Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
PURCHASE ORDER 5172025.xla.xlsx

Overview

General Information

Sample name:PURCHASE ORDER 5172025.xla.xlsx
Analysis ID:1648272
MD5:42ad657229b182e1e3d922663fcd6fb5
SHA1:512fd99e3b8aa2625e9fb3ac2dd4a6e7c2fff996
SHA256:fccb42f6351784b5530b26c97ef1d2011637ca62273324ff22d9e35657741dc7
Tags:xlaxlsxuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Excel sheet contains many unusual embedded objects
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 7272 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 6124 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • EXCEL.EXE (PID: 3100 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PURCHASE ORDER 5172025.xla.xlsx" MD5: 4A871771235598812032C822E6F68F19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 162.19.137.157, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 7272, Protocol: tcp, SourceIp: 192.168.2.11, SourceIsIpv6: false, SourcePort: 49715
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.11, DestinationIsIpv6: false, DestinationPort: 49715, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 7272, Protocol: tcp, SourceIp: 162.19.137.157, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-25T17:44:57.152184+010020283713Unknown Traffic192.168.2.114971813.107.246.40443TCP
2025-03-25T17:45:12.504492+010020283713Unknown Traffic192.168.2.114972113.107.246.40443TCP
2025-03-25T17:45:12.608599+010020283713Unknown Traffic192.168.2.114972013.107.246.40443TCP

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: PURCHASE ORDER 5172025.xla.xlsxVirustotal: Detection: 31%Perma Link
Source: PURCHASE ORDER 5172025.xla.xlsxReversingLabs: Detection: 30%
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 162.19.137.157:443 -> 192.168.2.11:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.11:49718 version: TLS 1.2
Source: global trafficDNS query: name: t.emobility.energy
Source: global trafficDNS query: name: otelrules.svc.static.microsoft
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49715
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49715
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49715
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49715
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49715
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49715
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49715
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49715
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49715 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49715
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49716
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49716
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49716
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49716
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49716
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49716
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49716
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49716
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49716
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 162.19.137.157:443 -> 192.168.2.11:49716
Source: global trafficTCP traffic: 192.168.2.11:49716 -> 162.19.137.157:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49718 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49718
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49720
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49721
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49720
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49721
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49721
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49721
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49721
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49720
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49720
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49720
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49721
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49721
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49721
Source: global trafficTCP traffic: 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49721
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49720
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49720
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49720
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49720
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49720
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 192.168.2.11:49720 -> 13.107.246.40:443
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49720
Source: global trafficTCP traffic: 13.107.246.40:443 -> 192.168.2.11:49720
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 162.19.137.157 162.19.137.157
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49720 -> 13.107.246.40:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49718 -> 13.107.246.40:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49721 -> 13.107.246.40:443
Source: global trafficHTTP traffic detected: GET /xRfBGK?&designer=glossy HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: t.emobility.energyConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /404 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: t.emobility.energyConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /xRfBGK?&designer=glossy HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: t.emobility.energyConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /404 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: t.emobility.energyConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficDNS traffic detected: DNS query: t.emobility.energy
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 25 Mar 2025 16:44:45 GMTServer: Apache/2.4.62 (Debian)X-DNS-Prefetch-Control: offX-Frame-Options: SAMEORIGINStrict-Transport-Security: max-age=15552000; includeSubDomainsX-Download-Options: noopenX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-Powered-By: Next.jsETag: "1225-4lR+8o8+z0M1Iq6OMuNgxAtPjT8"Content-Type: text/html; charset=utf-8Content-Length: 4645Vary: Accept-EncodingAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, AcceptConnection: close
Source: PURCHASE ORDER 5172025.xla.xlsx, 97030000.0.drString found in binary or memory: https://t.emobility.energy/xRfBGK?&designer=glossy
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownHTTPS traffic detected: 162.19.137.157:443 -> 192.168.2.11:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.11:49718 version: TLS 1.2

System Summary

barindex
Source: PURCHASE ORDER 5172025.xla.xlsxOLE: Microsoft Excel 2007+
Source: ~DF1684C8F0DF3BB321.TMP.0.drOLE: Microsoft Excel 2007+
Source: 97030000.0.drOLE: Microsoft Excel 2007+
Source: PURCHASE ORDER 5172025.xla.xlsxOLE indicator, VBA macros: true
Source: PURCHASE ORDER 5172025.xla.xlsxStream path 'MBD009B3F21/\x1Ole' : https://t.emobility.energy/xRfBGK?&designer=glossyuf{iPFLc##I+"K~Q$X3"`T,ljD</|9./B{mhwnI|y;_los0#5K8@G{uz?;oFDW/uTH92JZO06YnjCbFqyeGj38t7wLWqtBukXDhxa2mJxg27REX1R3GJsJDxJoQVRw2Wmolam3lR45N9bKOCW6jCDEWi6tlJk6Q2cV3qZJ2lQLTq3HOR6tg1OYcYCTpiDfWzH4hsu7WOtJBhVMfrqcsfxLqePKuFnt4qoHUP6ZrR21MeoHmS2iQTsX330dIzT1Wz19OPkHDqAcmnMVuz1oDDN((|Ht^8*P}N[)
Source: 97030000.0.drStream path 'MBD009B3F21/\x1Ole' : https://t.emobility.energy/xRfBGK?&designer=glossyuf{iPFLc##I+"K~Q$X3"`T,ljD</|9./B{mhwnI|y;_los0#5K8@G{uz?;oFDW/uTH92JZO06YnjCbFqyeGj38t7wLWqtBukXDhxa2mJxg27REX1R3GJsJDxJoQVRw2Wmolam3lR45N9bKOCW6jCDEWi6tlJk6Q2cV3qZJ2lQLTq3HOR6tg1OYcYCTpiDfWzH4hsu7WOtJBhVMfrqcsfxLqePKuFnt4qoHUP6ZrR21MeoHmS2iQTsX330dIzT1Wz19OPkHDqAcmnMVuz1oDDN((|Ht^8*P}N[)
Source: ~DF1684C8F0DF3BB321.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEWindow title found: microsoft excel okexcel cannot open the file 'purchase order 5172025.xla.xlsx' because the file format or file extension is not valid. verify that the file has not been corrupted and that the file extension matches the format of the file.
Source: classification engineClassification label: mal52.winXLSX@4/9@2/2
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$PURCHASE ORDER 5172025.xla.xlsxJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{BBCA15A4-6F6B-423A-8ABE-EC6239AAA1CF} - OProcSessId.datJump to behavior
Source: PURCHASE ORDER 5172025.xla.xlsxOLE indicator, Workbook stream: true
Source: 97030000.0.drOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: PURCHASE ORDER 5172025.xla.xlsxVirustotal: Detection: 31%
Source: PURCHASE ORDER 5172025.xla.xlsxReversingLabs: Detection: 30%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PURCHASE ORDER 5172025.xla.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: PURCHASE ORDER 5172025.xla.xlsxStatic file information: File size 1454592 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: ~DF1684C8F0DF3BB321.TMP.0.drInitial sample: OLE indicators vbamacros = False
Source: PURCHASE ORDER 5172025.xla.xlsxInitial sample: OLE indicators encrypted = True
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: PURCHASE ORDER 5172025.xla.xlsxStream path 'MBD009B3F20/Package' entropy: 7.99670130113 (max. 8.0)
Source: PURCHASE ORDER 5172025.xla.xlsxStream path 'Workbook' entropy: 7.99487746699 (max. 8.0)
Source: ~DF1684C8F0DF3BB321.TMP.0.drStream path 'Package' entropy: 7.99543103855 (max. 8.0)
Source: 97030000.0.drStream path 'MBD009B3F20/Package' entropy: 7.99543103855 (max. 8.0)
Source: 97030000.0.drStream path 'Workbook' entropy: 7.99773147373 (max. 8.0)
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 1009Jump to behavior
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts3
Exploitation for Client Execution		1
Scripting		1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1648272 Sample: PURCHASE ORDER 5172025.xla.xlsx Startdate: 25/03/2025 Architecture: WINDOWS Score: 52 17 t.emobility.energy 2->17 19 star-azurefd-prod.trafficmanager.net 2->19 21 5 other IPs or domains 2->21 27 Multi AV Scanner detection for submitted file 2->27 29 Excel sheet contains many unusual embedded objects 2->29 7 EXCEL.EXE 230 75 2->7         started        11 EXCEL.EXE 58 47 2->11         started        signatures3 process4 dnsIp5 23 s-part-0012.t-0009.t-msedge.net 13.107.246.40, 443, 49718, 49720 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 7->23 25 host1.emobility.energy 162.19.137.157, 443, 49715, 49716 CENTURYLINK-US-LEGACY-QWESTUS United States 7->25 15 C:\...\~$PURCHASE ORDER 5172025.xla.xlsx, data 7->15 dropped 13 splwow64.exe 1 7->13         started        file6 process7

