Edit tour

Windows Analysis Report
Purchase Order.xla.xlsx

Overview

General Information

Sample name:Purchase Order.xla.xlsx
Analysis ID:1632080
MD5:dad37e3090b45447788f8175d0d25a67
SHA1:be59341ac2a206ddc30a67bdb8951a792a690b96
SHA256:fc49f63b65f6ec5493e8ac495c22e1ac56ced2531cdbe24c37be758723695c53
Tags:CVE-2017-0199xlaxlsxuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Excel sheet contains many unusual embedded objects
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • EXCEL.EXE (PID: 7148 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 4468 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 3652 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Purchase Order.xla.xlsx" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 104.26.0.139, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 7148, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49695
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.6, DestinationIsIpv6: false, DestinationPort: 49695, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 7148, Protocol: tcp, SourceIp: 104.26.0.139, SourceIsIpv6: false, SourcePort: 443
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-07T19:32:48.580774+010020283713Unknown Traffic192.168.2.64969813.107.246.60443TCP
2025-03-07T19:32:56.829202+010020283713Unknown Traffic192.168.2.64970013.107.246.60443TCP
2025-03-07T19:32:56.874999+010020283713Unknown Traffic192.168.2.64969913.107.246.60443TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Purchase Order.xla.xlsxAvira: detected
Source: Purchase Order.xla.xlsxVirustotal: Detection: 42%Perma Link
Source: Purchase Order.xla.xlsxReversingLabs: Detection: 36%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 104.26.0.139:443 -> 192.168.2.6:49695 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.161.200.29:443 -> 192.168.2.6:49696 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:49698 version: TLS 1.2
Source: global trafficDNS query: name: link.orai.io
Source: global trafficDNS query: name: st3.pro
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.6:49695
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.6:49695
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.6:49695
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.6:49695
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.6:49695
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.6:49695
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.6:49695
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.6:49695
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 104.26.0.139:443
Source: global trafficTCP traffic: 104.26.0.139:443 -> 192.168.2.6:49695
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49696
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49696
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49696
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49696
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49696
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49696
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49696
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49696
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49696 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49696
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49697
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49697
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49697
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49697
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49697
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49697
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 5.161.200.29:443 -> 192.168.2.6:49697
Source: global trafficTCP traffic: 192.168.2.6:49697 -> 5.161.200.29:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49698
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49700
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49699
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49699
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49700
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49700
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49700
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49700
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49699
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49699
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49699
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49700
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49700
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49700
Source: global trafficTCP traffic: 192.168.2.6:49700 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49700
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49699
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49699
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49699
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49699
Source: global trafficTCP traffic: 192.168.2.6:49699 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.6:49699
Source: Joe Sandbox ViewIP Address: 104.26.0.139 104.26.0.139
Source: Joe Sandbox ViewIP Address: 5.161.200.29 5.161.200.29
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49699 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49700 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49698 -> 13.107.246.60:443
Source: global trafficHTTP traffic detected: GET /bDtOtA?&disaster=volatile&chipmunk=dizzy&alarm=observant&tutu HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: link.orai.ioConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /nIpWB3U HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: st3.pro
Source: global trafficHTTP traffic detected: GET /404 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: st3.pro
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /bDtOtA?&disaster=volatile&chipmunk=dizzy&alarm=observant&tutu HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: link.orai.ioConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /nIpWB3U HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: st3.pro
Source: global trafficHTTP traffic detected: GET /404 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: st3.pro
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficDNS traffic detected: DNS query: link.orai.io
Source: global trafficDNS traffic detected: DNS query: st3.pro
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Date: Fri, 07 Mar 2025 18:32:38 GMTEtag: "1225-4lR+8o8+z0M1Iq6OMuNgxAtPjT8"Strict-Transport-Security: max-age=15552000; includeSubDomainsVary: Accept-EncodingX-Content-Type-Options: nosniffX-Dns-Prefetch-Control: offX-Download-Options: noopenX-Frame-Options: SAMEORIGINX-Powered-By: Next.jsX-Xss-Protection: 1; mode=blockConnection: closeTransfer-Encoding: chunked
Source: Purchase Order.xla.xlsx, 58630000.0.drString found in binary or memory: https://link.orai.io/bDtOtA?&disaster=volatile&chipmunk=dizzy&alarm=observant&tutu
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownHTTPS traffic detected: 104.26.0.139:443 -> 192.168.2.6:49695 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.161.200.29:443 -> 192.168.2.6:49696 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:49698 version: TLS 1.2

