867887 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:22.780177116 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:22.780186892 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:24.695365906 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:24.695451975 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:24.697185993 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:24.697211981 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:24.697469950 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:24.698791981 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:24.740324974 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.167011976 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.167071104 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.167114019 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.167171001 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.167200089 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.167216063 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.167249918 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.240911007 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.240945101 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.240983963 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.240995884 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.241024971 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.241044998 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.275190115 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.275265932 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.275271893 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.275294065 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.275324106 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.275351048 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.334969997 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.335031033 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.335067987 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.335073948 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.335097075 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.335113049 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.342436075 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.342489004 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.342511892 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.342516899 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.342560053 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.342570066 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.363101006 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.363152027 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.363220930 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.363220930 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.363228083 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.363277912 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.381786108 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.381835938 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.381864071 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.381870031 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.381917953 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.381937027 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.427639961 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.427685976 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.427711964 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.427717924 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.427747965 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.427763939 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.428886890 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.428929090 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.428960085 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.428965092 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.428997040 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.429016113 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.437158108 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.437203884 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.437239885 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.437244892 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.437303066 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.437303066 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.450388908 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.450418949 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.450449944 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.450453997 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.450488091 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.450506926 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.461070061 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.461123943 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.461147070 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.461152077 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.461210966 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.470124006 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.470176935 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.470213890 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.470221043 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.470266104 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.480923891 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.480972052 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.480997086 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.481004953 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.481045008 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.481056929 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.519476891 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.519530058 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.519562960 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.519568920 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.519596100 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.519614935 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.520359039 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.520404100 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.520428896 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.520433903 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.520456076 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.520479918 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.521156073 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.521198988 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.521230936 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.521235943 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.521270037 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.521282911 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.527592897 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.527640104 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.527661085 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.527671099 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.527700901 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.527724028 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.538037062 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.538093090 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.538113117 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.538117886 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.538155079 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.538172007 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.549904108 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.549947023 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.549998045 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.550003052 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.550056934 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.559042931 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.559088945 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.559143066 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.559150934 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.559215069 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.569762945 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.569832087 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.569849014 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.569869995 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.569895029 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.569921017 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.611692905 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.611718893 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.611778975 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.611804008 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.611830950 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.611848116 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.612327099 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.612346888 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.612385988 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.612396002 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.612430096 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.612443924 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.612957954 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.612977982 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.613034964 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.613044977 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.613074064 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.613085985 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.619983912 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.620006084 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.620064974 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.620088100 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.620325089 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.630338907 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.630361080 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.630423069 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.630439997 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.630454063 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.630527973 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.642251015 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.642275095 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.642323971 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.642347097 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.642375946 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.642391920 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.651354074 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.651379108 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.651433945 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.651448965 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.651477098 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.651495934 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.662086010 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.662163019 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.662180901 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.662206888 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.662234068 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.662523985 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.704067945 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.704096079 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.704135895 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.704157114 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.704174995 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.704201937 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.704627037 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.704647064 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.704689026 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.704694033 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.704721928 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.704741001 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.705176115 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.705209970 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.705243111 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.705246925 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.705277920 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.705295086 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.712412119 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.712443113 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.712485075 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.712490082 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.712519884 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.712541103 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.723874092 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.723947048 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.723959923 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.723974943 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.724010944 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.724102020 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.734843969 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.734908104 