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PURCHASE ORDER 5172025.xla.xlsx31%VirustotalBrowse
PURCHASE ORDER 5172025.xla.xlsx31%ReversingLabsWin32.Exploit.CVE-2017-0199

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://t.emobility.energy/xRfBGK?&designer=glossy0%Avira URL Cloudsafe
https://t.emobility.energy/4040%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0012.t-0009.t-msedge.net
13.107.246.40
truefalse
    		high
    bg.microsoft.map.fastly.net
    		199.232.210.172
    		truefalse
      		high
      host1.emobility.energy
      		162.19.137.157
      		truefalse
        		high
        s-0005.dual-s-msedge.net
        		52.123.129.14
        		truefalse
          		high
          otelrules.svc.static.microsoft
          		unknown
          		unknownfalse
            		high
            t.emobility.energy
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://otelrules.svc.static.microsoft/rules/excel.exe-Production-v19.bundlefalse
                		high
                https://t.emobility.energy/404false
                • Avira URL Cloud: safe
                		unknown
                https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
                  		high
                  https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                    		high
                    https://t.emobility.energy/xRfBGK?&designer=glossyfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    13.107.246.40
                    		s-part-0012.t-0009.t-msedge.netUnited States
                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    162.19.137.157
                    		host1.emobility.energyUnited States
                    		209CENTURYLINK-US-LEGACY-QWESTUSfalse

                    General Information

                    Joe Sandbox version:42.0.0 Malachite
                    Analysis ID:1648272
                    Start date and time:2025-03-25 17:42:37 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 5m 26s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsofficecookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:17
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • GSI enabled (VBA)
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:PURCHASE ORDER 5172025.xla.xlsx
                    Detection:MAL
                    Classification:mal52.winXLSX@4/9@2/2
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • Found application associated with file extension: .xlsx
                    • Found Word or Excel or PowerPoint or XPS Viewer
                    • Attach to Office via COM
                    • Active ActiveX Object
                    • Active ActiveX Object
                    • Scroll down
                    • Close Viewer
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 52.109.8.89, 184.31.69.3, 52.109.6.63, 199.232.210.172, 20.42.65.88, 52.109.0.91, 20.189.173.23, 52.123.129.14, 172.202.163.200, 40.126.24.149
                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, cus-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, eus2-azsc-000.roaming.officeapps.live.com, osiprod-eus2-buff-azsc-000.eastus2.cloudapp.azure.com, mobile.events.data.microsoft.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, login.live.com, wus-azsc-config.officeapps.live.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, c.pki.goog, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprdeus08.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, fe3cr.delivery.mp.microsoft.com, us1.roaming1.live.com.akadns.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, ecs.office.tr
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtCreateKey calls found.
                    • Report size getting too big, too many NtOpenFile calls found.
                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadFile calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    12:44:51API Interceptor1067x Sleep call for process: splwow64.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                    • www.aib.gov.uk/
                    NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                    • 2s.gg/3zs
                    PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                    • 2s.gg/42Q
                    06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                    • 2s.gg/3zk
                    Quotation.xlsGet hashmaliciousUnknownBrowse
                    • 2s.gg/3zM
                    162.19.137.157Untitled_20250325.docx.docGet hashmaliciousUnknownBrowse
                      Untitled_20250325.docx.docGet hashmaliciousUnknownBrowse
                        PURCHASE ORDER 5172025.xla.xlsxGet hashmaliciousUnknownBrowse
                          BL 248436935 CNTR MRKU9180226.docx.docGet hashmaliciousUnknownBrowse
                            PURCHASE ORDER 5172025.xla.xlsxGet hashmaliciousUnknownBrowse
                              BL 248436935 CNTR MRKU9180226.docx.docGet hashmaliciousUnknownBrowse
                                PURCHASE ORDER 5172025.xla.xlsxGet hashmaliciousUnknownBrowse
                                  SecuriteInfo.com.Other.Malware-gen.24773.2907.xlsxGet hashmaliciousUnknownBrowse
                                    SecuriteInfo.com.Other.Malware-gen.24773.2907.xlsxGet hashmaliciousUnknownBrowse
                                      SecuriteInfo.com.Other.Malware-gen.24773.2907.xlsxGet hashmaliciousUnknownBrowse

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        s-0005.dual-s-msedge.netPurchase Order 40360414.docGet hashmaliciousUnknownBrowse
                                        • 52.123.128.14
                                        PURCHASE ORDER 420-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 52.123.129.14
                                        Shitstain.exeGet hashmaliciousAnarchyGrabber, AsyncRAT, DBatLoader, Discord Token Stealer, FritzFrog, HawkEye, LokibotBrowse
                                        • 52.123.128.14
                                        25 03 2025 Legal Notice Presentation.pptxGet hashmaliciousUnknownBrowse
                                        • 52.123.129.14
                                        25 03 2025 Legal Notice Presentation.pptxGet hashmaliciousUnknownBrowse
                                        • 52.123.128.14
                                        Review requested on PROJECT_PROPOSAL_Mutual_NDA_25.03.25_PDF (107Ko).msgGet hashmaliciousUnknownBrowse
                                        • 52.123.129.14
                                        Ordersheet_NanshaGA-012.docxGet hashmaliciousUnknownBrowse
                                        • 52.123.128.14
                                        Overdue Invoice 93589 (672Ko).msgGet hashmaliciousUnknownBrowse
                                        • 52.123.128.14
                                        suspectTelling clean needful (78.2 KB).msgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                        • 52.123.129.14
                                        https://1drv.ms/o/c/8fc032da5fada757/EgEHU26Ga4FAl_1Su2lfpkUBqQItqpp0mP4_5cipPDmMcg?e=PyJVMiGet hashmaliciousUnknownBrowse
                                        • 52.123.129.14
                                        bg.microsoft.map.fastly.netPURCHASE ORDER 420-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 199.232.210.172
                                        Shitstain.exeGet hashmaliciousAnarchyGrabber, AsyncRAT, DBatLoader, Discord Token Stealer, FritzFrog, HawkEye, LokibotBrowse
                                        • 199.232.210.172
                                        kmsauto++v1.6.4.exeGet hashmaliciousUnknownBrowse
                                        • 199.232.214.172
                                        Invoice Number INV132146-1.pdfGet hashmaliciousUnknownBrowse
                                        • 199.232.214.172
                                        quotation_1.xlsxGet hashmaliciousUnknownBrowse
                                        • 199.232.214.172
                                        PAD_[2025-03-24_120914].pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                        • 199.232.210.172
                                        Fatura-03-2025.pdfGet hashmaliciousUnknownBrowse
                                        • 199.232.214.172
                                        SecuriteInfo.com.FileRepMalware.14590.30096.exeGet hashmaliciousUnknownBrowse
                                        • 199.232.210.172
                                        SecuriteInfo.com.Win64.MalwareX-gen.20318.27750.exeGet hashmaliciousUnknownBrowse
                                        • 199.232.214.172
                                        host1.emobility.energyUntitled_20250325.docx.docGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        Untitled_20250325.docx.docGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        PURCHASE ORDER 5172025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        BL 248436935 CNTR MRKU9180226.docx.docGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        PURCHASE ORDER 5172025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        BL 248436935 CNTR MRKU9180226.docx.docGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        PURCHASE ORDER 5172025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        SecuriteInfo.com.Other.Malware-gen.24773.2907.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        SecuriteInfo.com.Other.Malware-gen.24773.2907.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        SecuriteInfo.com.Other.Malware-gen.24773.2907.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        s-part-0012.t-0009.t-msedge.netPURCHASE ORDER 420-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 13.107.246.40
                                        http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.comGet hashmaliciousHTMLPhisherBrowse
                                        • 13.107.246.40
                                        AliareV0.1.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                        • 13.107.246.40
                                        Review requested on PROJECT_PROPOSAL_Mutual_NDA_25.03.25_PDF (107Ko).msgGet hashmaliciousUnknownBrowse
                                        • 13.107.246.40
                                        https://x.to0wfnubykn8.ru/hjkewtr/hgjtyu.htmlGet hashmaliciousUnknownBrowse
                                        • 13.107.246.40
                                        https://app.heptabase.com/w/9572b61a878f03208943512867a816847d4d23b4f7ccb0a7fe97bab5d1ad7da7Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                        • 13.107.246.40
                                        Invoice_charles.mesquita_PaymentUpdate.htmlGet hashmaliciousHTMLPhisherBrowse
                                        • 13.107.246.40
                                        https://1drv.ms/o/c/8fc032da5fada757/EgEHU26Ga4FAl_1Su2lfpkUBqQItqpp0mP4_5cipPDmMcg?e=PyJVMiGet hashmaliciousUnknownBrowse
                                        • 13.107.246.40
                                        http://loginmlcrosoftonline365greatbear.co.uk.verifyex.com/cache/css?email=richard.moorhouse@greatbear.co.ukGet hashmaliciousHTMLPhisherBrowse
                                        • 13.107.246.40
                                        quotation_1.xlsxGet hashmaliciousUnknownBrowse
                                        • 13.107.246.40