System Summary

barindex
Source: Purchase Order.xla.xlsxOLE: Microsoft Excel 2007+
Source: ~DFD1DBE2EB4365958B.TMP.0.drOLE: Microsoft Excel 2007+
Source: 58630000.0.drOLE: Microsoft Excel 2007+
Source: Purchase Order.xla.xlsxOLE indicator, VBA macros: true
Source: Purchase Order.xla.xlsxStream path 'MBD0026E067/\x1Ole' : https://link.orai.io/bDtOtA?&disaster=volatile&chipmunk=dizzy&alarm=observant&tutu7CPH?Y4u?KD0n2b[ 2K,O>aa%AYPj@gn<r"K\*(*BY 4h[5IH"q>'k~.Hy:N5x^[."BdE2dr'.J(bUF d##C0?9u8//;LeIVJ8SbVr1zDLaDd0CcmEdmRsmFRmfu7LfNOEVMRK3X8blZNUoE4O0FPH8AWoEXFh7wcdLhaqPFIMYJ2adkTqYX6SstfItMQm6aD4NEojcShVsLxY6w7NntfoeYLKBEkT1H9GQZWYZ8LMsQ1pLw3cWNgBrpqngwjmeRSkMUR4yozIvRNHzV8pmHvPX2XMPKHFU9xf7hdTCRPMI9bsNvE9bsvmFyVYMLjXuzW5xul8EeAN-c#{4[';ZXMRBd
Source: 58630000.0.drStream path 'MBD0026E067/\x1Ole' : https://link.orai.io/bDtOtA?&disaster=volatile&chipmunk=dizzy&alarm=observant&tutu7CPH?Y4u?KD0n2b[ 2K,O>aa%AYPj@gn<r"K\*(*BY 4h[5IH"q>'k~.Hy:N5x^[."BdE2dr'.J(bUF d##C0?9u8//;LeIVJ8SbVr1zDLaDd0CcmEdmRsmFRmfu7LfNOEVMRK3X8blZNUoE4O0FPH8AWoEXFh7wcdLhaqPFIMYJ2adkTqYX6SstfItMQm6aD4NEojcShVsLxY6w7NntfoeYLKBEkT1H9GQZWYZ8LMsQ1pLw3cWNgBrpqngwjmeRSkMUR4yozIvRNHzV8pmHvPX2XMPKHFU9xf7hdTCRPMI9bsNvE9bsvmFyVYMLjXuzW5xul8EeAN-c#{4[';ZXMRBd
Source: ~DFD1DBE2EB4365958B.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEWindow title found: microsoft excel okexcel cannot open the file 'purchase order.xla.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.
Source: classification engineClassification label: mal60.winXLSX@4/9@3/3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Purchase Order.xla.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{FC481388-B7AB-400F-9D6C-CCB0D2BABFB7} - OProcSessId.datJump to behavior
Source: Purchase Order.xla.xlsxOLE indicator, Workbook stream: true
Source: 58630000.0.drOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: Purchase Order.xla.xlsxVirustotal: Detection: 42%
Source: Purchase Order.xla.xlsxReversingLabs: Detection: 36%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Purchase Order.xla.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: Purchase Order.xla.xlsxStatic file information: File size 1231360 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: ~DFD1DBE2EB4365958B.TMP.0.drInitial sample: OLE indicators vbamacros = False
Source: Purchase Order.xla.xlsxInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: Purchase Order.xla.xlsxStream path 'MBD0026E066/Package' entropy: 7.99271659578 (max. 8.0)
Source: Purchase Order.xla.xlsxStream path 'Workbook' entropy: 7.9982936663 (max. 8.0)
Source: ~DFD1DBE2EB4365958B.TMP.0.drStream path 'Package' entropy: 7.9953613144 (max. 8.0)
Source: 58630000.0.drStream path 'MBD0026E066/Package' entropy: 7.9953613144 (max. 8.0)
Source: 58630000.0.drStream path 'Workbook' entropy: 7.99840741997 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 808Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
Valid Accounts3
Exploitation for Client Execution
1
Scripting
1
Process Injection
2
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection
Security Account Manager1
Application Window Discovery
SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information
NTDS1
File and Directory Discovery
Distributed Component Object ModelInput Capture14
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1632080 Sample: Purchase Order.xla.xlsx Startdate: 07/03/2025 Architecture: WINDOWS Score: 60 17 star-azurefd-prod.trafficmanager.net 2->17 19 st3.pro 2->19 21 5 other IPs or domains 2->21 29 Antivirus / Scanner detection for submitted sample 2->29 31 Multi AV Scanner detection for submitted file 2->31 33 Excel sheet contains many unusual embedded objects 2->33 7 EXCEL.EXE 229 72 2->7         started        11 EXCEL.EXE 50 43 2->11         started        signatures3 process4 dnsIp5 23 s-part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 49698, 49699 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 7->23 25 st3.pro 5.161.200.29, 443, 49696, 49697 HETZNER-ASDE Germany 7->25 27 link.orai.io 104.26.0.139, 443, 49695 CLOUDFLARENETUS United States 7->27 15 C:\Users\user\...\~$Purchase Order.xla.xlsx, data 7->15 dropped 13 splwow64.exe 1 7->13         started        file6 process7