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.734916925 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.734944105 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.734976053 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.735002995 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.756628036 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.756649971 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.756689072 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.756702900 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.756730080 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.756762028 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.756793976 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.796400070 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.796426058 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.796479940 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.796504974 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.797154903 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.797178984 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.797211885 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.797219038 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.797247887 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.797599077 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.797614098 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.797666073 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.797671080 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.804811954 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.804850101 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.804874897 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.804902077 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.804924011 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.815860987 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.815881014 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.815920115 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.815926075 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.815953016 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.827056885 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.827079058 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.827167034 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.827214956 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.827246904 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.836172104 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.836189985 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.836266994 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.836283922 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.846757889 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.846782923 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.846833944 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.846838951 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.846863031 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.888909101 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.888936043 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.888973951 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.888979912 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.889024973 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.889354944 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.889377117 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.889410973 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.889415026 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.889439106 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.890275002 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.890292883 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.890331030 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.890336037 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.890352964 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.897272110 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.897294998 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.897330046 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.897335052 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.897361994 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.908324957 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.908349037 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.908411026 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.908416033 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.929384947 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.929399967 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.929465055 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.929471970 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.929507017 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.929783106 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.929801941 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.929853916 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.929857969 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.929876089 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.939214945 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.939241886 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.939280987 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.939285994 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.939318895 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.981899023 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.981925964 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.981971025 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.981977940 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.982008934 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.982762098 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.982783079 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.982815027 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.982819080 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.982855082 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.982882023 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.982894897 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.982923985 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.982928991 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.982968092 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.990173101 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.990200996 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.990226030 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:25.990231037 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:25.990251064 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.001224041 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.001282930 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.001297951 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.001303911 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.001341105 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.022020102 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.022064924 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.022098064 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.022104025 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.022142887 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.022689104 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.022706032 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.022747040 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.022752047 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.022778034 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.031697035 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.031753063 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.031757116 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.031771898 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.031908989 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.074244976 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.074290037 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.074317932 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.074331045 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.074366093 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.074383020 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.074773073 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.074800968 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.074830055 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.074836016 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.074866056 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.074878931 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.075331926 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.075359106 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.075388908 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.075393915 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.075418949 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.075447083 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.084142923 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.084176064 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.084214926 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.084228992 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.084240913 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.084266901 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.093211889 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.093239069 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.093281031 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.093287945 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.093331099 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.093350887 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.114075899 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.114106894 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.114149094 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.114146948 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.114172935 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.114190102 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.114208937 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.114212990 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.114245892 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.114253044 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.114294052 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.114506006 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.114521027 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:26.114535093 CET58963443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:26.114540100 CET4435896313.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:30.124259949 CET58964443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:30.124300003 CET4435896413.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:30.124516010 CET58964443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:30.124778032 CET58964443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:30.124793053 CET4435896413.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:30.126830101 CET58965443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:30.126873016 CET4435896513.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:30.127182961 CET58965443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:30.127295971 CET58965443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:30.127310991 CET4435896513.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.015456915 CET4435896413.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.015980005 CET58964443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:32.016005039 CET4435896413.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.017008066 CET58964443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:32.017014027 CET4435896413.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.120954037 CET4435896513.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.121561050 CET58965443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:32.121579885 CET4435896513.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.122387886 CET58965443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:32.122394085 CET4435896513.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.451497078 CET4435896413.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.451505899 CET4435896413.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.451658964 CET58964443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:32.451677084 CET4435896413.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.454231024 CET4435896413.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.454377890 CET58964443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:32.454377890 CET58964443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:32.454611063 CET58964443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:32.454623938 CET4435896413.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.567894936 CET4435896513.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.567967892 CET4435896513.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.568007946 CET58965443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:32.568236113 CET58965443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:32.568254948 CET4435896513.107.246.76192.168.2.5
                                                        Mar 12, 2025 10:34:32.568274021 CET58965443192.168.2.513.107.246.76
                                                        Mar 12, 2025 10:34:32.568280935 CET4435896513.107.246.76192.168.2.5