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        CENTURYLINK-US-LEGACY-QWESTUSarm7.elfGet hashmaliciousOkiruBrowse
                                        • 97.112.45.135
                                        https://promo-offer.site/tnf_ptGet hashmaliciousUnknownBrowse
                                        • 162.19.138.82
                                        https://antiphishing.vadesecure.com/v4?f=NFZ1OXFVNUpJaXhxbWN3aw79TqTxGVr5HS_rj8xy-Dtt3WuOYgiNsT7kSrCL4neS&i=dnZZY1BRdGVud2p5a3J2MkXgKVQslibyjliaROaA9Kc&k=ylKZ&r=eVhRazAzQWpzQlVhVVRabfl7Btopt7tCs6Jhtvvo_JQliQyVoVTnThNthFfLLOv7XziSix9lmqfR7qqdZtpsOw&s=427052c2cb55a4ea4f9c70929c499bda58414514c5d12af8c66341946b20b817&u=https%3A%2F%2Fzmk5ybt5uw.us-east-1.awsapprunner.com%2F%23Xavier.Regnault%40chantiers-atlantique.comGet hashmaliciousHTMLPhisherBrowse
                                        • 162.19.59.195
                                        Untitled_20250325.docx.docGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        Untitled_20250325.docx.docGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        PURCHASE ORDER 5172025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        BL 248436935 CNTR MRKU9180226.docx.docGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        PURCHASE ORDER 5172025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        BL 248436935 CNTR MRKU9180226.docx.docGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        PURCHASE ORDER 5172025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        MICROSOFT-CORP-MSN-AS-BLOCKUSPURCHASE ORDER 420-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 13.107.246.40
                                        arm.elfGet hashmaliciousGafgyt, OkiruBrowse
                                        • 20.192.11.71
                                        ppc.elfGet hashmaliciousOkiruBrowse
                                        • 40.122.145.102
                                        m68k.elfGet hashmaliciousGafgyt, OkiruBrowse
                                        • 51.120.229.61
                                        x86.elfGet hashmaliciousOkiruBrowse
                                        • 20.36.42.212
                                        82#U0576.exeGet hashmaliciousUnknownBrowse
                                        • 40.126.29.15
                                        http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.comGet hashmaliciousHTMLPhisherBrowse
                                        • 13.107.246.72
                                        AliareV0.1.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                        • 13.107.246.38
                                        https://promo-offer.site/tnf_ptGet hashmaliciousUnknownBrowse
                                        • 13.107.42.14
                                        Review requested on PROJECT_PROPOSAL_Mutual_NDA_25.03.25_PDF (107Ko).msgGet hashmaliciousUnknownBrowse
                                        • 20.190.152.19

                                        JA3 Fingerprints

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        6271f898ce5be7dd52b0fc260d0662b3PURCHASE ORDER 420-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        PURCHASE ORDER 5172025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        PURCHASE ORDER 5172025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        SecuriteInfo.com.Other.Malware-gen.24773.2907.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        SecuriteInfo.com.Other.Malware-gen.24773.2907.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        PRE#U00c7O - RFQ 674441-76450.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        PRE#U00c7O - RFQ 674441-76450.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        Medical GmbH Order.xlsGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        Medical GmbH Order.xlsGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        Quotation.xlsGet hashmaliciousUnknownBrowse
                                        • 162.19.137.157
                                        a0e9f5d64349fb13191bc781f81f42e1PURCHASE ORDER 420-2025.xla.xlsxGet hashmaliciousUnknownBrowse
                                        • 13.107.246.40
                                        temp_error_logs.scr.exeGet hashmaliciousUnknownBrowse
                                        • 13.107.246.40
                                        temp_error_logs.scr.exeGet hashmaliciousUnknownBrowse
                                        • 13.107.246.40
                                        ASIr1Bo2x9.exeGet hashmaliciousLummaC StealerBrowse
                                        • 13.107.246.40
                                        ySTYvI9Pvk.exeGet hashmaliciousLummaC StealerBrowse
                                        • 13.107.246.40
                                        6aOM10d2pR.exeGet hashmaliciousLummaC StealerBrowse
                                        • 13.107.246.40
                                        Ec0AgD2t1q.exeGet hashmaliciousDarkVision RatBrowse
                                        • 13.107.246.40
                                        750413b4e6897a671bc759e04597952a0be747830189873b.xlsm.1.ps1Get hashmaliciousLummaC StealerBrowse
                                        • 13.107.246.40
                                        quotation_1.xlsxGet hashmaliciousUnknownBrowse
                                        • 13.107.246.40
                                        Untitled_20250325.docx.docGet hashmaliciousUnknownBrowse
                                        • 13.107.246.40

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):118
                                        Entropy (8bit):3.5700810731231707
                                        Encrypted:false
                                        SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                        MD5:573220372DA4ED487441611079B623CD
                                        SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                        SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                        SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                        Malicious:false
                                        Reputation:high, very likely benign file
                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                        C:\Users\user\AppData\Local\Temp\F07FEC48.tmp

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):820
                                        Entropy (8bit):2.7159862044217853
                                        Encrypted:false
                                        SSDEEP:24:YIrNyk+vpKAzH5wcfHGFAAJp9WtAZRJ5poIHWI:Ymt+RfzHuc8AAJtfJ52IHV
                                        MD5:4C216BA54D1A1E057DBD017884BCAE68
                                        SHA1:04F6A2A122C952A6EE4E54FDB8185D4052074B21
                                        SHA-256:80AB97552897B6DD6B37DC244018756D8FE893435AA360A26BFF8E6560D81E9C
                                        SHA-512:1F5F905260B372F9AEE7B6E574F0F427A85F74F30AB90B2CBF7847462A437C8907BDCA33D54260F685AEC64CC53E3241E37A8D6999AB01138C08DB2B39FF7371
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.2.5.5.0.5.0.8.8.,.1.2.5.,.1.1.9.,.7.0.0.9.9.8.4.,.3.0.0.4.9.2.6.8.,.;.3.2.9.4.5.8.7.9.9.,.3.7.4.6.3.7.8.,.6.3.6.4.3.3.4.,.1.1.1.1.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.6.3.6.4.3.3.7.,.1.0.0.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.3.2.0.5.9.2.7.6.7.,.