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
Purchase Order.xla.xlsx43%VirustotalBrowse
Purchase Order.xla.xlsx37%ReversingLabsDocument-Excel.Exploit.CVE-2017-0199
Purchase Order.xla.xlsx100%AviraW97M/AVI.Agent.nvusu
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://link.orai.io/bDtOtA?&disaster=volatile&chipmunk=dizzy&alarm=observant&tutu0%Avira URL Cloudsafe
https://st3.pro/nIpWB3U0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
link.orai.io
104.26.0.139
truefalse
    high
    st3.pro
    5.161.200.29
    truefalse
      high
      s-0005.dual-s-msedge.net
      52.123.129.14
      truefalse
        high
        s-part-0032.t-0009.t-msedge.net
        13.107.246.60
        truefalse
          high
          otelrules.svc.static.microsoft
          unknown
          unknownfalse
            high
            NameMaliciousAntivirus DetectionReputation
            https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
              high
              https://link.orai.io/bDtOtA?&disaster=volatile&chipmunk=dizzy&alarm=observant&tutufalse
              • Avira URL Cloud: safe
              unknown
              https://st3.pro/404false
                high
                https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
                  high
                  https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                    high
                    https://st3.pro/nIpWB3Ufalse
                    • Avira URL Cloud: safe
                    unknown
                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs
                    IPDomainCountryFlagASNASN NameMalicious
                    104.26.0.139
                    link.orai.ioUnited States
                    13335CLOUDFLARENETUSfalse
                    5.161.200.29
                    st3.proGermany
                    24940HETZNER-ASDEfalse
                    13.107.246.60
                    s-part-0032.t-0009.t-msedge.netUnited States
                    8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    Joe Sandbox version:42.0.0 Malachite
                    Analysis ID:1632080
                    Start date and time:2025-03-07 19:30:20 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 5m 29s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsofficecookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Run name:Without Instrumentation
                    Number of analysed new started processes analysed:12
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:Purchase Order.xla.xlsx
                    Detection:MAL
                    Classification:mal60.winXLSX@4/9@3/3
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • Found application associated with file extension: .xlsx
                    • Found Word or Excel or PowerPoint or XPS Viewer
                    • Attach to Office via COM
                    • Active ActiveX Object
                    • Active ActiveX Object
                    • Scroll down
                    • Close Viewer
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 52.109.76.240, 23.60.203.209, 52.109.28.47, 20.189.173.24, 52.109.32.97, 20.42.72.131, 52.123.129.14, 20.190.159.130
                    • Excluded domains from analysis (whitelisted): fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, login.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ukw-azsc-config.officeapps.live.com, c.pki.goog, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, neu-azsc-config.officeapps.live.com, uks-azsc-000.roaming.officeapps.live.com, config.officeapps.live.com, e16604.f.akamaiedge.net, onedscolprdeus00.eastus.cloudapp.azure.com, onedscolprdwus23.westus.cloudapp.azure.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtCreateKey calls found.
                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    TimeTypeDescription
                    13:32:40API Interceptor846x Sleep call for process: splwow64.exe modified
                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    104.26.0.139NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                      Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                        Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                          VALPESA7809034mex_2025.xlsGet hashmaliciousUnknownBrowse
                            SWIFT COPY.xlsGet hashmaliciousUnknownBrowse
                              Confirmation number 0001592289.xlsGet hashmaliciousUnknownBrowse
                                SWIFT COPY.xlsGet hashmaliciousUnknownBrowse
                                  05 BOIRON F 240700457 ORDEN 05 MAR 2025.xlsGet hashmaliciousUnknownBrowse
                                    5.161.200.29NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                      New Order.xlsGet hashmaliciousUnknownBrowse
                                        Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                          Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                            NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                              New Order.xlsGet hashmaliciousUnknownBrowse
                                                Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
                                                    • www.mimecast.com/Customers/Support/Contact-support/
                                                    http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
                                                    • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5
                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    link.orai.ioNEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                    • 104.26.0.139
                                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                                    • 104.26.1.139
                                                    Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 104.26.1.139
                                                    Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 104.26.0.139
                                                    NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                    • 104.26.1.139
                                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                                    • 104.26.1.139
                                                    Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 172.67.68.60
                                                    Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 104.26.0.139
                                                    st3.proNEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    HETZNER-ASDENEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    CLOUDFLARENETUSNEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                    • 104.26.0.139
                                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                                    • 104.26.1.139
                                                    JqGBbm7.exeGet hashmaliciousLummaC StealerBrowse
                                                    • 188.114.97.3
                                                    Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 104.26.1.139
                                                    Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 104.26.0.139
                                                    NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                    • 104.26.1.139
                                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                                    • 104.26.1.139
                                                    Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 172.67.68.60
                                                    MICROSOFT-CORP-MSN-AS-BLOCKUSNEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.60
                                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.60
                                                    Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.60
                                                    Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.60
                                                    NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.60
                                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.60
                                                    Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 13.107.253.72
                                                    Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.60
                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    6271f898ce5be7dd52b0fc260d0662b3NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    • 104.26.0.139
                                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    • 104.26.0.139
                                                    Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    • 104.26.0.139
                                                    Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    • 104.26.0.139
                                                    VALPESA7809034mex_2025.xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    • 104.26.0.139
                                                    Confirmation number 0001592289.xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    • 104.26.0.139
                                                    SWIFT COPY.xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    • 104.26.0.139
                                                    Confirmation number 0001592289.xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    • 104.26.0.139
                                                    VALPESA7809034mex_2025.xlsGet hashmaliciousUnknownBrowse
                                                    • 5.161.200.29
                                                    • 104.26.0.139
                                                    a0e9f5d64349fb13191bc781f81f42e1JqGBbm7.exeGet hashmaliciousLummaC StealerBrowse
                                                    • 13.107.246.60
                                                    NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.60
                                                    New Order.xlsGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.60
                                                    Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.60
                                                    Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.60
                                                    Royal Mail Inland Claim Form V1.3.xlsmGet hashmaliciousUnknownBrowse
                                                    • 13.107.246.60
                                                    alex122121.exeGet hashmaliciousLummaC StealerBrowse
                                                    • 13.107.246.60
                                                    alex12312.exeGet hashmaliciousLummaC Stealer, PureLog StealerBrowse
                                                    • 13.107.246.60
                                                    fuck122112.exeGet hashmaliciousLummaC StealerBrowse
                                                    • 13.107.246.60
                                                    No context
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):118
                                                    Entropy (8bit):3.5700810731231707
                                                    Encrypted:false
                                                    SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                    MD5:573220372DA4ED487441611079B623CD
                                                    SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                    SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                    SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                    Malicious:false
                                                    Reputation:high, very likely benign file
                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):784
                                                    Entropy (8bit):2.7137690747287806
                                                    Encrypted:false
                                                    SSDEEP:24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV
                                                    MD5:09F73B3902CD3D88E04312787956B654
                                                    SHA1:A6C275F1A65DB02D8A752C614C27E88326447C41
                                                    SHA-256:72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26
                                                    SHA-512:6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.3.0.0.4.9.2.6.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3::
                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                    Malicious:false
                                                    Reputation:high, very likely benign file
                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):1056768
                                                    Entropy (8bit):7.965377006992582
                                                    Encrypted:false
                                                    SSDEEP:24576:zuCwF0EtC90qOU48EOIb7QaXtA3hK40UY86TyJIwg:sq4bcLY+zg
                                                    MD5:5159CB0F8AE2538FEB7A535169339A88
                                                    SHA1:D51A02FDD2D7EDEC2D73A853ED42A339814D29FF
                                                    SHA-256:B3E7FA8416E2F6E8B5019DEE679195325B499C26944173E25A61FE99827AB0C8
                                                    SHA-512:090EFA712CF9D323BD222AAB9433DCD3BAD2A508AAA455102EB48C5BC05121B3DF1CC4F73406B4511CF9D1D68B2AC2614A93BFF33C57A4300EB82AB04BACE2F9
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                    Category:dropped
                                                    Size (bytes):1077248
                                                    Entropy (8bit):7.937097366046363
                                                    Encrypted:false
                                                    SSDEEP:24576:guCwF0EtC90qOU48EOIb7QaXtA3hK40UY86TyJIwg:/q4bcLY+zg
                                                    MD5:AA4B54FA8A957960AC89E49DF93B551D
                                                    SHA1:4FC8E436DD1AD37D5A139BD0E716389A6144E58E
                                                    SHA-256:FA3AE06A6F6D3CF594140B7EDC4B44B9C9F55FC8A5107A520C15EE16CAB879AF
                                                    SHA-512:17BBC892AB556A8ABA425D070EB08021F761C9B5B0FA18820711C6ABE53E8F0ED1E4DCAC3AC850C864F5BD0A93B1547D5537D02A358EE744BF9FCD3BDBD2CFFC
                                                    Malicious:false
                                                    Preview:......................>...................H........................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...........................................................................................................................................................................................................................................................................................................................................................................................................................................................J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Mar 7 18:33:00 2025, Security: 1
                                                    Category:dropped
                                                    Size (bytes):1343488
                                                    Entropy (8bit):7.989247598537048
                                                    Encrypted:false
                                                    SSDEEP:24576:euCwF0EtC90qOU48EOIb7QaXtA3hK40UY86TyJIwgB6Ffw:hq4bcLY+zgA
                                                    MD5:8AB286D4DD1C170892739E3102A958D5
                                                    SHA1:D70138FD1E50918D6E68E9693EB74CB6FD8716DA
                                                    SHA-256:6DAFE2B2DDC52F0BB1A0BEA104FEFB4E3EF7F82AF89E711FFC5152C74760522B
                                                    SHA-512:40E06F1EFD187E9926ED60A7DD8420394E1FDE0079A1D7D29085AD086674B06FBF03BC259DA69E3277F0912B35D87173166A1C0E89ED56871ED73025A7B08A25
                                                    Malicious:false
                                                    Preview:......................>.......................................................................................................................e.......g...............................................................................................................................................................................................................................................................................................................................................................................=................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:modified
                                                    Size (bytes):26
                                                    Entropy (8bit):3.95006375643621
                                                    Encrypted:false
                                                    SSDEEP:3:ggPYV:rPYV
                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                    Malicious:false
                                                    Preview:[ZoneTransfer]....ZoneId=0
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Mar 7 18:33:00 2025, Security: 1
                                                    Category:dropped
                                                    Size (bytes):1343488
                                                    Entropy (8bit):7.989247598537048
                                                    Encrypted:false
                                                    SSDEEP:24576:euCwF0EtC90qOU48EOIb7QaXtA3hK40UY86TyJIwgB6Ffw:hq4bcLY+zgA
                                                    MD5:8AB286D4DD1C170892739E3102A958D5
                                                    SHA1:D70138FD1E50918D6E68E9693EB74CB6FD8716DA
                                                    SHA-256:6DAFE2B2DDC52F0BB1A0BEA104FEFB4E3EF7F82AF89E711FFC5152C74760522B
                                                    SHA-512:40E06F1EFD187E9926ED60A7DD8420394E1FDE0079A1D7D29085AD086674B06FBF03BC259DA69E3277F0912B35D87173166A1C0E89ED56871ED73025A7B08A25
                                                    Malicious:false
                                                    Preview:......................>.......................................................................................................................e.......g...............................................................................................................................................................................................................................................................................................................................................................................=................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):165
                                                    Entropy (8bit):1.610853976637159
                                                    Encrypted:false
                                                    SSDEEP:3:iXFQLjLlAWFd:97
                                                    MD5:CA2C2DB316A89F044206082EEB3A366E
                                                    SHA1:B1B7DFF94B991B26093AA29BF3793DDE245412E1
                                                    SHA-256:12393F1035745AD02C149920E37AFFE459CD0448A2AFEE25C1FABA8060758FF7
                                                    SHA-512:66BC8C779431737A3FA00AF7697C299BC473B6FD22D48914986821DA7C0AB90554D32F7F2B471EAB5410F9C0DE7E076F4D6DEDDCCE1948818F7781DAE9EDEBE7
                                                    Malicious:true
                                                    Preview:.user ..e.n.g.i.n.e.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Mar 6 02:58:22 2025, Security: 1
                                                    Entropy (8bit):7.980127087808385
                                                    TrID:
                                                    • Microsoft Excel sheet (30009/1) 47.99%
                                                    • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                    • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                    File name:Purchase Order.xla.xlsx
                                                    File size:1'231'360 bytes
                                                    MD5:dad37e3090b45447788f8175d0d25a67
                                                    SHA1:be59341ac2a206ddc30a67bdb8951a792a690b96
                                                    SHA256:fc49f63b65f6ec5493e8ac495c22e1ac56ced2531cdbe24c37be758723695c53
                                                    SHA512:7780cef11801ccad2ab86ef47bb2b5d7f48268935a75c36d2fd6dc1e3e08b8fa0fc2a504e5ebe63971bdd73210ed5e54ed6a32f0b6b045f266968be21ad1817c
                                                    SSDEEP:24576:xJIwgbtTgdAnIOXR8YhbBWvdp8tLUWBMDcPrhU3Vjo+nQFSMCxpVGWT:xzgZTcM8YkpwLUwhyo+nKSfzVGWT
                                                    TLSH:534523E4ED947E02CF4B867A5B4AD41E9427FE4E3349900B3134775A063BA7C46F6A0E
                                                    File Content Preview:........................>...............................................................................................................y.......{..............................................................................................................
                                                    Icon Hash:35e58a8c0c8a85b9
                                                    Document Type:OLE
                                                    Number of OLE Files:1
                                                    Has Summary Info:
                                                    Application Name:Microsoft Excel
                                                    Encrypted Document:True
                                                    Contains Word Document Stream:False
                                                    Contains Workbook/Book Stream:True
                                                    Contains PowerPoint Document Stream:False
                                                    Contains Visio Document Stream:False
                                                    Contains ObjectPool Stream:False
                                                    Flash Objects Count:0
                                                    Contains VBA Macros:True
                                                    Code Page:1252
                                                    Author:
                                                    Last Saved By:
                                                    Create Time:2006-09-16 00:00:00
                                                    Last Saved Time:2025-03-06 02:58:22
                                                    Creating Application:Microsoft Excel
                                                    Security:1
                                                    Document Code Page:1252
                                                    Thumbnail Scaling Desired:False
                                                    Contains Dirty Links:False
                                                    Shared Document:False
                                                    Changed Hyperlinks:False
                                                    Application Version:786432
                                                    General
                                                    Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                                    VBA File Name:Sheet1.cls
                                                    Stream Size:977
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c da a3 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                    Attribute VB_Name = "Sheet1"
                                                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
                                                    Attribute VB_GlobalNameSpace = False
                                                    Attribute VB_Creatable = False
                                                    Attribute VB_PredeclaredId = True
                                                    Attribute VB_Exposed = True
                                                    Attribute VB_TemplateDerived = False
                                                    Attribute VB_Customizable = True
                                                    