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Mar 12, 2025 10:33:49.046391010 CET5356338162.159.36.2192.168.2.5
                                                        Mar 12, 2025 10:33:49.714775085 CET53589091.1.1.1192.168.2.5
                                                        Mar 12, 2025 10:34:05.940525055 CET6173653192.168.2.51.1.1.1
                                                        Mar 12, 2025 10:34:05.953738928 CET53617361.1.1.1192.168.2.5
                                                        Mar 12, 2025 10:34:22.771316051 CET5825953192.168.2.51.1.1.1
                                                        Mar 12, 2025 10:34:22.778542995 CET53582591.1.1.1192.168.2.5

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Mar 12, 2025 10:34:05.940525055 CET192.168.2.51.1.1.10x6736Standard query (0)st3.proA (IP address)IN (0x0001)false
                                                        Mar 12, 2025 10:34:22.771316051 CET192.168.2.51.1.1.10x3e46Standard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Mar 12, 2025 10:33:18.626513958 CET1.1.1.1192.168.2.50xd25No error (0)ecs-office.s-0005.dual-s-msedge.netshed.s-0005.dual-s-dc-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                        Mar 12, 2025 10:33:18.626513958 CET1.1.1.1192.168.2.50xd25No error (0)shed.s-0005.dual-s-dc-msedge.nets-0005.dual-s-dc-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                        Mar 12, 2025 10:33:18.626513958 CET1.1.1.1192.168.2.50xd25No error (0)s-0005.dual-s-dc-msedge.net52.123.131.14A (IP address)IN (0x0001)false
                                                        Mar 12, 2025 10:33:18.626513958 CET1.1.1.1192.168.2.50xd25No error (0)s-0005.dual-s-dc-msedge.net52.123.130.14A (IP address)IN (0x0001)false
                                                        Mar 12, 2025 10:34:05.953738928 CET1.1.1.1192.168.2.50x6736No error (0)st3.pro5.161.200.29A (IP address)IN (0x0001)false
                                                        Mar 12, 2025 10:34:22.778542995 CET1.1.1.1192.168.2.50x3e46No error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                        Mar 12, 2025 10:34:22.778542995 CET1.1.1.1192.168.2.50x3e46No error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                        Mar 12, 2025 10:34:22.778542995 CET1.1.1.1192.168.2.50x3e46No error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0048.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                        Mar 12, 2025 10:34:22.778542995 CET1.1.1.1192.168.2.50x3e46No error (0)shed.dual-low.s-part-0048.t-0009.t-msedge.nets-part-0048.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                        Mar 12, 2025 10:34:22.778542995 CET1.1.1.1192.168.2.50x3e46No error (0)s-part-0048.t-0009.t-msedge.net13.107.246.76A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • otelrules.svc.static.microsoft

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.55896313.107.246.764431008C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                        TimestampBytes transferredDirectionData
                                                        2025-03-12 09:34:24 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                                        Host: otelrules.svc.static.microsoft
                                                        2025-03-12 09:34:25 UTC493INHTTP/1.1 200 OK
                                                        Date: Wed, 12 Mar 2025 09:34:24 GMT
                                                        Content-Type: text/plain
                                                        Content-Length: 1114783
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public
                                                        Last-Modified: Mon, 10 Mar 2025 13:15:17 GMT
                                                        ETag: "0x8DD5FD59A686EBF"
                                                        x-ms-request-id: c69b7271-b01e-0002-3031-931b8f000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20250312T093424Z-er19df8ddfbxzv5rhC1EWRwuuw000000046g000000005ah5
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2025-03-12 09:34:25 UTC15891INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
                                                        Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
                                                        2025-03-12 09:34:25 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32
                                                        Data Ascii: /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C T="U32
                                                        2025-03-12 09:34:25 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 49 33 32
                                                        Data Ascii: </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C T="I32
                                                        2025-03-12 09:34:25 UTC16384INData Raw: 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                        Data Ascii: <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE"> <
                                                        2025-03-12 09:34:25 UTC16384INData Raw: 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54
                                                        Data Ascii: I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C> <S T
                                                        2025-03-12 09:34:25 UTC16384INData Raw: 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32 33 2d 30 61 66 39 2d
                                                        Data Ascii: coding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e23-0af9-
                                                        2025-03-12 09:34:25 UTC16384INData Raw: 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55
                                                        Data Ascii: "TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S> <C T="U
                                                        2025-03-12 09:34:25 UTC16384INData Raw: 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20
                                                        Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R> <V
                                                        2025-03-12 09:34:25 UTC16384INData Raw: 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70 74 69 6f 6e 22 3e 0d
                                                        Data Ascii: <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownException">
                                                        2025-03-12 09:34:25 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20
                                                        Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.55896413.107.246.764431008C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                        TimestampBytes transferredDirectionData
                                                        2025-03-12 09:34:32 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                                        Host: otelrules.svc.static.microsoft
                                                        2025-03-12 09:34:32 UTC515INHTTP/1.1 200 OK
                                                        Date: Wed, 12 Mar 2025 09:34:32 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 2128
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                        ETag: "0x8DC582BA41F3C62"
                                                        x-ms-request-id: 99b56f15-001e-0065-1d31-930b73000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20250312T093432Z-er19df8ddfbdp2wphC1EWRh1k800000005h00000000048q0
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2025-03-12 09:34:32 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.55896513.107.246.764431008C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                        TimestampBytes transferredDirectionData
                                                        2025-03-12 09:34:32 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                                        Host: otelrules.svc.static.microsoft
                                                        2025-03-12 09:34:32 UTC491INHTTP/1.1 200 OK
                                                        Date: Wed, 12 Mar 2025 09:34:32 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 204
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                        ETag: "0x8DC582BB6C8527A"
                                                        x-ms-request-id: ecb8ab61-f01e-001f-7731-935dc8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20250312T093432Z-er19df8ddfbnwqtwhC1EWR9brs0000000540000000006xn5
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2025-03-12 09:34:32 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:05:33:11
                                                        Start date:12/03/2025
                                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                        Imagebase:0xa70000
                                                        File size:53'161'064 bytes
                                                        MD5 hash:4A871771235598812032C822E6F68F19
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:7
                                                        Start time:05:34:15
                                                        Start date:12/03/2025
                                                        Path:C:\Windows\splwow64.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\splwow64.exe 12288
                                                        Imagebase:0x7ff6c21a0000
                                                        File size:163'840 bytes
                                                        MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:10
                                                        Start time:05:34:32
                                                        Start date:12/03/2025
                                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Purchase Inquiry.xla.xlsx"
                                                        Imagebase:0xa70000
                                                        File size:53'161'064 bytes
                                                        MD5 hash:4A871771235598812032C822E6F68F19
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        Disassembly