                                        C:\Users\user\AppData\Local\Temp\~DF1684C8F0DF3BB321.TMP

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        File Type:Composite Document File V2 Document, Cannot read section info
                                        Category:dropped
                                        Size (bytes):1188864
                                        Entropy (8bit):7.963392674719262
                                        Encrypted:false
                                        SSDEEP:24576:IEd4WelSkLew+Zgsi5QO3UqCK12ADjJzUWhnlC0382uHBt:XXeHlQO3gKYADjJphc2uHB
                                        MD5:EDCE78C8E616FE041D7D603458A12D68
                                        SHA1:F20DA398C13389FB268647A72C3C915BC246F789
                                        SHA-256:52EC3D52DB84FC261A63367151E604B1FE27EB666A628DAB26ED507EDD63813F
                                        SHA-512:0D6E076129F23FCA87E9B5622D479D316889AABEA42E28E308EFEDC1377A4DDCA312D899CEA2024A8E1B134BDB4036CAA3E8BC319D738F0B96035F1D835752F5
                                        Malicious:false
                                        Reputation:low
                                        Preview:......................>...................:........................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...........................................................................................................................................................................................................................................................................................................................................................................................................................................................<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                        C:\Users\user\AppData\Local\Temp\~DF6A564F7D9EDB4FC5.TMP

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):512
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:3::
                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                        Malicious:false
                                        Reputation:high, very likely benign file
                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\~DFBA35A92DCC8B8D7F.TMP

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1175552
                                        Entropy (8bit):7.968762965968398
                                        Encrypted:false
                                        SSDEEP:24576:wEd4WelSkLew+Zgsi5QO3UqCK12ADjJzUWhnlC0382uHBt:vXeHlQO3gKYADjJphc2uHB
                                        MD5:DE965A48A67CFEDDE101AE4E3CBFD22A
                                        SHA1:31851A3728D03FAE12DCA06CFACA9346974CD0AD
                                        SHA-256:B327BE0B30551A013004CA7E570BA37FD0C7726C3B6B1F451FBB90715DD729DF
                                        SHA-512:EA501528EC34C28D9A9C31A7829F62D5E1BA85868C6EEF56AC3301E9BD0A3C5A98B9223B909B12CEA7CBAECD6A63AB16B63FD21A19061EB063335E53E8B3CC6A
                                        Malicious:false
                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\Desktop\97030000

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Mar 25 16:45:07 2025, Security: 1
                                        Category:dropped
                                        Size (bytes):1397248
                                        Entropy (8bit):7.988541835939492
                                        Encrypted:false
                                        SSDEEP:24576:pEd4WelSkLew+Zgsi5QO3UqCK12ADjJzUWhnlC0382uHBtHd01Xj23:WXeHlQO3gKYADjJphc2uHBkXjm
                                        MD5:6D83D97CDC0D3117ADC99395676CB3B9
                                        SHA1:FC33BC9D77A5B70A134775242FADC672B36048E1
                                        SHA-256:05B8A069A69A628346776E454791D06B0B56F81B0258A9372A1751E86805B5AF
                                        SHA-512:7A322FDB4C596D6EB17FEB9B6C3AFBF2FC1006BD425161ABF52C1CC777459B5435590F54AE1865AA795BCF8A75613F748EA8E0D60E163A07BD054759C167790C
                                        Malicious:false
                                        Preview:......................>...............................................................................................................................n.......p........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                        C:\Users\user\Desktop\97030000:Zone.Identifier

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):26
                                        Entropy (8bit):3.95006375643621
                                        Encrypted:false
                                        SSDEEP:3:ggPYV:rPYV
                                        MD5:187F488E27DB4AF347237FE461A079AD
                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                        Malicious:false
                                        Preview:[ZoneTransfer]....ZoneId=0

                                        C:\Users\user\Desktop\PURCHASE ORDER 5172025.xla.xls (copy)

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Mar 25 16:45:07 2025, Security: 1
                                        Category:dropped
                                        Size (bytes):1397248
                                        Entropy (8bit):7.988541835939492
                                        Encrypted:false
                                        SSDEEP:24576:pEd4WelSkLew+Zgsi5QO3UqCK12ADjJzUWhnlC0382uHBtHd01Xj23:WXeHlQO3gKYADjJphc2uHBkXjm
                                        MD5:6D83D97CDC0D3117ADC99395676CB3B9
                                        SHA1:FC33BC9D77A5B70A134775242FADC672B36048E1
                                        SHA-256:05B8A069A69A628346776E454791D06B0B56F81B0258A9372A1751E86805B5AF
                                        SHA-512:7A322FDB4C596D6EB17FEB9B6C3AFBF2FC1006BD425161ABF52C1CC777459B5435590F54AE1865AA795BCF8A75613F748EA8E0D60E163A07BD054759C167790C
                                        Malicious:false
                                        Preview:......................>...............................................................................................................................n.......p........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                        C:\Users\user\Desktop\~$PURCHASE ORDER 5172025.xla.xlsx

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):165
                                        Entropy (8bit):1.3801032810853697
                                        Encrypted:false
                                        SSDEEP:3:UvNFiKVMNv:UvNsKVkv
                                        MD5:9AA76EF018A0F672FA8DF9799D834C34
                                        SHA1:75B4E1ADC263E4F966CAD3ECA3A2C84638CA525E
                                        SHA-256:ED0F89EA4BAE07B1876B61240D06D56CDDB5CE83EF10E41F68142378CB750B77
                                        SHA-512:6A8AF40C8225E60E652BCCB7D7E7FF03A8A014A7AC782D620AA6120B134213D4A4E279EF0005FCCBA513E85785E7CF6EA42422A6E936F4F690E47D0AAD11AA77
                                        Malicious:true
                                        Preview:.user ..t.o.t.t.i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                        Static File Info

                                        General

                                        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Mar 25 07:09:34 2025, Security: 1
                                        Entropy (8bit):7.986081681596128
                                        TrID:
                                        • Microsoft Excel sheet (30009/1) 47.99%
                                        • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                        • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                        File name:PURCHASE ORDER 5172025.xla.xlsx
                                        File size:1'454'592 bytes
                                        MD5:42ad657229b182e1e3d922663fcd6fb5
                                        SHA1:512fd99e3b8aa2625e9fb3ac2dd4a6e7c2fff996
                                        SHA256:fccb42f6351784b5530b26c97ef1d2011637ca62273324ff22d9e35657741dc7
                                        SHA512:f3d481f9acc3e5c6ca99245addc7f2d97eef3c7984536daf239220b8dd892215b220811613f8f9440f18b2e38f5afc8f2679b567fba2524bd9b1c4e558d72762
                                        SSDEEP:24576:OVxQ0LlWyd9Wq+ku+k0mkHeongDxUmPAeUKRq+RO5u8MP28QydFq6T/lokScRe:OVW080QfkuMrHWxbAZKRq+RZ8A28Qg/B
                                        TLSH:B8652341FC15BB4AD9D92436A6F2F82A0354DDD2BA14C5237356B32F72BBBB06183724
                                        File Content Preview:........................>.......................................................................................................................................}..............................................................................................