                                                    General
                                                    Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                                    VBA File Name:Sheet2.cls
                                                    Stream Size:977
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c f9 12 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                    Attribute VB_Name = "Sheet2"
                                                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
                                                    Attribute VB_GlobalNameSpace = False
                                                    Attribute VB_Creatable = False
                                                    Attribute VB_PredeclaredId = True
                                                    Attribute VB_Exposed = True
                                                    Attribute VB_TemplateDerived = False
                                                    Attribute VB_Customizable = True
                                                    

                                                    General
                                                    Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                                    VBA File Name:Sheet3.cls
                                                    Stream Size:977
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0
                                                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c 9c 8a 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                    Attribute VB_Name = "Sheet3"
                                                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
                                                    Attribute VB_GlobalNameSpace = False
                                                    Attribute VB_Creatable = False
                                                    Attribute VB_PredeclaredId = True
                                                    Attribute VB_Exposed = True
                                                    Attribute VB_TemplateDerived = False
                                                    Attribute VB_Customizable = True
                                                    

                                                    General
                                                    Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                    VBA File Name:ThisWorkbook.cls
                                                    Stream Size:985
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0
                                                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 c7 8c 95 85 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                    Attribute VB_Name = "ThisWorkbook"
                                                    Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
                                                    Attribute VB_GlobalNameSpace = False
                                                    Attribute VB_Creatable = False
                                                    Attribute VB_PredeclaredId = True
                                                    Attribute VB_Exposed = True
                                                    Attribute VB_TemplateDerived = False
                                                    Attribute VB_Customizable = True
                                                    