                                                        Code Analysis

                                                        Call Graph

                                                        • Entrypoint
                                                        • Decryption Function
                                                        • Executed
                                                        • Not Executed
                                                        • Show Help
                                                        callgraph 1 Error: Graph is empty

                                                        Module: Sheet1

                                                        Declaration
                                                        LineContent
                                                        1

                                                        Attribute VB_Name = "Sheet1"

                                                        2

                                                        Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                        3

                                                        Attribute VB_GlobalNameSpace = False

                                                        4

                                                        Attribute VB_Creatable = False

                                                        5

                                                        Attribute VB_PredeclaredId = True

                                                        6

                                                        Attribute VB_Exposed = True

                                                        7

                                                        Attribute VB_TemplateDerived = False

                                                        8

                                                        Attribute VB_Customizable = True

                                                        Module: Sheet2

                                                        Declaration
                                                        LineContent
                                                        1

                                                        Attribute VB_Name = "Sheet2"

                                                        2

                                                        Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                        3

                                                        Attribute VB_GlobalNameSpace = False

                                                        4

                                                        Attribute VB_Creatable = False

                                                        5

                                                        Attribute VB_PredeclaredId = True

                                                        6

                                                        Attribute VB_Exposed = True

                                                        7

                                                        Attribute VB_TemplateDerived = False

                                                        8

                                                        Attribute VB_Customizable = True

                                                        Module: Sheet3

                                                        Declaration
                                                        LineContent
                                                        1

                                                        Attribute VB_Name = "Sheet3"

                                                        2

                                                        Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                        3

                                                        Attribute VB_GlobalNameSpace = False

                                                        4

                                                        Attribute VB_Creatable = False

                                                        5

                                                        Attribute VB_PredeclaredId = True

                                                        6

                                                        Attribute VB_Exposed = True

                                                        7

                                                        Attribute VB_TemplateDerived = False

                                                        8

                                                        Attribute VB_Customizable = True

                                                        Module: ThisWorkbook

                                                        Declaration
                                                        LineContent
                                                        1

                                                        Attribute VB_Name = "ThisWorkbook"

                                                        2

                                                        Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                                                        3

                                                        Attribute VB_GlobalNameSpace = False

                                                        4

                                                        Attribute VB_Creatable = False

                                                        5

                                                        Attribute VB_PredeclaredId = True

                                                        6

                                                        Attribute VB_Exposed = True

                                                        7

                                                        Attribute VB_TemplateDerived = False

                                                        8

                                                        Attribute VB_Customizable = True

                                                        Reset < >