                                        File Icon

                                        Icon Hash:35e58a8c0c8a85b9

                                        Static OLE Info

                                        General

                                        Document Type:OLE
                                        Number of OLE Files:1

                                        OLE File "PURCHASE ORDER 5172025.xla.xlsx"

                                        Indicators
                                        Has Summary Info:
                                        Application Name:Microsoft Excel
                                        Encrypted Document:True
                                        Contains Word Document Stream:False
                                        Contains Workbook/Book Stream:True
                                        Contains PowerPoint Document Stream:False
                                        Contains Visio Document Stream:False
                                        Contains ObjectPool Stream:False
                                        Flash Objects Count:0
                                        Contains VBA Macros:True
                                        Summary
                                        Code Page:1252
                                        Author:
                                        Last Saved By:
                                        Create Time:2006-09-16 00:00:00
                                        Last Saved Time:2025-03-25 07:09:34
                                        Creating Application:Microsoft Excel
                                        Security:1
                                        Document Summary
                                        Document Code Page:1252
                                        Thumbnail Scaling Desired:False
                                        Contains Dirty Links:False
                                        Shared Document:False
                                        Changed Hyperlinks:False
                                        Application Version:786432
                                        General
                                        Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                        VBA File Name:Sheet1.cls
                                        Stream Size:977
                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0
                                        Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e8 fc 93 36 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                        VBA Code
                                        Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                        General
                                        Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                        VBA File Name:Sheet2.cls
                                        Stream Size:977
                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I - . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                        Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e8 fc 49 2d 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                        VBA Code
                                        Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                        General
                                        Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                        VBA File Name:Sheet3.cls
                                        Stream Size:977
                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                        Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e8 fc 15 02 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                        VBA Code
                                        Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                        General
                                        Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                        VBA File Name:ThisWorkbook.cls
                                        Stream Size:985
                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . f . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0
                                        Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e8 fc 66 f5 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                        VBA Code
                                        Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                        General
                                        Stream Path:\x1CompObj
                                        CLSID:
                                        File Type:data
                                        Stream Size:114
                                        Entropy:4.25248375192737
                                        Base64 Encoded:True
                                        Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                        Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                        General
                                        Stream Path:\x5DocumentSummaryInformation
                                        CLSID:
                                        File Type:data
                                        Stream Size:244
                                        Entropy:2.889430592781307
                                        Base64 Encoded:False
                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                        Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                        General
                                        Stream Path:\x5SummaryInformation
                                        CLSID:
                                        File Type:data
                                        Stream Size:200
                                        Entropy:3.2503503175049815
                                        Base64 Encoded:False
                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . T . . . . . . . . .
                                        Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                        General
                                        Stream Path:MBD009B3F20/\x1CompObj
                                        CLSID:
                                        File Type:data
                                        Stream Size:99
                                        Entropy:3.631242196770981
                                        Base64 Encoded:False
                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                                        Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                        General
                                        Stream Path:MBD009B3F20/Package
                                        CLSID:
                                        File Type:Microsoft Excel 2007+
                                        Stream Size:1295689
                                        Entropy:7.996701301127075
                                        Base64 Encoded:True
                                        Data ASCII:P K . . . . . . . . . . ! . w 1 . . . . j . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                        Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 77 31 d5 0e e3 01 00 00 6a 08 00 00 13 00 cd 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c9 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                        General
                                        Stream Path:MBD009B3F21/\x1Ole
                                        CLSID:
                                        File Type:data
                                        Stream Size:788
                                        Entropy:5.291239637953238
                                        Base64 Encoded:False
                                        Data ASCII:. . . . . . d . ] . . . . . . . . . . . . . . . . . y . . . K . . . . . h . t . t . p . s . : . / . / . t . . . e . m . o . b . i . l . i . t . y . . . e . n . e . r . g . y . / . x . R . f . B . G . K . ? . & . d . e . s . i . g . n . e . r . = . g . l . o . s . s . y . . . . u . f . { i P . F L c # # . I + . . " . K ~ Q $ X . 3 . " ` T , . l j D < / | . 9 . . / B { m h . w n I . | y ; _ l o s 0 # . 5 K 8 @ G { u z . ? ; o F . D W / . u . . . . . . . . . . . . . . . . . . . . . T . H . 9 . 2 . J . Z . O .
                                        Data Raw:01 00 00 02 1b 9b 05 64 00 5d 8e 13 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 04 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 74 00 2e 00 65 00 6d 00 6f 00 62 00 69 00 6c 00 69 00 74 00 79 00 2e 00 65 00 6e 00 65 00 72 00 67 00 79 00 2f 00 78 00 52 00 66 00 42 00 47 00 4b 00 3f 00 26 00 64 00 65 00 73 00 69 00 67 00
                                        General
                                        Stream Path:Workbook
                                        CLSID:
                                        File Type:Applesoft BASIC program data, first line number 16
                                        Stream Size:133075
                                        Entropy:7.994877466987564
                                        Base64 Encoded:True
                                        Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . u S q . + B # h | b d . . e . ] . U < ; . j ^ j U P ! ' D . . . . . . . . . . { d . . . \\ . p . j . Q t ] $ [ . , . . / ] 3 . I 3 . . 2 . . , o . . + . t ! . ) } E . . . Z . * | # o I P . . V y . y & w 2 . t . B . . . a . . . H . . . = . . . M . . . . . | N . @ B | Z . . . N . . . . k . . . . k . . . . . . . . ^ + . . . = . . . ; . . . i & . 8 e 7 Y @ . . . . . . . 2 " . . . b ` . . . . . . . . . . . . H 1 . . . L . P . ) L a ? H . * i L N . 1 . . . H 2
                                        Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 fc eb df 75 53 e7 71 1d 2b fb 42 23 68 7c 62 64 c1 ce 83 dd b2 65 1d ba 5d 17 c8 55 3c b4 3b 8b db 88 ec 6a b5 5e 6a 55 c4 50 f3 21 27 ac 44 9a 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 7b 64 e2 00 00 00 5c 00 70 00 9e 6a 7f 51 74 5d 24 5b e0 ed 02 bb 8e a2 84 2c 93 bf d6 83 ed ce 0c 2f 5d 33
                                        General
                                        Stream Path:_VBA_PROJECT_CUR/PROJECT
                                        CLSID:
                                        File Type:ASCII text, with CRLF line terminators
                                        Stream Size:527
                                        Entropy:5.205840445289228
                                        Base64 Encoded:True
                                        Data ASCII:I D = " { 4 7 6 4 C 5 0 8 - 1 3 C 1 - 4 3 F B - B 9 8 5 - 6 4 9 3 3 0 3 1 E 4 2 6 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 7 9 7 B F 7 0 D F B 0 D F B 0 D F
                                        Data Raw:49 44 3d 22 7b 34 37 36 34 43 35 30 38 2d 31 33 43 31 2d 34 33 46 42 2d 42 39 38 35 2d 36 34 39 33 33 30 33 31 45 34 32 36 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                        General
                                        Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                        CLSID:
                                        File Type:data
                                        Stream Size:104
                                        Entropy:3.0488640812019017
                                        Base64 Encoded:False
                                        Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                        Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                        General
                                        Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                        CLSID:
                                        File Type:data
                                        Stream Size:2644
                                        Entropy:3.9822715768237
                                        Base64 Encoded:False
                                        Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                        Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                        General
                                        Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                        CLSID:
                                        File Type:data
                                        Stream Size:553
                                        Entropy:6.3606301584537785
                                        Base64 Encoded:True
                                        Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E .
                                        Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 f5 e3 f9 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                        Network Behavior

                                        Download Network PCAP: filteredfull

                                        Suricata IDS Alerts

                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2025-03-25T17:44:57.152184+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.114971813.107.246.40443TCP
                                        2025-03-25T17:45:12.504492+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.114972113.107.246.40443TCP
                                        2025-03-25T17:45:12.608599+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.114972013.107.246.40443TCP