                                                    General
                                                    Stream Path:\x1CompObj
                                                    CLSID:
                                                    File Type:data
                                                    Stream Size:114
                                                    Entropy:4.25248375192737
                                                    Base64 Encoded:True
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                    General
                                                    Stream Path:\x5DocumentSummaryInformation
                                                    CLSID:
                                                    File Type:data
                                                    Stream Size:244
                                                    Entropy:2.889430592781307
                                                    Base64 Encoded:False
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                                    General
                                                    Stream Path:\x5SummaryInformation
                                                    CLSID:
                                                    File Type:data
                                                    Stream Size:200
                                                    Entropy:3.226575879994164
                                                    Base64 Encoded:False
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . C . . . . . . . . .
                                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                    General
                                                    Stream Path:MBD0026E066/\x1CompObj
                                                    CLSID:
                                                    File Type:data
                                                    Stream Size:99
                                                    Entropy:3.631242196770981
                                                    Base64 Encoded:False
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                                                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                    General
                                                    Stream Path:MBD0026E066/Package
                                                    CLSID:
                                                    File Type:Microsoft Excel 2007+
                                                    Stream Size:919251
                                                    Entropy:7.992716595778883
                                                    Base64 Encoded:True
                                                    Data ASCII:P K . . . . . . . . . . ! . h . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                    Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 d5 68 cd d7 f9 01 00 00 da 08 00 00 13 00 c4 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c0 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                    General
                                                    Stream Path:MBD0026E067/\x1Ole
                                                    CLSID:
                                                    File Type:data
                                                    Stream Size:984
                                                    Entropy:5.527672040042076
                                                    Base64 Encoded:True
                                                    Data ASCII:. . . . o . 0 . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . l . i . n . k . . . o . r . a . i . . . i . o . / . b . D . t . O . t . A . ? . & . d . i . s . a . s . t . e . r . = . v . o . l . a . t . i . l . e . & . c . h . i . p . m . u . n . k . = . d . i . z . z . y . & . a . l . a . r . m . = . o . b . s . e . r . v . a . n . t . & . t . u . t . u . . . 7 C P . . H . ? . Y . 4 u ? K . D 0 . . n 2 . b [ 2 . K , O . > a a % A . Y P j . @ . g n < . r " K \\ . * ( * . B .
                                                    Data Raw:01 00 00 02 83 9a f6 6f da 0f ac 30 00 00 00 00 00 00 00 00 00 00 00 00 9e 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 9a 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6c 00 69 00 6e 00 6b 00 2e 00 6f 00 72 00 61 00 69 00 2e 00 69 00 6f 00 2f 00 62 00 44 00 74 00 4f 00 74 00 41 00 3f 00 26 00 64 00 69 00 73 00 61 00 73 00 74 00 65 00 72 00 3d 00 76 00 6f 00
                                                    General
                                                    Stream Path:Workbook
                                                    CLSID:
                                                    File Type:Applesoft BASIC program data, first line number 16
                                                    Stream Size:287688
                                                    Entropy:7.998293666295266
                                                    Base64 Encoded:True
                                                    Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . . n A @ . l O 6 o 4 Q * . 1 G y K i T J ( ( Z . . . . . . . . . . . . . . . \\ . p . . 1 . 2 . T . 1 . . k ; ] t . f a . . f , > . m " . ) . z . k + ? ~ ) 6 o . K p . . . b H t O } . . O D + . K B . ; b P B . . . E a . . . j & . . . = . . . . u b T & . . . J ~ % y . . q + . . . : . . . . . . . . . . . . u . . . n . . . K . = . . . . E _ x ; q ) . . @ . . . . . . . . . " . . . ? s . . . . } . . . k . . . $ 1 . . . . + \\ . \\ A 1 { 1 . ; n 2 % D ( 1 . . . 6
                                                    Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 e9 e7 0e ff 9c dd 6e 41 40 ae d1 a1 6c 4f 36 6f bc e1 34 b6 c5 f6 f4 51 2a 08 8d 31 47 79 4b 69 fc 54 ca 4a a0 ce 28 cd 28 8b 9e b1 b4 5a d9 8c 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 fa 00 e2 00 00 00 5c 00 70 00 06 a7 f3 31 0d 32 96 03 54 c3 db c4 b5 fb 31 1e a1 b1 07 6b 3b 5d f2 74 9d 85
                                                    General
                                                    Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                    CLSID:
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Stream Size:525
                                                    Entropy:5.212796843587302
                                                    Base64 Encoded:True
                                                    Data ASCII:I D = " { D B 7 8 F 5 A A - 8 A 4 6 - 4 8 A C - 8 0 7 2 - 6 D 5 1 E 0 9 5 E 4 2 1 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 2 7 2 5 C 6 C 4 4 A 4 4 0 8 4 8 0
                                                    Data Raw:49 44 3d 22 7b 44 42 37 38 46 35 41 41 2d 38 41 34 36 2d 34 38 41 43 2d 38 30 37 32 2d 36 44 35 31 45 30 39 35 45 34 32 31 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                                    General
                                                    Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                    CLSID:
                                                    File Type:data
                                                    Stream Size:104
                                                    Entropy:3.0488640812019017
                                                    Base64 Encoded:False
                                                    Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                                    Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                                    General
                                                    Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                    CLSID:
                                                    File Type:data
                                                    Stream Size:2644
                                                    Entropy:3.997077137692501
                                                    Base64 Encoded:False
                                                    Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                                    Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                                    General
                                                    Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                                    CLSID:
                                                    File Type:data
                                                    Stream Size:553
                                                    Entropy:6.3912088754515315
                                                    Base64 Encoded:True
                                                    Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . u i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E
                                                    Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 75 9d e0 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                                    Download Network PCAP: filteredfull

                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                    2025-03-07T19:32:48.580774+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.64969813.107.246.60443TCP
                                                    2025-03-07T19:32:56.829202+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.64970013.107.246.60443TCP
                                                    2025-03-07T19:32:56.874999+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.64969913.107.246.60443TCP
                                                    • Total Packets: 229
                                                    • 443 (HTTPS)
                                                    • 53 (DNS)
                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Mar 7, 2025 19:32:30.582293987 CET49695443192.168.2.6104.26.0.139
                                                    Mar 7, 2025 19:32:30.582335949 CET44349695104.26.0.139192.168.2.6
                                                    Mar 7, 2025 19:32:30.582406044 CET49695443192.168.2.6104.26.0.139
                                                    Mar 7, 2025 19:32:30.585167885 CET49695443192.168.2.6104.26.0.139
                                                    Mar 7, 2025 19:32:30.585189104 CET44349695104.26.0.139192.168.2.6
                                                    Mar 7, 2025 19:32:32.654055119 CET44349695104.26.0.139192.168.2.6
                                                    Mar 7, 2025 19:32:32.654200077 CET49695443192.168.2.6104.26.0.139
                                                    Mar 7, 2025 19:32:32.659343004 CET49695443192.168.2.6104.26.0.139
                                                    Mar 7, 2025 19:32:32.659363985 CET44349695104.26.0.139192.168.2.6
                                                    Mar 7, 2025 19:32:32.659631968 CET44349695104.26.0.139192.168.2.6
                                                    Mar 7, 2025 19:32:32.659799099 CET49695443192.168.2.6104.26.0.139
                                                    Mar 7, 2025 19:32:32.660221100 CET49695443192.168.2.6104.26.0.139
                                                    Mar 7, 2025 19:32:32.704339027 CET44349695104.26.0.139192.168.2.6
                                                    Mar 7, 2025 19:32:33.364924908 CET44349695104.26.0.139192.168.2.6
                                                    Mar 7, 2025 19:32:33.365010023 CET44349695104.26.0.139192.168.2.6
                                                    Mar 7, 2025 19:32:33.365041971 CET49695443192.168.2.6104.26.0.139
                                                    Mar 7, 2025 19:32:33.365077019 CET49695443192.168.2.6104.26.0.139
                                                    Mar 7, 2025 19:32:33.371001959 CET49695443192.168.2.6104.26.0.139
                                                    Mar 7, 2025 19:32:33.371031046 CET44349695104.26.0.139192.168.2.6
                                                    Mar 7, 2025 19:32:33.393745899 CET49696443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:33.393794060 CET443496965.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:33.393865108 CET49696443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:33.394176006 CET49696443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:33.394192934 CET443496965.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:35.549537897 CET443496965.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:35.549736023 CET49696443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:35.554924965 CET49696443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:35.554945946 CET443496965.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:35.555190086 CET443496965.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:35.555247068 CET49696443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:35.555908918 CET49696443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:35.600325108 CET443496965.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:36.159265995 CET443496965.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:36.159358978 CET443496965.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:36.159388065 CET49696443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:36.159406900 CET49696443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:36.168463945 CET49696443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:36.168482065 CET443496965.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:36.169502020 CET49697443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:36.169545889 CET443496975.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:36.169622898 CET49697443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:36.169883966 CET49697443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:36.169899940 CET443496975.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:38.664824963 CET443496975.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:38.665016890 CET49697443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:38.666026115 CET49697443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:38.666042089 CET443496975.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:38.666397095 CET49697443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:38.666405916 CET443496975.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:39.188796997 CET443496975.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:39.189102888 CET49697443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:39.190212011 CET49697443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:39.190285921 CET443496975.161.200.29192.168.2.6
                                                    Mar 7, 2025 19:32:39.190387964 CET49697443192.168.2.65.161.200.29
                                                    Mar 7, 2025 19:32:44.741841078 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:44.741899967 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:44.742044926 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:44.742554903 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:44.742571115 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:48.580656052 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:48.580774069 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:48.582995892 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:48.583015919 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:48.583292961 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:48.585088968 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:48.628320932 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.197467089 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.197552919 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.197597027 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.197652102 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.197712898 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.197746038 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.197771072 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.275003910 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.275059938 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.275099993 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.275135040 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.275165081 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.275187016 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.321484089 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.321532011 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.321578026 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.321609020 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.321645021 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.321666956 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.368057013 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.368175030 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.368180990 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.368210077 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.368257046 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.368284941 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.411374092 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.411432028 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.411499023 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.411513090 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.411576033 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.459634066 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.459667921 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.459729910 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.459747076 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.459793091 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.459817886 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.499491930 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.499517918 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.499577045 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.499603033 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.499633074 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.499644995 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.535857916 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.535880089 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.535938978 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.535952091 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.535996914 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.536021948 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.556791067 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.556824923 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.556888103 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.556899071 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.556937933 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.556948900 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.575454950 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.575476885 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.575648069 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.575660944 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.575822115 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.597084045 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.597162008 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.597204924 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.597212076 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.597261906 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.597275019 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.622551918 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.622598886 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.622646093 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.622652054 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.622684956 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.622711897 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.648988962 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.649008989 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.649091959 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.649105072 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.649151087 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.663417101 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.663459063 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.663516045 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.663522005 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.663544893 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.663633108 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.676944971 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.676986933 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.677046061 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.677062988 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.677078009 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.677149057 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.696347952 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.696372032 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.696438074 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.696454048 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.696469069 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.696495056 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.732765913 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.732784033 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.732853889 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.732868910 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.732914925 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.762032986 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.762104034 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.762114048 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.762130022 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.762152910 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.762175083 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.792354107 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.792406082 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.792452097 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.792463064 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.792491913 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.792515993 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.830184937 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.830230951 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.830279112 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.830286026 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.830327034 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.830349922 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.832401037 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.832461119 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.832479954 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.832487106 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.832525015 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.832535028 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.834883928 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.834927082 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.834964037 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.834969997 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.835007906 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.835026026 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.836636066 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.836683989 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.836726904 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.836733103 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.836771011 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.836867094 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.841511965 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.841552019 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.841597080 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.841630936 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.841643095 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.841689110 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.865051985 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.865094900 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.865122080 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.865128994 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.865149021 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.865252972 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.887991905 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.888036013 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.888086081 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.888092041 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.888124943 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.888153076 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.903465986 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.903507948 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.903572083 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.903578997 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.903615952 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.903639078 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.915416956 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.915473938 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.915505886 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.915512085 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.915553093 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.919544935 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.919615984 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.919677973 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.919684887 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.919707060 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.919727087 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.926697016 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.926740885 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.926826954 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.926837921 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.926938057 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.936542988 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.936584949 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.936655045 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.936661005 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.936709881 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.951474905 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.951523066 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.951560020 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.951566935 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.951632977 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.968331099 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.968346119 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.968415976 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.968435049 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.968477964 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.986605883 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.986619949 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.986712933 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:49.986743927 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:49.986845970 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.002871990 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.002886057 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.002958059 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.002964973 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.003002882 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.009439945 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.009497881 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.009533882 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.009541035 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.009594917 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.015202999 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.015247107 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.015284061 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.015290022 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.015341997 