                                        Network Port Distribution

                                        • Total Packets: 229
                                        • 443 (HTTPS)
                                        • 53 (DNS)
                                        TimestampSource PortDest PortSource IPDest IP
                                        Mar 25, 2025 17:44:43.588805914 CET49715443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:43.588849068 CET44349715162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:43.588974953 CET49715443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:43.589210033 CET49715443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:43.589231014 CET44349715162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:43.970432043 CET44349715162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:43.970571995 CET49715443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:43.990551949 CET49715443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:43.990580082 CET44349715162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:43.991008997 CET44349715162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:43.991070986 CET49715443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:43.991509914 CET49715443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:44.032288074 CET44349715162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:44.356925964 CET44349715162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:44.357012033 CET44349715162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:44.357098103 CET49715443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:44.357166052 CET49715443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:44.363785982 CET49715443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:44.363812923 CET44349715162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:44.364964962 CET49716443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:44.365000963 CET44349716162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:44.365261078 CET49716443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:44.365261078 CET49716443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:44.365289927 CET44349716162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:44.744755983 CET44349716162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:44.745151043 CET49716443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:44.745224953 CET49716443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:44.745230913 CET44349716162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:44.745543003 CET49716443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:44.745548964 CET44349716162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:45.130850077 CET44349716162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:45.130873919 CET44349716162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:45.130913973 CET49716443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:45.130934954 CET44349716162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:45.130949974 CET44349716162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:45.130970001 CET49716443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:45.131031036 CET49716443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:45.131894112 CET49716443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:45.131894112 CET49716443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:45.131912947 CET44349716162.19.137.157192.168.2.11
                                        Mar 25, 2025 17:44:45.131968975 CET49716443192.168.2.11162.19.137.157
                                        Mar 25, 2025 17:44:56.839154005 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:56.839206934 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:56.839289904 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:56.839679003 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:56.839690924 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.152097940 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.152184010 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.153856993 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.153870106 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.154129028 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.155359983 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.196269035 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.440244913 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.440287113 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.440303087 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.440341949 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.440378904 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.440404892 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.440433979 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.473402023 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.473428011 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.473488092 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.473515987 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.473543882 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.473562956 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.545001984 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.545027018 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.545098066 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.545125008 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.545154095 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.545172930 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.670500040 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.670533895 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.670599937 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.670604944 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.670625925 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.670654058 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.670672894 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.670687914 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.670692921 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.670708895 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.670722008 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.670866013 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.674827099 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.674851894 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.674889088 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.674918890 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.674937010 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.716490030 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.780328035 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.780350924 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.780421972 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.780441999 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.780488968 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.821203947 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.821225882 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.821291924 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.821314096 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.821480036 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.975523949 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.975549936 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.975671053 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:57.975704908 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:57.975881100 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.011375904 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.011401892 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.011446953 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.011461020 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.011485100 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.011512041 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.011531115 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.011540890 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.036595106 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.036621094 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.036660910 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.036700010 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.036715984 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.091566086 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.105041981 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.105066061 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.105087996 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.105125904 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.105127096 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.105161905 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.105178118 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.105201006 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.274867058 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.274893999 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.274962902 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.274996042 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.275135040 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.286031961 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.286048889 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.286103964 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.286135912 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.286153078 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.286174059 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.404700041 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.404725075 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.404781103 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.404812098 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.404833078 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.404860020 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.474953890 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.474978924 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.475081921 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.475117922 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.477271080 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.586373091 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.586397886 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.586483955 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.586524010 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.586569071 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.721972942 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.722043037 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.722091913 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.722127914 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.722146034 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.722166061 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.848562956 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.848589897 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.848644018 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.848679066 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:58.848731041 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:58.848792076 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.033816099 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.033844948 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.033890963 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.033924103 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.033941031 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.034080982 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.130063057 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.130095005 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.130157948 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.130178928 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.130212069 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.130310059 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.312733889 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.312762022 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.312808037 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.312836885 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.312860966 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.312877893 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.442099094 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.442131042 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.442183018 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.442212105 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.442230940 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.442274094 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.674395084 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.674418926 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.674465895 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.674504995 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.674523115 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.674546957 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.765782118 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.765808105 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.765866041 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.765906096 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.765925884 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.765949965 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.960422039 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.960447073 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.960558891 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.960558891 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:44:59.960589886 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:44:59.960633039 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:00.156975031 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:00.157002926 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:00.157114029 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:00.157145023 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:00.157480001 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:00.349133968 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:00.349164963 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:00.349231005 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:00.349270105 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:00.349333048 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:00.554881096 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:00.554908037 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:00.554958105 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:00.555000067 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:00.555016994 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:00.555140972 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:00.783746004 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:00.783771038 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:00.783833027 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:00.783864021 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:00.784023046 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:01.226560116 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:01.226572990 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:01.226625919 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:01.226741076 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:01.226741076 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:01.226774931 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:01.226840019 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:01.556622028 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:01.556636095 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:01.556689024 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:01.556730986 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:01.556772947 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:01.556802034 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:01.557636023 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:01.846059084 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:01.846072912 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:01.846128941 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:01.846174002 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:01.846213102 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:01.846225977 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:01.846260071 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.041729927 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.041760921 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.041832924 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.041856050 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.041897058 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.246292114 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.246320009 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.246361971 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.246390104 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.246403933 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.246536970 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.384867907 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.384896040 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.384963036 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.384989977 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.385010004 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.385041952 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.695122004 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.695135117 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.695185900 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.695207119 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.695241928 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.695261002 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.695285082 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.750690937 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.750715017 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.750854969 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.750854969 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.750889063 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.750956059 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.929380894 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.929410934 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.929467916 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.929498911 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:02.929517031 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:02.929543972 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.170943975 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.170958996 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.170991898 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.171030998 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.171067953 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.171089888 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.171118975 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.386884928 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.386894941 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.386943102 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.386965990 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.387000084 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.387015104 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.387136936 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.591303110 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.591330051 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.591496944 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.591496944 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.591531038 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.592855930 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.733117104 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.733141899 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.733187914 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.733222008 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.733236074 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.733261108 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.901380062 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.901401997 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.901473045 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.901515007 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:03.901535034 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:03.901576996 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.083777905 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.083800077 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.083851099 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.083882093 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.083899021 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.083933115 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.219290972 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.219316959 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.219398022 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.219432116 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.219584942 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.339663982 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.339684010 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.339750051 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.339778900 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.339792967 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.339822054 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.492422104 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.492444992 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.492614031 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.492614031 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.492652893 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.492722034 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.633938074 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.633956909 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.634004116 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.634036064 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.634051085 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.634076118 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.788465977 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.788486958 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.788574934 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:04.788604975 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:04.788705111 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.001775980 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.001785994 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.001820087 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.001849890 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.001874924 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.001904011 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.001924992 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.153198957 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.153219938 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.153278112 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.153306007 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.153321028 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.153347015 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.300296068 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.300314903 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.300375938 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.300406933 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.300606012 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.498869896 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.498891115 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.498970032 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.498999119 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.499041080 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.653574944 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.653644085 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.653662920 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.653692961 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.653718948 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.653858900 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.807415962 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.807490110 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.807621956 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.807622910 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:05.807653904 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:05.807723999 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.067773104 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.067801952 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.067846060 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.067864895 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.067924976 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.067939997 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.067981958 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.136481047 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.136533022 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.136567116 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.136584044 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.136611938 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.136630058 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.341042995 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.341109991 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.341131926 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.341177940 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.341188908 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.341238022 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.482038021 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.482098103 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.482145071 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.482172012 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.482186079 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.482222080 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.642230988 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.642292023 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.642389059 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.642425060 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.642469883 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.770256996 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.770286083 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.770358086 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.770389080 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.770473957 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.910435915 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.910501003 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.910536051 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.910567999 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:06.910588026 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:06.910617113 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:07.037730932 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:07.037763119 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:07.037815094 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:07.037848949 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:07.037875891 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:07.037992001 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:07.170455933 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:07.170478106 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:07.170552015 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:07.170582056 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:07.170624971 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:07.300448895 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:07.300467968 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:07.300507069 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:07.300544024 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:07.300576925 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:07.300623894 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:07.300623894 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:07.300863028 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:07.300890923 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:07.300898075 CET49718443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:07.300903082 CET4434971813.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.196275949 CET49720443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.196312904 CET4434972013.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.197227001 CET49720443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.198196888 CET49721443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.198230982 CET4434972113.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.198374987 CET49721443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.198563099 CET49720443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.198576927 CET4434972013.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.198812008 CET49721443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.198823929 CET4434972113.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.497530937 CET4434972113.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.504492044 CET49721443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.504509926 CET4434972113.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.511677980 CET49721443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.511684895 CET4434972113.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.606796026 CET4434972013.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.608598948 CET49720443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.608613014 CET4434972013.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.609695911 CET49720443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.609704971 CET4434972013.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.707370043 CET4434972113.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.707840919 CET4434972113.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.707904100 CET49721443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.707951069 CET49721443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.707974911 CET4434972113.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.708056927 CET49721443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.708066940 CET4434972113.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.807246923 CET4434972013.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.807272911 CET4434972013.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.807380915 CET49720443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.807399035 CET4434972013.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.807600021 CET4434972013.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.807607889 CET49720443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.807643890 CET4434972013.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.807657957 CET49720443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.807657957 CET49720443192.168.2.1113.107.246.40
                                        Mar 25, 2025 17:45:12.807667017 CET4434972013.107.246.40192.168.2.11
                                        Mar 25, 2025 17:45:12.807672977 CET4434972013.107.246.40192.168.2.11
                                        TimestampSource PortDest PortSource IPDest IP
                                        Mar 25, 2025 17:44:43.416533947 CET6481753192.168.2.111.1.1.1
                                        Mar 25, 2025 17:44:43.587943077 CET53648171.1.1.1192.168.2.11
                                        Mar 25, 2025 17:44:56.662463903 CET5156353192.168.2.111.1.1.1
                                        Mar 25, 2025 17:44:56.838219881 CET53515631.1.1.1192.168.2.11