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.022870064 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.022914886 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.022953033 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.022989035 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.023008108 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.023396015 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.031337023 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.031378984 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.031408072 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.031416893 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.031455994 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.031476974 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.045892000 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.045922041 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.045969009 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.045991898 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.046010017 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.046036959 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.063396931 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.063412905 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.063483953 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.063492060 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.063544989 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.093502045 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.093523026 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.093591928 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.093609095 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.093650103 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.119930029 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.119951010 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.120001078 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.120009899 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.120045900 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.120085001 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.131226063 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.131248951 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.131462097 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.131478071 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.131531000 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.136835098 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.136857986 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.136917114 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.136924982 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.136964083 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.146584034 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.146605968 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.146646976 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.146656990 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.146703005 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.159174919 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.159193993 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.159255981 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.159264088 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.159321070 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.178436995 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.178459883 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.178524971 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.178539991 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.178567886 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.178587914 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.205168962 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.205199003 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.205252886 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.205264091 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.205316067 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.263652086 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.263669968 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.263812065 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.263825893 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.263889074 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.327124119 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.327141047 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.327244997 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.327255011 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.327318907 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.350719929 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.350743055 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.350795984 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.350805044 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.350852966 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.364130020 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.364150047 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.364204884 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.364213943 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.364276886 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.382591963 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.382637978 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.382679939 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.382703066 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.382725000 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.382745981 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.409749985 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.409768105 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.409838915 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.409848928 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.409889936 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.439655066 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.439671040 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.439737082 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.439764977 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.439778090 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.439805031 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.461570024 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.461589098 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.461648941 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.461674929 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.461726904 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.513726950 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.513747931 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.513813972 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.513819933 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.513871908 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.571643114 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.571693897 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.571753979 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.571775913 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.571790934 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.571818113 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.585036039 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.585127115 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.585134029 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.585175991 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.585196972 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.585314989 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.590572119 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.590595007 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.590661049 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.590667963 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.590718031 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.600963116 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.600984097 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.601047993 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.601053953 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.601272106 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.612685919 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.612709045 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.612792969 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.612799883 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.612994909 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.624425888 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.624445915 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.624525070 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.624530077 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.624667883 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.635632038 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.635653973 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.635726929 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.635749102 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.637559891 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.667654991 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.667675972 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.667733908 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.667761087 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.667783976 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.667802095 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.711237907 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.711260080 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.711325884 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.711349010 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.711370945 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.711386919 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.720472097 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.720488071 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.720518112 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.720550060 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.720566988 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.720588923 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.720588923 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.720633030 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.720899105 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.720915079 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:50.720925093 CET49698443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:50.720930099 CET4434969813.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:54.238257885 CET49699443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:54.238260984 CET49700443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:54.238320112 CET4434970013.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:54.238322020 CET4434969913.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:54.238420010 CET49699443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:54.238684893 CET49700443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:54.238686085 CET49699443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:54.238684893 CET49700443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:54.238708019 CET4434969913.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:54.238724947 CET4434970013.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:56.828088045 CET4434970013.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:56.829201937 CET49700443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:56.829235077 CET4434970013.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:56.830249071 CET49700443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:56.830255032 CET4434970013.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:56.874408007 CET4434969913.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:56.874999046 CET49699443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:56.875030994 CET4434969913.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:56.875875950 CET49699443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:56.875883102 CET4434969913.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:57.688445091 CET4434970013.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:57.688524008 CET4434970013.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:57.688649893 CET49700443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:57.690026045 CET49700443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:57.690047026 CET4434970013.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:57.690057039 CET49700443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:57.690063000 CET4434970013.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:57.693526983 CET4434969913.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:57.693557978 CET4434969913.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:57.693629980 CET49699443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:57.693635941 CET4434969913.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:57.693679094 CET49699443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:57.693830967 CET49699443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:57.693852901 CET4434969913.107.246.60192.168.2.6
                                                    Mar 7, 2025 19:32:57.693866014 CET49699443192.168.2.613.107.246.60
                                                    Mar 7, 2025 19:32:57.693872929 CET4434969913.107.246.60192.168.2.6
                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Mar 7, 2025 19:32:30.570559978 CET5676653192.168.2.61.1.1.1
                                                    Mar 7, 2025 19:32:30.581379890 CET53567661.1.1.1192.168.2.6
                                                    Mar 7, 2025 19:32:33.374598980 CET6244453192.168.2.61.1.1.1
                                                    Mar 7, 2025 19:32:33.387696028 CET53624441.1.1.1192.168.2.6
                                                    Mar 7, 2025 19:32:44.695858002 CET5225453192.168.2.61.1.1.1
                                                    Mar 7, 2025 19:32:44.704216957 CET53522541.1.1.1192.168.2.6
                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Mar 7, 2025 19:32:30.570559978 CET192.168.2.61.1.1.10x6911Standard query (0)link.orai.ioA (IP address)IN (0x0001)false
                                                    Mar 7, 2025 19:32:33.374598980 CET192.168.2.61.1.1.10xf234Standard query (0)st3.proA (IP address)IN (0x0001)false
                                                    Mar 7, 2025 19:32:44.695858002 CET192.168.2.61.1.1.10xfdceStandard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false
                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Mar 7, 2025 19:31:43.427517891 CET1.1.1.1192.168.2.60xa818No error (0)ecs-office.s-0005.dual-s-msedge.nets-0005.dual-s-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                    Mar 7, 2025 19:31:43.427517891 CET1.1.1.1192.168.2.60xa818No error (0)s-0005.dual-s-msedge.net52.123.129.14A (IP address)IN (0x0001)false
                                                    Mar 7, 2025 19:31:43.427517891 CET1.1.1.1192.168.2.60xa818No error (0)s-0005.dual-s-msedge.net52.123.128.14A (IP address)IN (0x0001)false
                                                    Mar 7, 2025 19:32:30.581379890 CET1.1.1.1192.168.2.60x6911No error (0)link.orai.io104.26.0.139A (IP address)IN (0x0001)false
                                                    Mar 7, 2025 19:32:30.581379890 CET1.1.1.1192.168.2.60x6911No error (0)link.orai.io172.67.68.60A (IP address)IN (0x0001)false
                                                    Mar 7, 2025 19:32:30.581379890 CET1.1.1.1192.168.2.60x6911No error (0)link.orai.io104.26.1.139A (IP address)IN (0x0001)false
                                                    Mar 7, 2025 19:32:33.387696028 CET1.1.1.1192.168.2.60xf234No error (0)st3.pro5.161.200.29A (IP address)IN (0x0001)false
                                                    Mar 7, 2025 19:32:44.704216957 CET1.1.1.1192.168.2.60xfdceNo error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                    Mar 7, 2025 19:32:44.704216957 CET1.1.1.1192.168.2.60xfdceNo error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                    Mar 7, 2025 19:32:44.704216957 CET1.1.1.1192.168.2.60xfdceNo error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                    Mar 7, 2025 19:32:44.704216957 CET1.1.1.1192.168.2.60xfdceNo error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                    Mar 7, 2025 19:32:44.704216957 CET1.1.1.1192.168.2.60xfdceNo error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false
                                                    • link.orai.io
                                                    • st3.pro
                                                    • otelrules.svc.static.microsoft
                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.649695104.26.0.1394437148C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    TimestampBytes transferredDirectionData
                                                    2025-03-07 18:32:32 UTC251OUTGET /bDtOtA?&disaster=volatile&chipmunk=dizzy&alarm=observant&tutu HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Host: link.orai.io
                                                    Connection: Keep-Alive
                                                    2025-03-07 18:32:33 UTC1050INHTTP/1.1 302 Found
                                                    Date: Fri, 07 Mar 2025 18:32:33 GMT
                                                    Content-Type: text/plain; charset=utf-8
                                                    Content-Length: 45
                                                    Connection: close
                                                    X-DNS-Prefetch-Control: off
                                                    X-Frame-Options: SAMEORIGIN
                                                    Strict-Transport-Security: max-age=15552000
                                                    X-Download-Options: noopen
                                                    X-Content-Type-Options: nosniff
                                                    X-XSS-Protection: 1; mode=block
                                                    Location: https://st3.pro/nIpWB3U
                                                    Vary: Accept
                                                    tech: orai-aws-swarm
                                                    Host-Loaded: swarm
                                                    cf-cache-status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fr6%2FHWtBoz08LtyB6pDuBQl5RhNjX%2FNj9xYh%2B%2BygwKRzrceQ8jxADbw3tFM%2Bvqdhx5V29OGHPPODqhl2UzbE1oEr8e%2BYGEoNubErM70eNdRXc6wlSYeG0u5%2BX4d6Ig%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 91cc2d160c7ad6e1-IAD
                                                    server-timing: cfL4;desc="?proto=TCP&rtt=30702&min_rtt=28497&rtt_var=12010&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2811&recv_bytes=833&delivery_rate=102388&cwnd=218&unsent_bytes=0&cid=1985885ff7b32871&ts=568&x=0"
                                                    2025-03-07 18:32:33 UTC45INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 73 74 33 2e 70 72 6f 2f 6e 49 70 57 42 33 55
                                                    Data Ascii: Found. Redirecting to https://st3.pro/nIpWB3U


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.6496965.161.200.294437148C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    TimestampBytes transferredDirectionData
                                                    2025-03-07 18:32:35 UTC192OUTGET /nIpWB3U HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Connection: Keep-Alive
                                                    Host: st3.pro
                                                    2025-03-07 18:32:36 UTC397INHTTP/1.1 301 Moved Permanently
                                                    Content-Length: 38
                                                    Content-Type: text/plain; charset=utf-8
                                                    Date: Fri, 07 Mar 2025 18:32:35 GMT
                                                    Location: /404
                                                    Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                    Vary: Accept
                                                    X-Content-Type-Options: nosniff
                                                    X-Dns-Prefetch-Control: off
                                                    X-Download-Options: noopen
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Xss-Protection: 1; mode=block
                                                    Connection: close
                                                    2025-03-07 18:32:36 UTC38INData Raw: 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 34 30 34
                                                    Data Ascii: Moved Permanently. Redirecting to /404


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    2192.168.2.6496975.161.200.294437148C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    TimestampBytes transferredDirectionData
                                                    2025-03-07 18:32:38 UTC188OUTGET /404 HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                    Connection: Keep-Alive
                                                    Host: st3.pro
                                                    2025-03-07 18:32:39 UTC454INHTTP/1.1 404 Not Found
                                                    Content-Type: text/html; charset=utf-8
                                                    Date: Fri, 07 Mar 2025 18:32:38 GMT
                                                    Etag: "1225-4lR+8o8+z0M1Iq6OMuNgxAtPjT8"
                                                    Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                    Vary: Accept-Encoding
                                                    X-Content-Type-Options: nosniff
                                                    X-Dns-Prefetch-Control: off
                                                    X-Download-Options: noopen
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Powered-By: Next.js
                                                    X-Xss-Protection: 1; mode=block
                                                    Connection: close
                                                    Transfer-Encoding: chunked


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    3192.168.2.64969813.107.246.604437148C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    TimestampBytes transferredDirectionData
                                                    2025-03-07 18:32:48 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
                                                    Connection: Keep-Alive
                                                    Accept-Encoding: gzip
                                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                                    Host: otelrules.svc.static.microsoft
                                                    2025-03-07 18:32:49 UTC493INHTTP/1.1 200 OK
                                                    Date: Fri, 07 Mar 2025 18:32:48 GMT
                                                    Content-Type: text/plain
                                                    Content-Length: 1114783
                                                    Connection: close
                                                    Vary: Accept-Encoding
                                                    Cache-Control: public
                                                    Last-Modified: Thu, 06 Mar 2025 06:05:34 GMT
                                                    ETag: "0x8DD5C74E888C29E"
                                                    x-ms-request-id: 8d1420cc-e01e-003c-7f34-8fc70b000000
                                                    x-ms-version: 2018-03-28
                                                    x-azure-ref: 20250307T183248Z-r16856dc8582djbthC1BL1qhmn00000006dg000000017msk
                                                    x-fd-int-roxy-purgeid: 0
                                                    X-Cache: TCP_HIT
                                                    X-Cache-Info: L1_T2
                                                    Accept-Ranges: bytes
                                                    2025-03-07 18:32:49 UTC15891INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
                                                    Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
                                                    2025-03-07 18:32:49 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32
                                                    Data Ascii: /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C T="U32
                                                    2025-03-07 18:32:49 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 49 33 32
                                                    Data Ascii: </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C T="I32
                                                    2025-03-07 18:32:49 UTC16384INData Raw: 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                    Data Ascii: <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE"> <
                                                    2025-03-07 18:32:49 UTC16384INData Raw: 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54
                                                    Data Ascii: I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C> <S T
                                                    2025-03-07 18:32:49 UTC16384INData Raw: 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32 33 2d 30 61 66 39 2d
                                                    Data Ascii: coding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e23-0af9-
                                                    2025-03-07 18:32:49 UTC16384INData Raw: 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55
                                                    Data Ascii: "TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S> <C T="U
                                                    2025-03-07 18:32:49 UTC16384INData Raw: 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20
                                                    Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R> <V
                                                    2025-03-07 18:32:49 UTC16384INData Raw: 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70 74 69 6f 6e 22 3e 0d
                                                    Data Ascii: <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownException">
                                                    2025-03-07 18:32:49 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20
                                                    Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    4192.168.2.64970013.107.246.604437148C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    TimestampBytes transferredDirectionData
                                                    2025-03-07 18:32:56 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
                                                    Connection: Keep-Alive
                                                    Accept-Encoding: gzip
                                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                                    Host: otelrules.svc.static.microsoft
                                                    2025-03-07 18:32:57 UTC470INHTTP/1.1 200 OK
                                                    Date: Fri, 07 Mar 2025 18:32:57 GMT
                                                    Content-Type: text/xml
                                                    Content-Length: 204
                                                    Connection: close
                                                    Cache-Control: public, max-age=604800, immutable
                                                    Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                    ETag: "0x8DC582BB6C8527A"
                                                    x-ms-request-id: e0ebd78a-201e-000c-5ded-8c79c4000000
                                                    x-ms-version: 2018-03-28
                                                    x-azure-ref: 20250307T183257Z-r16856dc8588pzxthC1BL14kk00000000vm0000000013wpr
                                                    x-fd-int-roxy-purgeid: 0
                                                    X-Cache: TCP_HIT
                                                    Accept-Ranges: bytes
                                                    2025-03-07 18:32:57 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    5192.168.2.64969913.107.246.604437148C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    TimestampBytes transferredDirectionData
                                                    2025-03-07 18:32:56 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
                                                    Connection: Keep-Alive
                                                    Accept-Encoding: gzip
                                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                                    Host: otelrules.svc.static.microsoft
                                                    2025-03-07 18:32:57 UTC515INHTTP/1.1 200 OK
                                                    Date: Fri, 07 Mar 2025 18:32:57 GMT
                                                    Content-Type: text/xml
                                                    Content-Length: 2128
                                                    Connection: close
                                                    Vary: Accept-Encoding
                                                    Cache-Control: public, max-age=604800, immutable
                                                    Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                    ETag: "0x8DC582BA41F3C62"
                                                    x-ms-request-id: 723ff88d-401e-002a-2e1e-8dc62e000000
                                                    x-ms-version: 2018-03-28
                                                    x-azure-ref: 20250307T183257Z-r16856dc858qfqw7hC1BL129n80000000vn000000000vvpv
                                                    x-fd-int-roxy-purgeid: 0
                                                    X-Cache: TCP_HIT
                                                    X-Cache-Info: L1_T2
                                                    Accept-Ranges: bytes
                                                    2025-03-07 18:32:57 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
                                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


                                                    050100s020406080100

                                                    Click to jump to process

                                                    050100s0.0050100150MB

                                                    Click to jump to process

                                                    • File
                                                    • Registry

                                                    Click to dive into process behavior distribution

                                                    Target ID:0
                                                    Start time:13:31:34
                                                    Start date:07/03/2025
                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                    Imagebase:0xde0000
                                                    File size:53'161'064 bytes
                                                    MD5 hash:4A871771235598812032C822E6F68F19
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                    Target ID:6
                                                    Start time:13:32:40
                                                    Start date:07/03/2025
                                                    Path:C:\Windows\splwow64.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\splwow64.exe 12288
                                                    Imagebase:0x7ff7b41c0000
                                                    File size:163'840 bytes
                                                    MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                    Target ID:9
                                                    Start time:13:33:02
                                                    Start date:07/03/2025
                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Purchase Order.xla.xlsx"
                                                    Imagebase:0xde0000
                                                    File size:53'161'064 bytes
                                                    MD5 hash:4A871771235598812032C822E6F68F19
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                    No disassembly