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Mar 25, 2025 17:44:43.416533947 CET192.168.2.111.1.1.10x840dStandard query (0)t.emobility.energyA (IP address)IN (0x0001)false
                                        Mar 25, 2025 17:44:56.662463903 CET192.168.2.111.1.1.10xcf39Standard query (0)otelrules.svc.static.microsoftA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Mar 25, 2025 17:43:54.039786100 CET1.1.1.1192.168.2.110xe775No error (0)ecs-office.s-0005.dual-s-msedge.nets-0005.dual-s-msedge.netCNAME (Canonical name)IN (0x0001)false
                                        Mar 25, 2025 17:43:54.039786100 CET1.1.1.1192.168.2.110xe775No error (0)s-0005.dual-s-msedge.net52.123.129.14A (IP address)IN (0x0001)false
                                        Mar 25, 2025 17:43:54.039786100 CET1.1.1.1192.168.2.110xe775No error (0)s-0005.dual-s-msedge.net52.123.128.14A (IP address)IN (0x0001)false
                                        Mar 25, 2025 17:43:54.760849953 CET1.1.1.1192.168.2.110x8c92No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                        Mar 25, 2025 17:43:54.760849953 CET1.1.1.1192.168.2.110x8c92No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                        Mar 25, 2025 17:44:43.587943077 CET1.1.1.1192.168.2.110x840dNo error (0)t.emobility.energyhost1.emobility.energyCNAME (Canonical name)IN (0x0001)false
                                        Mar 25, 2025 17:44:43.587943077 CET1.1.1.1192.168.2.110x840dNo error (0)host1.emobility.energy162.19.137.157A (IP address)IN (0x0001)false
                                        Mar 25, 2025 17:44:56.838219881 CET1.1.1.1192.168.2.110xcf39No error (0)otelrules.svc.static.microsoftotelrules-bzhndjfje8dvh5fd.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                        Mar 25, 2025 17:44:56.838219881 CET1.1.1.1192.168.2.110xcf39No error (0)otelrules-bzhndjfje8dvh5fd.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                        Mar 25, 2025 17:44:56.838219881 CET1.1.1.1192.168.2.110xcf39No error (0)star-azurefd-prod.trafficmanager.netshed.dual-low.s-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                        Mar 25, 2025 17:44:56.838219881 CET1.1.1.1192.168.2.110xcf39No error (0)shed.dual-low.s-part-0012.t-0009.t-msedge.nets-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                        Mar 25, 2025 17:44:56.838219881 CET1.1.1.1192.168.2.110xcf39No error (0)s-part-0012.t-0009.t-msedge.net13.107.246.40A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • t.emobility.energy
                                        • otelrules.svc.static.microsoft

                                        HTTPS Proxied Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.1149715162.19.137.1574437272C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        TimestampBytes transferredDirectionData
                                        2025-03-25 16:44:43 UTC219OUTGET /xRfBGK?&designer=glossy HTTP/1.1
                                        Accept: */*
                                        Accept-Encoding: gzip, deflate
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                        Host: t.emobility.energy
                                        Connection: Keep-Alive
                                        2025-03-25 16:44:44 UTC539INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 25 Mar 2025 16:44:44 GMT
                                        Server: Apache/2.4.62 (Debian)
                                        X-DNS-Prefetch-Control: off
                                        X-Frame-Options: SAMEORIGIN
                                        Strict-Transport-Security: max-age=15552000; includeSubDomains
                                        X-Download-Options: noopen
                                        X-Content-Type-Options: nosniff
                                        X-XSS-Protection: 1; mode=block
                                        Location: /404
                                        Vary: Accept
                                        Content-Type: text/plain; charset=utf-8
                                        Content-Length: 38
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
                                        Connection: close
                                        2025-03-25 16:44:44 UTC38INData Raw: 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 34 30 34
                                        Data Ascii: Moved Permanently. Redirecting to /404


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.1149716162.19.137.1574437272C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        TimestampBytes transferredDirectionData
                                        2025-03-25 16:44:44 UTC199OUTGET /404 HTTP/1.1
                                        Accept: */*
                                        Accept-Encoding: gzip, deflate
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                        Host: t.emobility.energy
                                        Connection: Keep-Alive
                                        2025-03-25 16:44:45 UTC590INHTTP/1.1 404 Not Found
                                        Date: Tue, 25 Mar 2025 16:44:45 GMT
                                        Server: Apache/2.4.62 (Debian)
                                        X-DNS-Prefetch-Control: off
                                        X-Frame-Options: SAMEORIGIN
                                        Strict-Transport-Security: max-age=15552000; includeSubDomains
                                        X-Download-Options: noopen
                                        X-Content-Type-Options: nosniff
                                        X-XSS-Protection: 1; mode=block
                                        X-Powered-By: Next.js
                                        ETag: "1225-4lR+8o8+z0M1Iq6OMuNgxAtPjT8"
                                        Content-Type: text/html; charset=utf-8
                                        Content-Length: 4645
                                        Vary: Accept-Encoding
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
                                        Connection: close
                                        2025-03-25 16:44:45 UTC4645INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 75 6e 64 65 66 69 6e 65 64 20 69 73 20 61 20 66 72 65 65 20 61 6e 64 20 6f 70 65 6e 20 73 6f 75 72 63 65 20 55 52 4c 20 73 68 6f 72 74 65 6e 65 72 20 77 69 74 68 20 63 75 73 74 6f 6d 20 64 6f 6d 61 69 6e 73 20 61 6e
                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/><meta name="description" content="undefined is a free and open source URL shortener with custom domains an


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.114971813.107.246.404437272C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        TimestampBytes transferredDirectionData
                                        2025-03-25 16:44:57 UTC226OUTGET /rules/excel.exe-Production-v19.bundle HTTP/1.1
                                        Connection: Keep-Alive
                                        Accept-Encoding: gzip
                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                        Host: otelrules.svc.static.microsoft
                                        2025-03-25 16:44:57 UTC493INHTTP/1.1 200 OK
                                        Date: Tue, 25 Mar 2025 16:44:57 GMT
                                        Content-Type: text/plain
                                        Content-Length: 1114783
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Cache-Control: public
                                        Last-Modified: Mon, 24 Mar 2025 13:40:54 GMT
                                        ETag: "0x8DD6AD97FEF19EF"
                                        x-ms-request-id: 343452ac-a01e-0053-7b2a-9d8603000000
                                        x-ms-version: 2018-03-28
                                        x-azure-ref: 20250325T164457Z-17cccd5449blprb2hC1EWRvwmn0000000e4000000000fwzz
                                        x-fd-int-roxy-purgeid: 0
                                        X-Cache-Info: L1_T2
                                        X-Cache: TCP_HIT
                                        Accept-Ranges: bytes
                                        2025-03-25 16:44:57 UTC15891INData Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35
                                        Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
                                        2025-03-25 16:44:57 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 56 20 56 3d 22 43 6c 69 63 6b 22 20 54 3d 22 57 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32
                                        Data Ascii: /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"> <V V="Click" T="W" /> </C> <C T="U32
                                        2025-03-25 16:44:57 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 68 6c 76 79 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 49 33 32
                                        Data Ascii: </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" /> <UTS T="2" Id="bhlvy" /> </S> <C T="I32
                                        2025-03-25 16:44:57 UTC16384INData Raw: 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                        Data Ascii: <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L> <R> <O T="LE"> <
                                        2025-03-25 16:44:57 UTC16384INData Raw: 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 4f 76 65 72 66 6c 6f 77 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54
                                        Data Ascii: I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O="false" N="FlyoutOverflow"> <C> <S T
                                        2025-03-25 16:44:57 UTC16384INData Raw: 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 45 74 77 20 54 3d 22 31 22 20 45 3d 22 33 39 35 22 20 47 3d 22 7b 32 61 64 66 38 65 32 33 2d 30 61 66 39 2d
                                        Data Ascii: coding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns=""> <S> <Etw T="1" E="395" G="{2adf8e23-0af9-
                                        2025-03-25 16:44:57 UTC16384INData Raw: 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55
                                        Data Ascii: "TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" /> </R> </O> </F> </S> <C T="U
                                        2025-03-25 16:44:57 UTC16384INData Raw: 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 63 69 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20
                                        Data Ascii: <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="tcid" /> </L> <R> <V
                                        2025-03-25 16:44:57 UTC16384INData Raw: 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 4f 66 54 68 72 6f 77 6e 45 78 63 65 70 74 69 6f 6e 22 3e 0d
                                        Data Ascii: <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="CountOfThrownException">
                                        2025-03-25 16:44:57 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20
                                        Data Ascii: <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R> <O T="EQ"> <L>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.114972113.107.246.404437272C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        TimestampBytes transferredDirectionData
                                        2025-03-25 16:45:12 UTC214OUTGET /rules/rule120607v1s19.xml HTTP/1.1
                                        Connection: Keep-Alive
                                        Accept-Encoding: gzip
                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                        Host: otelrules.svc.static.microsoft
                                        2025-03-25 16:45:12 UTC470INHTTP/1.1 200 OK
                                        Date: Tue, 25 Mar 2025 16:45:12 GMT
                                        Content-Type: text/xml
                                        Content-Length: 204
                                        Connection: close
                                        Cache-Control: public, max-age=604800, immutable
                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                        ETag: "0x8DC582BB6C8527A"
                                        x-ms-request-id: fe09a350-901e-0048-3adf-9cb800000000
                                        x-ms-version: 2018-03-28
                                        x-azure-ref: 20250325T164512Z-17cccd5449bww9zshC1EWR9uns0000000e6000000000adn3
                                        x-fd-int-roxy-purgeid: 0
                                        X-Cache: TCP_HIT
                                        Accept-Ranges: bytes
                                        2025-03-25 16:45:12 UTC204INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.114972013.107.246.404437272C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        TimestampBytes transferredDirectionData
                                        2025-03-25 16:45:12 UTC214OUTGET /rules/rule120603v8s19.xml HTTP/1.1
                                        Connection: Keep-Alive
                                        Accept-Encoding: gzip
                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)
                                        Host: otelrules.svc.static.microsoft
                                        2025-03-25 16:45:12 UTC494INHTTP/1.1 200 OK
                                        Date: Tue, 25 Mar 2025 16:45:12 GMT
                                        Content-Type: text/xml
                                        Content-Length: 2128
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Cache-Control: public, max-age=604800, immutable
                                        Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                        ETag: "0x8DC582BA41F3C62"
                                        x-ms-request-id: 0fe88ecf-101e-007a-32da-9b047e000000
                                        x-ms-version: 2018-03-28
                                        x-azure-ref: 20250325T164512Z-17cccd5449bvftlphC1EWRsrrs0000000e700000000088te
                                        x-fd-int-roxy-purgeid: 0
                                        X-Cache: TCP_HIT
                                        Accept-Ranges: bytes
                                        2025-03-25 16:45:12 UTC2128INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d
                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=


                                        Statistics

                                        CPU Usage

                                        050100s020406080100

                                        Click to jump to process

                                        Memory Usage

                                        050100s0.0050100150200MB

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        • File
                                        • Registry

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:12:43:47
                                        Start date:25/03/2025
                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                        Imagebase:0xdb0000
                                        File size:53'161'064 bytes
                                        MD5 hash:4A871771235598812032C822E6F68F19
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false
                                        Show Windows behavior

                                        File Activities

                                        Show Windows behavior

                                        Section Activities

                                        Show Windows behavior

                                        Registry Activities

                                        Show Windows behavior

                                        COM Activities

                                        Show Windows behavior

                                        Mutex Activities

                                        Show Windows behavior

                                        Process Activities

                                        Show Windows behavior

                                        Thread Activities

                                        Show Windows behavior

                                        Memory Activities

                                        Show Windows behavior

                                        System Activities

                                        Show Windows behavior

                                        Timing Activities

                                        Show Windows behavior

                                        Windows UI Activities

                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                        General

                                        Target ID:9
                                        Start time:12:44:51
                                        Start date:25/03/2025
                                        Path:C:\Windows\splwow64.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\splwow64.exe 12288
                                        Imagebase:0x7ff64c130000
                                        File size:163'840 bytes
                                        MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false
                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        Show Windows behavior

                                        Section Activities

                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        Show Windows behavior

                                        Process Activities

                                        Show Windows behavior

                                        Thread Activities

                                        Show Windows behavior

                                        Memory Activities

                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                        General

                                        Target ID:14
                                        Start time:12:45:08
                                        Start date:25/03/2025
                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PURCHASE ORDER 5172025.xla.xlsx"
                                        Imagebase:0xdb0000
                                        File size:53'161'064 bytes
                                        MD5 hash:4A871771235598812032C822E6F68F19
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true
                                        Show Windows behavior

                                        File Activities

                                        Show Windows behavior

                                        Section Activities

                                        Show Windows behavior

                                        Registry Activities

                                        Show Windows behavior

                                        COM Activities

                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        Show Windows behavior

                                        Process Activities

                                        Show Windows behavior

                                        Thread Activities

                                        Show Windows behavior

                                        Memory Activities

                                        Show Windows behavior

                                        System Activities

                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        Show Windows behavior

                                        Windows UI Activities

                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                        Disassembly

                                        Code Analysis

                                        Call Graph

                                        Hide Legend
                                        • Entrypoint
                                        • Decryption Function
                                        • Executed
                                        • Not Executed
                                        • Show Help
                                        callgraph 1 Error: Graph is empty

                                        Module: Sheet1

                                        Declaration
                                        LineContent
                                        1

                                        Attribute VB_Name = "Sheet1"

                                        2

                                        Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                        3

                                        Attribute VB_GlobalNameSpace = False

                                        4

                                        Attribute VB_Creatable = False

                                        5

                                        Attribute VB_PredeclaredId = True

                                        6

                                        Attribute VB_Exposed = True

                                        7

                                        Attribute VB_TemplateDerived = False

                                        8

                                        Attribute VB_Customizable = True

                                        Module: Sheet2

                                        Declaration
                                        LineContent
                                        1

                                        Attribute VB_Name = "Sheet2"

                                        2

                                        Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                        3

                                        Attribute VB_GlobalNameSpace = False

                                        4

                                        Attribute VB_Creatable = False

                                        5

                                        Attribute VB_PredeclaredId = True

                                        6

                                        Attribute VB_Exposed = True

                                        7

                                        Attribute VB_TemplateDerived = False

                                        8

                                        Attribute VB_Customizable = True

                                        Module: Sheet3

                                        Declaration
                                        LineContent
                                        1

                                        Attribute VB_Name = "Sheet3"

                                        2

                                        Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                        3

                                        Attribute VB_GlobalNameSpace = False

                                        4

                                        Attribute VB_Creatable = False

                                        5

                                        Attribute VB_PredeclaredId = True

                                        6

                                        Attribute VB_Exposed = True

                                        7

                                        Attribute VB_TemplateDerived = False

                                        8

                                        Attribute VB_Customizable = True

                                        Module: ThisWorkbook

                                        Declaration
                                        LineContent
                                        1

                                        Attribute VB_Name = "ThisWorkbook"

                                        2

                                        Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                                        3

                                        Attribute VB_GlobalNameSpace = False

                                        4

                                        Attribute VB_Creatable = False

                                        5

                                        Attribute VB_PredeclaredId = True

                                        6

                                        Attribute VB_Exposed = True

                                        7

                                        Attribute VB_TemplateDerived = False

                                        8

                                        Attribute VB_Customizable = True